COVID-19Cybersecurity

Modify Cyber Monitoring to Support A Remote Workforce

Joseph BinkowskyMichael WalterHoracesio Carmichael
April 29, 2020
4 min read

With a solid month or more of remote working under their belts, organizations continue working diligently to keep their workforces safe and productive during these unprecedented times. We have seen standard monitoring and detection processes adjusted to account for the “new normal” and, in this blog post, we discuss some of the many ways organizations can safely make the adjustment. 

What We’ve Learned: 

  • With each passing week, it is becoming increasingly more important for organizations to modify the way they monitor and detect malicious or unauthorized activity. 
  • Organizations need to be able to identify and mitigate everchanging threats and risks in a more effective and time sensitive manner.
  • Leveraging both user and entity-based analytics will assist in the identification and detection of potentially malicious activity. Adjusting the baselines to account for the new normal’ is important due to the change in work locations, accessibility of corporate data and user behaviors. 
  • Ensuring that endpoint detection capabilities are operational and effective safeguards users from potential unwanted behaviors by bad actors. 

While businesses have quickly adapted the way they operate, one of the areas we’ve discovered is prone to be overlooked is detectionAs the world has changed significantly as a result of COVID-19, malicious attackers have increased their volume and modified their methods of attackBreaches and compromises are on the rise and a major concern of many organizationsThis means organizations need to adjust the way they monitor and protect their mobile workforce from malicious attack. 

Establish New Analytical Baselines for Users and Systems 

With the early 2000’s introduction of user and entity-based analytics (which would become User Behavior Analytics and User and Entity Behavior Analytics, respectively), Security Information and Event Management (SIEM) providers began to view technology as a form of event detection to determine outside of the norm” activityWhile it is commonplace today for Security Operation Centers (SOC) to utilize UBA/UEBA in their day-to-day detection practices, some adjustments should be made to aid in the detection of malicious activity in the new workplaceTypically, UBA/UEBA works from a baseline of approved user activity and entity-based activityThis baseline is established to aid in the detection of unauthorized activity that could potentially be malicious or unauthorizedWith employees working from remote locations, the initial baseline is no longer valid, as the activity that the user or system is performing will be uniquely different from that which would be performed from within the workplaceSome examples of activity changes are listed below and should be considered: 

  • The location from which the user is connecting  
  • Ways in which users access their email, enterprise wide applications and shared documents 
  • Personal activity taking place on a companyowned systems and applications  
  • Hours at which a user accesses the network
  • The manner in which data is exchanged through and outside of the organization
  • Individuals with whom information is being shared, both inside and outside the organization. 

Adjusting the baseline to account and monitor for these actions is critical and drastically aids the Security Operations Center (SOC) in the detection and response to malicious and unauthorized activity. 

Ensuring Endpoint Detection Capabilities are Enabled, Safeguarding Users from Potential Unwanted Behaviors by Bad Actors 

A remote workforce also means that more employee laptops and workstations are connecting to organizations’ internal network from the outside. For many companies, this shift can cause difficulty in enforcing and maintaining appropriate endpoint and network security controls for these devices. In addition to enabling a traditional antivirus solution, utilizing VPN connections with multi-factor authentication when accessing any corporate asset, regularly patching endpoints and utilization of an advanced endpoint protection (AEP) solution is a requirement to ensure real time detection and remote remediation of advanced attacks. These solutions provide endpoint visibility and protection while on and off the network. However, there is no “silver bullet” in endpoint security. Additional actions must be taken to ensure endpoint detection capabilities are fully maximized and effective. Here are seven measures that must be taken in conjunction with the AEP tool to safeguard remote users from bad actors: 

  1. Ensure all employees know what acceptable user behavior is when using corporate assets or accessing corporate data
  2. Test endpoints’ protection agents to ensure they are operational and visible to network administrators, so they can communicate and respond to security events regardless of the endpoint’s location 
  3. Review and update prevention policies to ensure remote business units are not impacted
  4. Tune policies to reduce false positive alerts
  5. Enable AEP technologis logging to your enterprise SIEM tool
  6. Create more robust correlation rules
  7. Review and update security monitoring playbooks and procedures  

It is critical for organizations to adopt and utilize advanced endpoint protection. Advanced endpoint protection solutions have evolved immensely over antivirus technology and provide a high level of detection and protection. But no technology is perfect. To truly safeguard remote users from bad actors, an indepth defense strategy that includes enabling endpoint detection technologyenhance current procedures, 24/7 security event detection and response and an integrated UBA/UEBA SOC is a must. 

As we are now living and working in unprecedented times, we are encouraging all clients to take the appropriate steps to ensure both their employees and the organization itself are sufficiently protected. Otherwise, it is far too easy for an attacker to circumvent the minimal security controls most organizations employ and no one wants to find themselves on the wrong side of security breach. To help organizations navigate their way through this new landscape, we have developed a Work from Home Cybersecurity Practices overview.   

Protiviti offers a wide range of security and privacy solutions, tailored to meet the unique needs of each organization. With our ability to function at both the strategic and tactical levels, we combine deep technical security competence with executive-level communication and management. Our holistic approach starts by understanding what is most important to organizations, then structuring and supporting programs so the business is engineered to grow securely.  

To learn more about Protiviti’s security and privacy solutionscontact us. 

Joseph Binkowsky

Associate Director
Technology Consulting - Security and Privacy

View all posts

Michael Walter

Managing Director
Security and Privacy

View all posts

Horacesio Carmichael

Senior Manager
Technology Consulting - Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
8 Apr

Join our experts on April 25 as they delve deep into the strategies and practices essential for safeguarding customer trust, ensuring a stellar user experience, and adhering to privacy and data security standards. Register today! https://ow.ly/fumH50R4fbw #DataPrivacy

Reply on Twitter 1777336025301254502 Retweet on Twitter 1777336025301254502 Like on Twitter 1777336025301254502 Twitter 1777336025301254502
protivititech Protiviti Technology @protivititech ·
5 Apr

Find out how businesses can use #AI technologies for real use cases in #Quantum sensing, simulations and migration to post-quantum cryptography during the latest podcast episode with guest @paul_kassebaum. https://ow.ly/Wy7u50R9t8M

Reply on Twitter 1776309432592330940 Retweet on Twitter 1776309432592330940 1 Like on Twitter 1776309432592330940 4 Twitter 1776309432592330940
protivititech Protiviti Technology @protivititech ·
5 Apr

Protiviti’s Kim Bozzella explains how technology and #Automation in the #Manufacturing industry has—and will continue to—improve productivity and quality enhancement. Read more from the Forbes Technology Council. https://ow.ly/nTPy50R7WYC

Reply on Twitter 1776249003769803111 Retweet on Twitter 1776249003769803111 Like on Twitter 1776249003769803111 Twitter 1776249003769803111
protivititech Protiviti Technology @protivititech ·
1 Apr

Organizations who are part of the Department of Defense supply chain must understand, identify and protect controlled unclassified information, often called #CUI in their environments. Here’s what you need to know: https://ow.ly/bjbW50R59Ke #ProtivitiTech

Reply on Twitter 1774769203540566390 Retweet on Twitter 1774769203540566390 Like on Twitter 1774769203540566390 Twitter 1774769203540566390
protivititech Protiviti Technology @protivititech ·
29 Mar

A global hospitality company is well positioned to leverage the latest AI technologies after hiring Protiviti to establish and implement a comprehensive AI governance standard. Read our latest client story: https://ow.ly/Ir7R50R4nrh #ProtivitiTech #ClientStory

Reply on Twitter 1773772540306919718 Retweet on Twitter 1773772540306919718 Like on Twitter 1773772540306919718 1 Twitter 1773772540306919718
Load More