Testing Security Protocols in a WFH World
'We are all in this together' never rang more true than during this time of crisis. No matter where you are, you're most likely at home or in some sort of 'isolation', and this means many of us are also working from home (WFH for the cool kids) for the first time. To be honest it wasn't that hard to get used to the WFH part, what has been a challenge is validating that security controls are still working in this new reality. It was nearly over night that POOF you had the vast majority of your workforce tunneling (or split tunneling) in via VPN from strange home networks, new risks from different apps, sophisticated phishing campaigns, and a huge influx of updated attacks.
This week the Keysight ATI Research Center (that's our intel team) provided many ways to assess threats you may be facing in your WFH reality. This included ways to validate some of your main controls like URL filtering and data exfiltration are still working. We also encourage folks to test these now using the free trial of Threat Simulator, which safely creates hundreds of attacks and malicious techniques identify gaps, misconfigurations, undetected threats, and more. Oh, and we just don't tell you what's wrong, we then provide step-by-step remediation directions. 🦾
Let's look at a few ways to use Threat Simulator today and feel more confident during this WFH time.
Does VPN stand for Very Problematic Now?
Threat Simulator can be used to help you validate your VPN policy, and routing, keeping you informed and aware that your remote workers are being protected by your corporate DPI controls like NGFW, or IPS. Let's start with something simple, ensure URL filtering is still in place to minimize risk to employees visiting sites that are seeing a rise in serving up malware (“Malvertising”) such as gambling and others.
Employees Mining Monero or Hitting Up Tor?
What kind of activities are important to detect on an employee desktop who is working from home? Are they mining Monero on that system you loaned them, or worse yet have one of your systems within your corporate network been hacked to mine Monero.
Do you know if your VPN policy is configured so that web browser activities are being inspected for things like Tor browser usage? Sure, Tor is not necessarily malicious, but often is tied to activities you’d not approve of in your corporate network. Run this assessment to gain visibility into user interaction via web browsers and that it is compliant with your security protocols.
WFH does not mean data exfil is now cool
Just because your employees are working from home doesn’t mean you should not be wary of Data Exfiltration. You have policies that must remain compliant and now you can quickly test to be sure that employees aren't sending sensitive data to places like Dropbox.
You have a bunch of new challenges in supporting your new remote workforce, our goal with the Threat Simulator free trial is to take away some of your everyday anxiety and stress. We know we can't fix everything right now, but if we knock off one thing from your task list and maybe add one more hour to your sleep, we'll consider it a win. Can't wait to hear about what you do with Threat Simulator!