How to Lock Down Exposed Services as COVID-19 Forces Remote Work
August 25th, 2020
Subscribe to our blog and stay up to date
The COVID-19 pandemic has shown signs of easing up in certain geographies around the world, but many employers are still erring on the side of caution and encouraging remote work for non-essential employees. This has created myriad new perks and challenges alike for office workers, as they attempt to navigate altered family dynamics and ad hoc home workspaces to maintain productivity and hit their goals.
But the newly-minted remote workforce is not alone in experiencing drastic changes to their ordinary workflow. Threat actors have not hesitated to take advantage of the COVID-19 pandemic, easily circumventing lax home security protocols and infiltrating common corporate collaboration tools. The growing dependence on SaaS platforms to execute standard business operations has left many organizations vulnerable and scrambling to shore up their network defenses.
Cyberattacks Rise as Businesses Grapple With Remote Work
YL Ventures’ The CISO Current Report: Q2, 2020 noted a sharp increase in cyberattacks as remote work has become more common, and 47 percent of CISOs were accordingly concerned with data exfiltration so long as their employees remained largely remote. YL Ventures reported a 96 percent spike in phishing attempts, a 19 percent increase in supply chain attacks, a 15 percent jump in attacks against VPNs, a 17 percent uptick in data exfiltration attempts by insiders, and a 15 percent rise in vulnerability disclosures.
These numbers are staggering; they offer a sobering reminder to security teams that they simply cannot control cyber activity that occurs beyond their perimeters. As long as employees are forced to work from home for their own safety, the risk of suffering a devastating data breach or cyberattack grows increasingly likely. But cutting-edge CISOs were already one step ahead of their adversaries even prior to the pandemic – using Cyber Threat Intelligence (CTI) to identify and validate threats targeting their organizations and shut them down at the source.
Using Cyber Threat Intelligence to Secure Exposed Services
CTI enables security teams to completely flip their defense strategies from reactive to proactive. With automated, real-time, and actionable threat alerts appearing in their feeds every day, security practitioners can analyze the threats that pose real risk to their organization and take them down before they evolve into full-fledged attacks. This principle holds true for exposed business services in the midst of an unprecedented economic event.
The IntSights External Threat Protection (ETP) suite has a feature that enables organizations to mitigate these types of risks by identifying the exposed services proactively. Our sophisticated algorithm detects exposed DevOps servers, like Microsoft Azure Active Directory, and uses enhanced Github monitoring capabilities to identify leaked code. The exposed services feature uses domain assets to find publicly exposed relevant services. This includes internal or limited access platforms that are accessible outside of the organization: internal login pages, databases, servers, and services like Jira or Confluence. Here’s a snapshot of how it works in practice.
Within our platform, users can find an Exposed Services tab under the Exploitable Data section. The page presents all the users’ detected digital assets, and presents the following as results: site URLs, page type (service, login page etc.), when the page was last updated, matched assets, and a screenshot of the asset itself. Results that trigger an alert are flagged for users to address, and they can manually create an alert to investigate based on these threats.
Security teams are facing an unprecedented challenge in their response to remote work. However, they can save themselves from a potentially devastating cyberattack or data breach by employing a CTI solution that offers exposed services detection, enabling them to thwart attacks in the making. Request a demo from an IntSights representative to explore the External Threat Protection suite of solutions and see our exposed services feature in action.
To learn more about cyber threats specific to COVID-19, download our research report.
Kevin Diffily is a Product Marketing Manager at IntSights. He strives to provide security teams with the knowledge and tools they need to enable proactive defense against emerging cyberattacks. Kevin has a background in journalism, brand development, content marketing, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.