RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2020/08/10 10:49:54

Remote Security Issues and Recommendations

This topic focuses on the impact of remote work on company security and risk mitigation opportunities.

Content

What threats companies faced during the "remote" period

The massive and hasty transition of companies to remote operating modes has significantly exacerbated information security problems. Most companies first faced a similar task, so the transition to the "remote" caused them a lot of difficulties.

According to Dmitry Pudov, Deputy General Director for Technology and Development of Angara Group of Companies, companies needed to quickly transform the IT landscape, existing business processes, IT and IB policies. But in the face of time shortages, not everyone paid due attention to security issues, so the risks increased.

There is data confirmed by statistics and reports of various companies that the activity of attackers grew during the "remote" period. Under the special aim of attackers are sensitive information that migrated to personal devices of users, and online services, "he notes.


Remote employees at highest risk

Experts agree that remote employees fell into the zone of greatest risk.

Home networks are much weaker than organizations, which makes connected computers a source of serious potential problems. Information security risks associated with remote work include modifying traffic, intercepting passwords and sensitive data, as well as hacking routers and redirecting users to malicious sites, "says Vitaly Orlov, executive director of Smart Soft.


At the same time, attacks using social engineering methods are especially dangerous.

Earlier, if an employee made a miss and came across, for example, phishing, then other IS security systems could insure him. When trying to send confidential information, DLP could work, when trying to access the system, antivirus or IPS could work, "explains Alexey Gorelkin, CEO Phishman. - A separate question - gaining access to the corporate network - even if the user's login and password were lost, access using a remote connection could be limited. Now remote connections are allowed, there are no IB systems that insure the user around, and the responsibility for information security lies entirely with the user.


The reason for the transition to the remote site - the coronavirus epidemic - gave rise to many phishing attacks, since the topic is "hot" and users willingly navigate through "clickbeat" malicious links. To attract the attention of the victim, the World Health Organization or another respected organization may appear as the sender of such phishing letters.

As a result, the security of the organization became even more dependent on the consciousness and awareness of the IB of its employees.

We observed and continue to observe an increase in attacks exploiting the theme of coronavirus: up to 13% of all attacks in the first quarter were somehow associated with it. These included both attacks that exploit the theme of coronavirus in phishing letters, and attacks on hospitals that test or treat for coronavirus. Attackers actively use email to distribute phishing links and malware in attachments. And their effectiveness is quite high, since users, receiving quite legal newsletters about coronavirus, cannot always recognize something harmful in their total volume. And while the number of infected is only growing, the range of such threats will also only grow, "said Maxim Filippov, director of business development at Positive Technologies in Russia.


Risks of data breaches

One of the main risks of remote work is insider activity. According to experts, at the "remote" it doubles.

According to Lev Matveev, chairman of the board of directors of SearchInform, there are several reasons for this.

On the technical side, remote work has become a problem for companies that have not worked before in this format and switched to it in a hurry. Typical errors - here they did not protect the remote connection channel, there they did not configure two-factor authentication, here they distributed redundant access to corporate resources - "let's take it so far, then take it extra." As a result, the traffic of remote sessions could be intercepted by attackers, and employees could get confidential data that they were not supposed to work with by position. Plus, not everyone had enough capacity to support the stable operation of corporate resources with a lot of remote connections. As a result, they switched to public services, working documents "for convenience" were transmitted in instant messengers and social networks, stored in personal clouds. All these are the risks of accidental and deliberate leaks, "explains Lev Matveev.


Sergey Voinov, CEO of EveryTag, also speaks about the danger of an internal threat from insiders.

Most of the companies were not ready for the transition to remote work - in this mode it turned out to be almost impossible to control the actions of employees. Many of them got the potential opportunity to merge confidential data with impunity, including using personal equipment (screenshots, photographing a screen or printed documents on a smartphone). The problem is that most existing IT solutions in the market are not yet able to combat this threat, "he notes.


It is worth noting that the ability to steal data or withdraw it from the company was available before: all working computers have long been connected to the Network, and employees use their own smartphones, which no one controls in any way. However, as Ramil Khantimirov, CEO and co-founder of StormWall, notes, when switching to a remote site, the risk of data leakage during an attack from the outside increased - when an employee works from his computer and hooked up the virus on some unreliable site. This makes it much easier for attackers to both steal sensitive data and penetrate the company's internal network.

The work of staff members from home is associated with a lack of control, which causes more information security risks. According to Alexei Sukhov, commercial director of Garda Techologies, staff often have ideas for exchanging corporate critical information through cloud systems or using home unprotected software for business purposes. Due to the fact that in most cases the transition to the remote was emergency - most services simply did not have time to set up normally.

Denis Sukhovey, director of the technology development department of Aladdin R.D., emphasizes that compromising the company's secrets by leaking important, critical or confidential information is the most dangerous threat to the organization when transferring employees to remote work.

Organizations in the Russian Federation have sharply increased the fleet of laptops for employees to work at the remote site. A laptop is an ideal tool for working comfortably in this mode, but it should be understood that, together with a laptop, a large amount of business-critical information crosses the border of the organization's controlled area, while such information is likely to be actively processed in an untrusted environment of home networks or public access points. Such information processing conditions are a "breeding ground" for leaking incidents. Of course, the vast majority of threat implementation scenarios have a similar result - the data is stolen or the integrity of the data is violated, he said.


Unsafe personal PCs and employee gadgets

It is also worth noting the increased likelihood of data leaks and the spread of malware, as many employees connect to the organization's network using personal PCs. During the quarantine period, protection of employees' personal devices became more urgent than ever before.

Alexey Pavlov, head of the Solar JSOC product and services expert service department Rostelecom of -Solar, says that the Solar JSOC cyber threat monitoring and response center daily records related incidents: this is the spread of malicious ON information at the time the infected computer is connected to the company's infrastructure, and compromising the credentials of remote employees, and attempts to steal confidential information by internal violators.

Nikolai Domukhovsky, Deputy General Director for Scientific and Technical Work of the UCSB, explains, that instead of secure office jobs, people moved to their home computers, in which the full range of corporate remedies is not applied, the employee has become not the only user of his workplace - the whole family uses a home computer, and these are users who have not received appropriate training and who bear no responsibility for their actions to the company.

Lev Matveev, Chairman of the Board of Directors of SörchInform, adds that an employee's home PC may not even be protected by antivirus and there is no guarantee that the cipher picked up will not spread to the corporate network.

In addition, the employee himself forgets about safety at home. At work, he is restrained by the framework, he remembers that the employer controls him. At home - a full freeman, - he explains.


In a home environment, people can become less vigilant, confirms Vladimir Lavrov, head of the information security department of the Softline group of companies. According to him, a personal computer is used to perform work and personal tasks at the same time, tabs with confidential information often remain open, which increases the risk of accidental leaks of information.


Another unsafe option is a personal computer with an outdated operating system, or a pirated version of the OS, which is not updated and that it is already in the botnet. As explained in the company "Cross Technologies," many users at home do not monitor the update of firmware routers using default passwords and in most cases do not use licensed anti-virus tools. As a rule, they are most exposed to phishing companies of attackers using social engineering.

As a result of this, we see facts of information leakage and an increased number of hacker attacks on dedicated users with the further development of an attack on the internal infrastructure of many companies, say Cross Technologies.


The current situation is unusual both for ordinary employees and for many IT/IB specialists. According to Dmitry Elfimov, head of the Kaluga Astral Information Security Directorate, since the risk of attacks on company networks through remote employee workplaces and especially through their personal devices is greatly increased, many companies have to make big changes to the architecture of networks, increase capacity and introduce additional protection measures.

When mass transferring employees to remote work, attention should be paid to the security of the network perimeter from illegitimate web traffic, as well as from leaks of confidential information, notes Murad Mustafaev, head of the Onlanta information security service (part of the Lanit group). It should also be understood that it is not always alone VPN-enciphering traffic is a solution to all information security problems with terminal access.

According to Ilya Kondratiev, deputy director of the Information Security Department of AMT GROUP, a well-built system of protective measures, including segmentation, reliable authentication and access control, terminal services, AWS status control, sandboxes and DLP systems, will help reduce the likelihood of data leaks and malware distribution.

Using Public Services

Another risk factor is the massive use of public cloud services. Not all companies have purchased commercial subscriptions, and the use of a free personal subscription often does not guarantee either the safety of data or its confidentiality.

There are many relevant incidents: unauthorized connections to video conferences, and leaks of confidential documents from public resources, "notes Nikolai Domukhovsky, Deputy General Director for Scientific and Technical Work of the UCSB.


At the same time, it is important to remember that the most vulnerable factor in any information security system remains human. Many companies did not pay due attention to training employees in cybersecurity rules when working remotely. The consequence of this was the use of shadow IT services and insecurity before new tricks of intruders that appeared during the pandemic.

In particular, recently thousands of domains have been registered that simulate the popular Zoom video communication platform, many of which are malicious or suspicious, "said Vyacheslav Logushev, director of IT service and outsourcing at X-Com.


Build a "delete" in Avral mode

Of course, the current situation is extremely difficult for IT and IB employees. Even those companies that had the ability to remotely access enterprise systems faced the need to quickly transfer a large number of employees to remote work. Nowadays, there are a sufficient number of approaches and information protection tools that can ensure that employees work fully on the remote site without a significant increase in threats to enterprise systems. If you have sufficient time and resources, you can build a secure remote access system for employees.

However, this time there was just no necessary time. Most companies had to rebuild their systems and processes extremely quickly and, of course, attention was paid to security issues, but they were not in the first priority. Some companies, prior to the introduction of self-isolation, did not ever expect to use remote access to fully operate their employees. And in this case, of course, they had to create such systems literally "on their knees." All this has led to the fact that remote access systems created and operating at the moment do not meet all the requirements for information security. And even at the moment, many companies have not implemented all the necessary security tools and have not built their processes to ensure secure remote access of employees. Thus, the most dangerous is not some specific threat, but the general level of security of remote access systems built in a short time in the "avral" mode. This, in turn, can lead to major corporate data leaks and attacks on corporate systems by intruders, "said Maxim Pyatakov, deputy technical director of AST.


With hard time pressure, the probability of error increases many times - this is the most important threat, said Andrei Ivanov, head of the department for the development of cloud security services "Yandex.Cloud."

The main risks were concentrated in those companies where the need for remote work was not taken seriously. Company executives did not take into account the needs of the business for remote work despite the fact that it helps to maintain a position in the market. Now such companies urgently need to organize remote work of employees and gain access to all corporate resources, without time for risk analysis, as well as the design and implementation of such security tools as multifactor access, mobile device management systems, protection systems against targeted attacks, especially devices located outside the perimeter and so on..., - explains Ivanov.


At the same time, many companies could not switch to remote work and maintain the same level of security and control over user actions that were provided in the standard mode of operation, confirms Maxim Filippov, director of business development at Positive Technologies in Russia.

About 11% of respondents surveyed by us noted that remote work in their companies was organized urgently. The IT infrastructure was rebuilt very quickly and the main task was to ensure the continuity of critical business processes, and the requirements of the IS were often ignored. For example, on the network perimeter of Russian companies, the number of resources increased sharply, an attack on which could allow attackers to gain control of the server and penetrate the local network. And this was most likely due to the hasty transfer of some employees to remote work. One of our studies showed that almost a fifth of organizations that switched to remote operation somehow published corporate web portals on their perimeter. It should be understood that previously they were available only to internal users, which means that with a high degree of probability the issue of their security (in particular, the elimination of vulnerabilities) had a relatively low priority, that is, not all of them meet security requirements and in all cases all vulnerabilities are closed. You can reduce these risks if you publish such web portals using solutions of the web application firewall class, "said Maxim Filippov.


According to Positive Technologies, all kinds of temporary remote access schemes, which were introduced in the mode "now we need to urgently, but later we will correct it," are often preserved for a long time. One of the company's surveys showed that in 57% of cases, organizations do not plan to change how remote access is organized.

Vyacheslav Medvedev, a leading analyst in the development department of Doctor Web, traditionally prefer to turn a blind eye to the use of personal devices in the corporate network, access to unprotected corporate services from them, installation of software at the request of an employee, and not at the request of the company. Often, personal devices are used without installed security tools or only with free antivirus from a well-known large American company.

During the epidemic, problems of safe access from unprotected devices did not arise, but worsened. The remote operation infrastructure was prepared in a time-consuming environment. Moreover, neither IT specialists nor users catastrophically lacked the capacity, means, and often knowledge for this. As a result, it turned out that the use of home PCs to work with the internal IT system of the enterprise can be compared with surgery, which was carried out urgently by far from surgeons. As a result - cases of infection of internal IT systems, stopping work in an already difficult environment.

Until now, not everyone realizes that the rejection of high-quality antivirus, the use of free cut crafts in something similar to the refusal of vaccination. "Refuseniks" seem to have an advantage: they receive data on their computers from protected devices, their devices work without antivirus faster, there are no restrictions on visiting unreported pages (the same social networks during working hours) - not life, but a fairy tale. But everything collapses when everyone begins to exchange letters from unprotected devices, while there is also no antivirus with anti-spam on the mail servers used, "explains an expert at Doctor Web.


Change the perimeter of protection

For many companies, the entire security architecture was built on the basis that the protected devices are located in the perimeter of the organization.

The transition to the remote site very badly eroded this perimeter, as a result, the corresponding threats became relevant, says R-Vision CEO Alexander Bondarenko.

The traditional threats to information security have added new ones that have made it harder to protect your IT infrastructure.

The usual concept of the perimeter has finally lost relevance, the variety of computer equipment used by employees to work on the "remote" has increased, it has become much more difficult for the administrator, and sometimes simply impossible, to control users' working devices and access to them. Therefore, the need for operational monitoring and control of the entire system of protection of the organization's information structure has increased, as well as the use of proven and reliable remote access protection tools (VPN, firewalls, protection against NSD, etc.), "said Andrei Shpakov, head of the technical consulting department of S-Terra SES.


Andrei Zaikin, head of the Information Security department of Krok, calls the mass care of workers for the perimeter of the organization - the most dangerous threat to the "remote."

Employees working from home are in the zone of increased cybersecurity risks for several reasons at once: lack of control over the software being installed, malicious web resources, access to the network through unprotected connections, use of their own devices, "he notes.



Simultaneously with the transition to the "remote" the perimeter of the attack on companies has grown and the risks of information leakage from uncontrolled user devices have increased, says Andrei Yankin, director of the Information Security Center of Infosystems Jet.

All this served as an impulse to increase the activity of attackers who are already probing companies in search of unprotected systems. At the same time, attackers most often use old proven methods: phishing mailings, password retrieval, search for known vulnerabilities, etc., he explains.


Threats after returning from the "remote"

The degree of automation of infrastructure penetration and infection is such that any company connected to the Internet instantly becomes the target of hundreds of scripts and programs trying to send an encoder, install a miner, expand botnet, and mail a malware.

We in our Cybersecurity Monitoring Center observe more than 4 million attempts to penetrate the controlled infrastructure annually. I especially want to pay attention to the fact that most likely, most companies were not preparing for a mass transfer of employees to a remote mode of operation. And now, when a lot of employees will go from their home computers or laptops to the infrastructure of their employers, the number of points of potential penetration and infection will increase by orders of magnitude, "said Ivan Melekhin, Director of Development SOC NIP " Informzaschita. "


Therefore, the long-awaited exit from the remote for IB services that have adapted to the new conditions is far from a reason to relax: it is not enough to simply restore those processes that existed earlier.

According to Maxim Filippov, Director of Business Development of Positive Technologies in Russia, the exit of employees to offices from remote work requires taking into account a number of new risks.

It is necessary to check everything returned to the office network, equipment for the presence of malware, which, by the way, is far from always detected by standard anti-virus tools. Or, say, upon returning from a remote location, all employee passwords should be updated without exception. And the perimeter of the company itself is now not the same and requires an operational inventory for services available from the Internet. Well, and of course, it must be borne in mind that during the period of total removal, the attacker, if desired, already had a chance to penetrate the infrastructure (this takes not so much time, but in the face of a massive change in standard employee behaviors, it was relatively easy for him to disguise himself)therefore, one of the first tasks that we recommend to solve IS services is to conduct a retrospective analysis and make sure that the systems were not hacked during the period of removal or earlier, "says a Positive Technologies expert.


Which IS products and services became most relevant during the "remote" period

During a survey of information security experts, TAdviser found out which IS solutions have become the most relevant for companies organizing remote work. Most often, respondents mentioned solutions for organizing a secure VPN connection and multifactor authentication, leak protection system (DLP) and privileged user control (PIM/PAM).

Secure VPN Connectivity Solutions

The most relevant solutions for all companies in remote operation were solutions for protecting the communication channels through which information is exchanged. These solutions are based on software and hardware VPN products. If previously only IT employees worked remotely, then other specialists joined them during quarantine events.

Moreover, according to the heads of many enterprises, working remotely turned out to be convenient for their teams, and they plan to fully or partially use this format in the future. With this approach, more serious requirements are placed on the user characteristics of VPN products, as well as on the quality of their management. It is necessary that the user can easily access the corporate network from any device and when using any operating system, and the administrator always understands the state of this device, notes Andrei Shpakov, head of technical consulting at S-Terra CSP.


According to Vitaly Orlov, Executive Director of Smart Software, the optimal way to solve the problem of protecting data exchange between the office and remote employees is to use your own VPN server in the company's network.

Many IB specialists understand this well. We recorded a noticeable increase in interest in the VPN functionality, which is part of our solutions, "he explained.


Murad Mustafayev, head of the Onlanta information security service (part of the Lanit group), added that VPN tunneling, combined with a configured access matrix, allowed many companies to quickly switch to remote operation, preserving the distinction between access rights to corporate information systems.

Tools to monitor information leakage and employee productivity

During the period of mass transition of companies to remote operation modes, demand for systems for information leakage protection (DLP, Data Leak Prevention) and specialized solutions for remote monitoring of employee activity increased.

DLP systems allow you to control workplaces outside the office and prevent the leakage of confidential information from the internal perimeter of the network, even if the working network and its segments are geographically distributed.

TechInform noted that the hottest product in the pandemic was ProgramController, a DLP module that monitors employees' actions for PCs and assesses their productivity.

The reason is simple: employers want to know what employees are doing outside their field of view. The question arose sharply even among those customers who had not used such functionality before, who used it pointedly - they wanted to expand licenses for all PCs. Only at the start of isolation, in March - early April 2020, the number of requests for the module increased by 56%. We provided it free of charge for the entire remote period, now we see requests for an extension of the test period, procurement approvals are already underway. According to colleagues, this situation is in the entire market for solutions for timing, task tracking and productivity control, "says Lev Matveev, chairman of the board of directors of SörchInform.


Nikolai Domukhovsky, Deputy General Director for Scientific and Technical Work of the UCSB, notes that the means of monitoring the actions of personnel in this case are not used to solve the tasks of the IB, but to control remote employees to verify whether they really work, and not aimlessly "surf" on the Internet.

Privileged User Control Systems

Another "in trend" solution is controlling the actions of privileged users.

The transition to remote mode of operation gave impetus to control systems for privileged users and control and access control systems, because it is necessary to look at what administrators do with servers, and employees with privileged access - with critical business systems, "says Alexey Gorelkin, CEO Phishman.


Nikolai Domukhovsky, Deputy General Director for Scientific and Technical Work of the UCSB, complements:

Many information system administrators also went remotely and began to perform their functions from home computers. And if the current actions on a business-critical service are not done by a system administrator, but by his son? Such a remote erroneous action can be too expensive for a business - therefore, an additional line in the form of a system for controlling the actions of privileged users has become extremely relevant.


Web Application Protection Products

The increased online migration during quarantine and the need to publish enterprise services also contributed to the growing demand for web application protection (WAF) products.

Threats that can disrupt the performance of company resources and lead to a shutdown of business processes - whether internal document flow, corporate communications or online sales - are becoming much more dangerous. The dependence of companies on the information resources that it uses in its work is also growing, so it is especially important to take care of their availability and information security. Thus, in addition to organizing secure remote work, the most relevant IS services were protection from DDoS attacks and protection of web applications from hackers (WAF), "notes Ramil Khantimirov, CEO and co-founder of StormWall.


Authentication Tools

Remote access increases the demand for multi-factor authentication technologies. Such authentication using certificates, tokens (physical/software) and with correctly configured Active Directory group policies solves the problem of unauthorized access to information, said Murad Mustafaev, head of the Onlanta information security service (part of the Lanit group).

According to Andrei Ivanov, head of the Yandex.Cloud cloud security services development department, the standard login-password pair has long been considered unsafe, especially when authenticating on a corporate resource accessible from the Internet. At the same time, VPN is not always convenient for ordinary users, so IT services provide the opportunity for employees to access corporate services without VPN, which requires more reliable authentication, allowing them to work from both desktop OS and mobile devices.

An increased interest in authentication tools, in particular two-factor authentication JaCarta PKI, was noticed at Aladdin R.D.

With the help of USB tokens or smart cards JaCarta PKI (FSTEC certificate of Russia), two-factor authentication is implemented for protected data on laptops and stationary PCs, two-factor authentication using digital certificates when remotely connecting VPN, RDP, Web, as well as email protection (encryption and signature) and storage of containers of software SKZI, - Director of the Department explains.


Dmitry Gorelov, commercial director of Asset, also speaks about increasing demand for authentication and electronic signature.

Remote connections blur the security loop and the demand for solutions that ensure that an employee of the company works in the information system, and not someone else, has sharply increased, he notes.


Cloud Security Solutions

With the urgent transition to a remote format, the business faced new stresses on the IT infrastructure. Even technologically advanced companies were forced to redistribute capacity to ensure the operability of corporate resources in remote connections. When the "iron" for IB products ceased to be enough, they began to turn to vendors for cloud-based protective solutions.

At the request of customers, we brought our DLP to the format of a cloud service. When there were no enough hands - more companies turned to IB outsourcing so that our analyst worked with DLP. Such decisions at the same time allow business to save on a one-time purchase of "heavy" software and pay for a subscription every month, "says Lev Matveev, chairman of the board of directors of SörchInform.


Zero Trust Protection Model

Companies not only need to encrypt the remote connection channel. The zero trust protection model is more relevant than ever before. It involves building protection approaches based on a complete lack of trust in any users connecting to corporate resources. Users and devices must authenticate themselves each time they connect to resources.

This model correlates well with the fact that now employees connect to the network of companies from anywhere, including from personal devices. There is virtually no control over these devices by default, which means you cannot trust them. It will be a good practice when building a protection system to accept the postulate that all user devices can be hacked a priori. When building a security system, we recommend that companies apply solutions and technologies that ensure the implementation of zero trust principles: multifactorial authentication, which allows you to protect yourself from compromised employee passwords; checking employee devices for installed updates, the relevance of antivirus databases, data protection on employee devices (encryption), etc., "said Andrei Zaikin, head of Information Security at Krok.


Others

According to Dmitry Pudov, Deputy General Director for Technology and Development of Angara Group of Companies, at the beginning of the self-isolation period, everyone solved the most pressing problems, so they focused on solutions for secure remote access - VPN gateways, PAM (for IT and contractors), solutions for multifactor authentication, etc.

But quickly enough came the understanding that this is not enough to support business processes. As a result, demand shifted towards solutions that ensure safe operation with sensitive information, protection of remote workplaces, transformation of the IS monitoring system, etc. Here there is no universal recipe, much depends on the infrastructure of a particular organization and its business processes, "says an expert of the Angara group of companies.


According to Andrei Ivanov, head of the Yandex.Cloud cloud security services development department, the tools for managing mobile devices and EDR-class systems have become relevant solutions, because accessing corporate resources from devices that are not trusted is a big risk. MDM and EDR systems reduce these risks and increase confidence in devices that employees access corporate resources, he notes.

Denis Sukhovey, Director of the Technology Development Department of Aladdin R.D., speaks about the demand for products that ensure the ability to work safely in an untrusted environment, which is remote work.

An example of such a product is Secret Disk, a means of encrypting information on laptops and workstations of an organization. The arguments for using Secret Disk are - the cost-effectiveness of the product, the ease of deployment, configuration and maintenance, which does not require significant costs and time of specialists, as well as the reliability of the protection method itself, which is confirmed by the durability of the encryption algorithms used, "he explains.


According to Dmitry Donskoy, Director of Development of Echelon Technologiya, the most relevant are solutions for ensuring network security (VPN, ME, SOW) and control tools: solutions for analyzing security, as well as monitoring information security events.

We are seeing a steady demand for our products: PAK Rubikon (ME, SOV), a set of security analysis tools Scanner-VS and the KOMRAD information security event management system, "he notes.


Dmitry Agafonov, Director of Development of Inoventica Technologies, believes that due to the remote work of a large number of employees and their access from outside the enterprise to various kinds of data and services, decisions on compliance with policy and access rights have become the most popular. Also, it becomes relevant, according to him, protection against attacks aimed at malfunctioning specific applications, i.e. at the application level.

Nevertheless, the need for IB solutions is determined by the goals and tasks that the business itself sets itself. And for this, it is primarily desirable for him to analyze and evaluate new technologies for their applicability to the enterprise and determine his Security Policy, the expert believes.


Nikita Semenov, head of the Talmer IB department, notes the increased interest in systems that combine VDI technologies, NSD protection, Remote Access VPN, a two-factor authentication system, Identity Manager and, if necessary, GOST encryption. Such systems, he said, allow once and for all to abandon the workplace in favor of the terminal station, to organize secure remote access to any number of employees at any time without additional actions by the maintenance personnel, and also to prevent leaks of confidential information by prohibiting the transfer of any information other than graphic (by VDI). In addition, this will increase the reliability of authentication mechanisms and allow for flexible horizontal and vertical scaling at any time.

Alexey Pavlov, head of the department of expert presale of Solar JSOC products and services of Rostelecom-Solar, notes that incidents with video conferencing services forced many companies to pay attention to protected mesengers and VKS systems. At the same time, according to him, interest increased primarily in domestic solutions. There are several reasons for this: cost, trust and requirements of import substitution legislation.

Alexey Sukhov, commercial director of Garda Techologies, identified several of the most popular classes of solutions for remote work:

  • Access solutions - VPN, terminal environments, etc.
  • Access protocol controls (Balabit SCB, Wallix and others).
  • Leak Monitoring and Protection (DLP).
  • Database and Web Application Protection (DAM) systems.

In his opinion, when employees work from home, there is an important task of delimiting access, segmenting networks, monitoring the work of users and servers on the network in the conditions of a large percentage of remote connections. You must limit the pool of IP addresses, the number and types of devices used.

Existing rules for access to business systems have to be changed due to production need, and the IS service only has to agree on "emergency measures." Less secure in this case were companies that did not provide for the introduction of monitoring of users and devices on the network in advance, especially when accessing critical business systems. When it is impossible to act according to clear tested regulations, intelligent behavioral systems come to the rescue. They identify attempts at fraudulent actions and timely notify the security service, "the expert says.


Cross Technologies notes an increase in demand for the following areas:

  • Automation of IB, SOAR processes
  • Behavioral analytics when working remotely
  • Biometrics and Recognition, Remote Site Identification
  • Access Data Search and Evidence Collection

Experts of this company believe that with remote access, the most pressing task is the use of user's digital passport technologies. It allows you to use digital labels to control, manage, and audit access rights to office package electronic documents. This technology is aimed at fulfilling the regulatory requirements of the federal law of 29.07.2004 No. 98-FZ "On Trade Secrets." It is a good addition to existing solutions to ensure the information security of the organization and control the flow of sensitive information, which allows you to personalize the employee of the company who made the latest edits to the document, in turn this allows you to identify the violator when information leaks.

Also, according to Cross Technologies experts, collecting artifacts and an evidence base in an automated mode, when the decisive rule of the information protection tool works, allows you to increase the reaction time of the response team to 40 minutes. Such processes have begun to build many companies that have been successfully building their cybersecurity monitoring centers for several years.

The company notes that when organizing remote access of an employee of the company, the task of collecting traces of compromising is most acute, since it is required to carry out remote control, hidden investigations, post-analysis of the incident at the endpoint, internal control and end-to-end detection of information. When choosing tools for automated data collection of a compromised system, you should adhere to solutions that use a single database of investigations and create a clear picture of events. Thus, with the help of automation and the use of centralized data analysis tools of a compromised system, it is possible to investigate unknown activity in a temporary repository, which will allow you to collect an evidence base in a single place, quickly operate on data when investigating a computer incident and preparing an evidence base in a criminal case.

Cross Technologies believes that when using technologies to determine the user's digital passport and automated information collection components when investigating incidents in the event of a leak of information during the organization of remote access of an employee, it is possible to quickly identify the attacker, and the components of automated information collection during the investigation of incidents will allow timely collection of evidence. Murad Mustafayev, head of the information security service of Onlanta (part of the Lanit group), gave several tips on ensuring the security of remote access.

According to him, it is worth strengthening the control of incidents during remote work. At the same time, it is very important to configure remote desktop monitoring, and ideally use the SIEM system (Security Information and Event Management), which collects logs from all information systems of the company to monitor the state of security in automatic mode.

At the same time, VDI (Virtual Desktop Infrastructure) or virtual desktops allow you to configure fully controlled access to enterprise resources. According to Murad Mustafayev, this technology, combined with two-factor authentication, is one of the safest solutions for working in a remote format, since corporate resources are protected doubly: both centrally and on the user side.

When working remotely, it is worth reminding employees that instant messengers can only be used when discussing non-confidential information. Exchange corporate data through a mail client with anti-spam protection, pre-sent information placed in an archive protected by a password. Inform the recipient of the password by phone, or transfer it in the messenger. An alternative safe way to transfer information is secure corporate file exchanges, "said an expert at Onlanta.


Ivan Melekhin, Director of Development, NIP Informzaschita, notes an increase in demand for services related to the security of remote work and infrastructure - end computers of users, communication channels, and the perimeter of organizations.

We and our partners have developed several new services aimed specifically at improving the security of remote work. The burden on our Cyber Security Monitoring Center IZ: SOUNDhas increased due to the fact that our customers have switched to remote work from home, and we have to monitor cyber threats more closely. A temporary lull is observed in the areas of consulting and audit, which involve close personal interaction. For obvious reasons, the load on the Service Center supporting internal customer infrastructures has decreased, "says Melekhin.


Andrei Shpakov, head of the technical consulting department of S-Terra CSP, speaks of the demand for the service model in the field of information security.

The pandemic found many in the midst of the process of implementing projects to create or modernize information security infrastructure, there was a need to carry out work as soon as possible. Often, their own strength is not enough for this, so many chose to use the experience and infrastructure of companies that have already implemented such projects in large volumes, "he says.


Most experts agree that after the end of the self-isolation period, many Russian companies will refuse to return to the office, or leave part of the team in remote operation.

Vladimir Lavrov, head of the information security department of the Softline group of companies, believes that such companies will need to fundamentally change approaches to ensuring information security. After the business takes priority measures to protect against external intrusions and data leaks, there will be an increase in demand for projects in the field of education (improving staff literacy in digital hygiene), IB auditing and conducting penetration tests and analysis of infrastructure security.

How Remote Work Affects Security

2021:91% of IT employees have to compromise on cybersecurity

On September 9, 2021, [HP] Inc. published a report by HP Wolf Security called 'Rebellions & Rejects' - a global study indicating internal friction and tension between IT professionals and employees working remotely. To protect jobs in the future, security managers should pay attention to this issue. More details here.

2020

Five-fold increase in requests for professional solutions for secure work of remote employees

In July 2020, Avanpost, a Russian developer of enterprise information resource identification and access control (IDM) systems, recorded a five-fold increase in requests for professional IP solutions related to the safe operation of remote employees. Of these, 40% are large geographically distributed enterprises; the rest are middle-sized businesses from different sectors of the economy, as well as IT integrators looking for ways to solve new security problems for their customers.

Business concerns include low link security, potential data breaches through videoconferencing applications, and the inability of employees to install and configure the right software (such as VPN) themselves.

At the same time, Avanpost analysts noted an increase in demand for simple, easy-to-install, untrained IT solutions that include packages of the necessary software (from office applications to remote monitoring tools by security specialists for the correct deployment of the software package). At the same time, an analysis of appeals showed that Russian companies now pay special attention to controlling access to information, protecting against internal threats and from unscrupulous personnel actions. So, if earlier this type of vulnerability was considered as a critical order of 20% of enterprises, now this figure is approaching 35%.

The first important step in solving this problem will be the rapid deployment of end-to-end user account management and access rights technologies to the organization's information resources in the corporate network, which, along with properly layered protection against "hacking," will give companies enough time to create a full and effective information security system.

File:Aquote1.png
"The difficult situation associated with the rapid growth in the number of remote employees, of course, required, if not a revision, then a new look at how the reliable IS system works," said Andrei Konusov, CEO of Avanpost. - Communicating with our old and new customers, we see that, on the one hand, such systems are more relevant than ever, and on the other, that the problem needs to be solved quickly. That is why it is worth acting simultaneously in two areas: to work out business processes taking into account their integration with new IB technologies and, at the same time, to deploy enterprise protection as soon as possible with the help of those reliable and effective tools that are already on the market. First of all, I am talking about IDM and SSO class solutions that allow you to clearly regulate employee access to information at different levels. "
File:Aquote2.png

Unprotected remote workplaces and home offices open up many opportunities for intruders

In the spring of 2020, after an accelerated transfer of employees to remote work using all available tools, the business began to think about information security. After all, unprotected remote workplaces and home offices open up many opportunities for intruders, ranging from the risk of losing sensitive data to disrupting the company's IT infrastructure and disrupting business processes.

At the end of March 2020, experts at the Solar JSOC cyber threat monitoring and response center reported that due to the hasty mass transition of companies to remote work, the number of enterprise servers available to attackers from the Internet was rapidly increasing. It turned out that one of the main reasons was the use by companies of the unprotected RDP (Remote Desktop Protocol) protocol. According to Solar JSOC, then in just one week the number of devices available from the Internet using the RDP protocol grew by 15% in Russia (the total number was more than 76 thousand units) and by 20% in the world (more than 3 million units).

The resulting statistics are frightening, because not so long ago several large vulnerabilities related to the Remote Desktop Service - BlueKeep and DejaBlue - thinned off. Both allow you to access the remote server without authentication - for this, it is enough for the attacker to send a special request through RDP. Thus, in the absence of the latest Windows security updates, any system accessible from the Internet is vulnerable, "commented Igor Zalevsky, head of the JSOC CERT cyber incident investigation center at Rostelecom-Solar.


The results of similar monitoring at the end of March 2020 were presented by experts of Positive Technologies. They recorded that in terms of the growth dynamics of the number of nodes opened by RDP in Russia, the Ural and Siberian federal districts were in the lead.

Alexey Novikov, director of the Positive Technologies expert security center, recalled that regardless of the type of remote connection chosen, it is reasonable to provide remote access through a special gateway. For RDP connections, this is Remote Desktop Gateway (RDG), for VPN - VPN Gateway. It is not recommended to use a remote connection directly to the workplace, the expert noted.

According to Valentin Gubarev, Director of Computing Systems at Kroc, at the first stage, the best option is the introduction of VPN (Virtual Private Networks) to ensure secure access to resources, the transition to virtual desktops (Virtual Desktop Infrastructure) and the control of connected devices (EMM solution class, Enterprise Mobility Management). The final stage is the development of all the necessary instructions for users and the support of their transition.

First of all, you need to understand which of the employees and which systems will be able to work "painlessly" from home. This should be a kind of check-up readiness for a remote format, which companies conduct independently or with the help of external consultants. According to the experience of Krok, we can say that at least 90% of the staff, including financiers, logists, etc. can actually be transferred to the remote. Previously, they need to be provided with laptops, monitors, information security tools (for example, VPN), tools to increase mobility (for example, VDI - desktop virtualization), "said Gubarev.


The representative of Infosystems Jet Dmitry Galkin believes that now there are all the conditions to introduce VDI.

Our company and many vendors are ready to provide the most flexible conditions. For example, Citrix offers additional discounts on an annual subscription to its workplace virtualization software. The subscription licensing model is more expensive in the medium term, but from the point of view of the "entrance ticket," that is, one-time costs, is interesting to the business, "he says.



At the same time, the most advanced in terms of functionality and security of remote work, according to him, are the bundles of VDI and EMM (Enterprise Mobile Management) solutions. VDI organizes the management of tables and user sessions, and EMM allows you to organize corporate sandboxes on user devices. Of these, employees run both individual published applications and virtual desktops in their entirety.

With virtualization tools, you can protect traffic inside. DPC For example, working at the hypervisor level, VMware vSphere NSX allows you to organize a zero-trust policy at the network level even between virtual machines located on the same virtualization host. You can fine-tune only the networking between virtual machines required for IT infrastructure and applications to function. And then additionally inspect all traffic inside the network at almost linear speed. And of course, the presence of a second factor in user authentication is a necessary moment for full protection. It can be implemented in a variety of ways, depending on the preferences of company security specialists, "explains the expert of Infosystems Jet.


Andrey Zaikin, head of Information Security at Krok, recommends first of all identifying the most critical information assets, then deploying secure remote access gateways and mandatory two-factor authentication.

The priority is now contactless solutions, when a personal smartphone is used as a second factor (it confirms access, for example, through a fingerprint). This will help protect information even in the event of theft of the device, "explains the expert" Krok. "


Privileged Account Management (PAM) solutions allow you to control access to your own infrastructure of administrators and other privileged users of critical business systems. At the same time, it is recommended to protect access gateways to the corporate network from DDoS attacks.

To minimize the risks of infection of corporate infrastructure through employee devices, Andrei Zaikin advises using EMM solutions. They provide an encrypted connection to corporate resources of companies, allow you to create a secure "container" on a user's personal device, in which it is possible to safely work and protect confidential information from unauthorized access, without limiting the usual use of the gadget.

A separate question concerns remote tools, in particular for the organization of VKS and telephony: these can be on-premise installations, cloud solutions, public services. According to Valentin Gubarev, on the one hand, it is necessary to give freedom of choice, and on the other, to control channels and watch how people use them.

Do not forget that employees are on the home network - and this is another threat. We see that hackers and cyber bullies have already intensified. Therefore, companies need to educate culture in people, since technical means of protection from everything will not save, "the Krok expert is convinced.


The transition to remote work of employees adds many new ones to the threat landscape: from the presence on the PC of a remote user of extraneous and malicious software and unauthorized access to the corporate network of random people to interception of data in communication channels.

Artem Goncharenko, commercial director of Cloud4Y, believes that in order to reduce the possibility of incidents, it is necessary to draw up a risk management plan in advance, formulate requirements for a remote workplace (the presence of an antivirus, firewall), limit the list of resources available for remote work and instruct employees on the organization and management of information protection tools.

{{quote 'As technical measures, we recommend organizing terminal access, using encrypted communication channels (VPN), multifactor authentication for access to the corporate network, software products that provide control and monitoring of employee activities (DLP systems), "he explains. }}

Alexander Shikinov, sales director of Mango Telecom, advises not to ignore the available protection capabilities. For example, on a virtual PBX, a role system for users should be enabled so that each employee has all the tools necessary for work, but does not access the "extra" - business intelligence data, commercial information, conversation records, if he does not need it in terms of duties.

Ilya Zaichikov, Product owner SED THESIS, believes that the main risks are related to the use of personal email, cloud services for working with text files, etc.

Specialized applications with web access, password and other security tools, such as SED THESIS, located on the customer's own servers, allow you to avoid leaks, "he said.


VMwareenko's senior business strategy consultant Andrei Kosenko believes that the risks of violating data privacy with switching to remote mode of operation increase several times, as employees use home devices for personal purposes - online shopping, communication with family and friends, watching films, and downloading music. At the same time, a lot depends on the maturity of the enterprise's information security system and the readiness to compensate for these risks by technical means and organizational measures - conducting trainings, regulating the rules of behavior in the corporate network, delineating access depending on the position and department.

The optimal solution to mitigate risks, in his opinion, is the organization of remote access through the digital workspace of an employee (Digital Workspace), with a built-in zero-trust security model.

Digital Workspace is able to fully control and analyze user interaction with enterprise information systems and the context of this interaction. By integrating with next-generation antivirus systems (NGAV), EDR (Endpoint Detection and Response) solutions and software-defined data center infrastructure, as well as using artificial intelligence and machine learning technologies, Digital Workspace allows you to reliably protect applications and data in the face of a total blur in the perimeter of network security. Such risk compensation requires additional costs and, ultimately, each company finds its own balance between costs and the acceptable amount of residual risk. In other words, secure remote access can be provided for any category of employees, but the cost of such provision is proportional to the rigidity of the IB standards, "explains the expert VMware.



According to Vladimir Burgov, Commercial Director of CommuniGate Systems Russia, security services, proven IT procedures and rules are the prerogative of large business, and managing the "zoo" of devices and communication systems in the mode of operation of the enterprise at the "remote" is a resource-intensive process.

A working alternative can be to access the capabilities of unified communications (UC), such as the CommuniGatePro solution, which combines a complex of communication solutions within a single platform - telephony, instant messaging, video communication, e-mail, etc. The product fully ensures the operation of the office, including in remote mode - on desktops and mobile devices of employees. Setting up and managing one all-in-one system significantly reduces resource costs and makes the process of ensuring the security of remote intra-corporate interactions manageable, "says Vladimir Burgov.


According to SearchInform experts, an emergency transition to a remote location is a potentially negative process in relation to data security and IT infrastructure. Only those companies with remote format elements have done well with this process, and the question arose only in their scaling. The rest caused difficulties - there were no resources to quickly rebuild.

With IB-, personnel and economic security, the situation is much worse - issues have faded into the background. This explains that a large number of companies do not have an understanding of whether there were incidents after the transition to a remote location or not. Some record that the number of violations remained unchanged, because there is nothing to calculate - there are no control mechanisms. So far, security issues for obvious reasons for businesses are of little priority, but the situation will be reflected in the number of real incidents: an increase in the number of insider violations, susceptibility to attacks by social engineers, sec-attacks. Therefore, companies will have to review their business processes from a security point of view, "said Alexei Parfentiev, head of the analysis department at SörchInform.


The general director of Oblakoteka Maxim Zakharenko believes that the risk of loss of confidentiality is becoming secondary today, the main risk is the risk of data availability and integrity, just to continue the company's work.

These risks are addressed by a cloud location in a large data center with built-in backup, clustered storage and processing solutions, and fast and reliable backbone Internet. And, by the way, it is easier to provide privacy control in the cloud due to a clearer perimeter of data placement, "Zakharenko noted.


Alexey Tsember, BIA Technologies sales director, believes that for information security services, this whole story with a massive transition to remote work is a real test. The main thing that can be done here to reduce risks is not to rush and avoid hasty decisions.

In his opinion, the company should necessarily build models of the organizational structure with a distinction by systems and services, in which a particular employee works, indicating the level of access to data. If there are no such models, then it is from them that you need to start transferring to remote work. According to these models, the stage of the procedure is drawn up, risks are assessed and preventive measures are being worked out.

But even if the security service works perfectly, the risks of leaks of sensitive data due to accidents and the human factor will remain. Outreach to staff provides excellent results. People should understand what responsibility they bear by exchanging files through whatsapp, unprotected skype or in the form of links in the public cloud, the expert explains.


At the end of March 2020, the operator of cyber defense services CyberART prepared a check list to check the level of security of his company. According to CyberART experts, to protect the "remote," a comprehensive approach is needed, since the format of the "home office" itself increases the number of potential threats to the security of the company. Companies were encouraged to answer the following questions to assess the current level of security:

1. For remote operation, use secure communication channels, for example, using VPN (Virtual Private Network)?

2. When connecting to the infrastructure, does the user undergo two-factor authentication (tokens, one-time passwords)?

3. When connecting remotely, do not use personal devices of employees?

4. At remote workplaces, removable media are controlled, "direct" Internet access is prohibited?

5. When connecting to the company's network, do you check remote devices for antivirus and its relevance and for the necessary security updates?

6. Use of enterprise services is allowed only from specially configured "jump nodes": terminal servers, virtual desktops (VDI)?

7. In the IT infrastructure of the company, segmentation is performed and access delimitations are configured, do users have a minimum set of rights to work?

8. Are information security and event audit policies defined and applied in your IT infrastructure?

9. Is there continuous monitoring and response to security events to detect and prevent computer attacks and incidents before they can have a real negative impact on the company?

10. Are you monitoring changes to remote resources, analyzing network perimeter and infrastructure security, and detecting and correcting vulnerabilities and configuration errors?

According to CyberART, often such crises and the need for emergency measures exacerbate the existing IS problems in the organization. If the company has unprotected remote jobs and "home offices," then the attackers will have wide opportunities for illegal actions: theft of confidential information, funds from a settlement account, infection of IT infrastructure.

Recommendations on information security

2021: Aladdin R.D. presented a comprehensive solution for safe remote operation

On February 15, 2021 the company "Aladdin R. D"., the Russian developer and solution provider for ensuring information security, presented the certified utility safe remote rabotyaladdin to LiveOffice. More details Aladdin LiveOffice|here.

2020

C-Terra and Rutoken proposed a joint solution for remote work security

On November 30, 2020, it became known that S-Terra CSP and Asset jointly protected access to corporate resources from a remote workplace. The compact and functional solution is made using Russian developments: the electronic identifier Rutoken EDS 2.0 Flash, combining the functions of a cryptographic token and a secure flash disk, the certified operating system Astra Linux 1.6 SE and the software VPN client C-Terra Client A, designed to work in the Astra Linux OS. More details here.

IVC has developed a ready-made secure workplace for an office employee

On June 8, 2020, IVC announced that it had developed a ready-made secure workplace for an office employee. This is a USB-based solution that includes software products manufactured by IVC: the certified operating system "Alt 8 SP," the cryptographic information protection tool (SKZI) "IVC Krypto" and a set of application software for everyday work from the OS distribution. In agreement with the customer, application software from the Unified Register of Russian Programs, compatible with the Alt 8 SP OS, can be additionally installed on the flash drive. More details here.

SETERE released Astra Linux-based solution for creating secure remote workstations

On June 18, 2020, Astra Linux Group of Companies and SETERE (Security Technology Research) announced the creation of the Integrated Secure Access Terminal Management System (ISU Terminal PC) software system based on the Astra Linux Special Edition special purpose operating system. More details here.

HP shares tips on how to protect yourself from cyber threats while working remotely

On June 15, 2020, it became known that HP Inc. shared recommendations that will help users avoid the leakage of sensitive data and unauthorized influence by cybercriminals in a remote environment.

After the removal of restrictive measures in most regions of Russia, employees begin to gradually return to their offices, but for some, remote work will become a new concept of the norm. In a study conducted by HP, 34% of respondents admitted that they were going to work remotely more often than before. At the same time, it is important to understand that at home it is necessary to have equipment that meets the requirements of business users, and strictly comply with corporate regulations in the field of cybersecurity.

HP shares tips on how to protect yourself from cyber threats while working remotely

According to a Microsoft DCI study, the number of victims of cyber attacks in 2019 increased by 5%, 79% of Russians surveyed were exposed to risks online. As a result of the spread of COVID-19 virus, this indicator arose due to the fact that most companies were forced to switch to remote operation, and employees' devices were outside the office environment with a high degree of data protection. To minimize increased risks, it is important to maintain a corporate cybersecurity culture and comply with basic information protection rules.

HP recommends connecting devices only to proven Wi-Fi networks, sites, and VPN. Do not trust links that lead to shocking data about coronavirus - most often such sources are harmful. It is also important to install only licensed applications on your devices, not to transfer working laptops and access data to enterprise services to third parties. If you notice something suspicious, you should immediately contact the IT specialist of the company for advice and help. HP offers free access to HP Sure Click Pro to support remote employees and provide them with enhanced protection.

Cross Technologies has developed a comprehensive remote access protection system

On April 16, 2020, Cross Technologies announced the development of a solution for a comprehensive remote access protection system. The key features of the solution were the speed of implementation, scalability, as well as the flexibility of system configuration. More details here.

Thionics Launches Virtual Remote Desktop Protection Software Suite

On April 13, 2020, the manufacturer of software products for providing cloud services, TIONIX (a subsidiary of Rostelecom PJSC), announced the development of the TIONIX VDI Connect software complex. The solution secures the virtual machine (virtual desktop) interface, user personal data, and protects sensitive information from unauthorized access when placed in the cloud on any KVM-based virtualization platform. More details here.

C-Terra Introduced Solution for Secure Remote Access

On April 7, 2020, S-Terra CSP announced that it had specifically developed a solution for providing secure remote access using software products: C-Terra Virtual Gateway, C-Terra Client, C-Terra KP. More details here.

CyberART prepared a check list to check the security level of the home office

Elvis-Plus and ISBC offer a solution to ensure secure remote work of employees

On March 27, 2020, Elvis-Plus and ISBC presented a solution to ensure the safe remote work of employees. The ability to quickly relocate employees to remote work is the only way to ensure the continuity of business and government structures. More details here.

Moving to the remote, companies open hackers access to their servers

Due to the successful mass transition of companies to remote work, the number of corporate servers available for attackers from the Internet is rapidly growing - experts from the Solar JSOC cyber threat monitoring and response center reported on March 27, 2020. One of the main reasons is the use of the Remote Desktop Protocol (RDP) by companies. According to Solar JSOC, in just one week the number of devices available from the Internet using the RDP protocol grew by 15% in Russia (the total number today is more than 76 thousand units) and by 20% in the world (more than 3 million units). More details here.

Attackers can access one in ten open remote desktops

Angara Professional Assistance: the share of unresolved software in companies for the month increased from 1% to 25%

On March 27, 2020, the company Angara Professional Assistance reported that analysts at the ACRC Cyber Stability Center (ACRC SOC) recorded an increase in incidents information security caused by the consequences of a massive transition to remote work. As of March 27, 2020, the share of installation of unresolved ON in the section of all IB events was 25%, compared to 1% at the end of February 2020.

The total installation of unauthorized software, often downloaded from dubious sources, leads to an active increase in malware infections. Malicious files get to user workstations under the guise of office software, instant messengers, as well as using the latest types of phishing letters that exploit interest and fear of coronavirus infection. ACRC statistics confirm that the number of VPO infections over the past week increased by 15% by the previous week.

Also, ACRC analysts record an increase in the number of incidents related to the installation of prohibited remote administration tools. Most often, such activity is associated with the actions of the personnel responsible for the operation of corporate IP, access to which is limited by the means of firewalls. Through the analysis of events from workstations and servers, as well as the analysis of network traffic directed beyond the perimeter of the protected company, Angara Professional Assistance experts are able to identify the installation and functioning of most illegitimate remote administration tools and quickly respond to such threats.

File:Aquote1.png
Remote user workstations tend to be less secure than internal workstations because some enterprise security tools are not available. The main task of providing IP is assigned to the means of information protection (SIS) installed directly on remote hosts. With the inoperability or insufficiency of policies of such SIS, the risks of IB are increased, as users connect to the corporate IT infrastructure to fulfill their job responsibilities,
commented by Maxim Pavlunin, head of the ACRC Cyber Stability Center
File:Aquote2.png

File:Aquote1.png
We see the prerequisites for possible financial and reputational risks that companies may incur. It is more important than ever to monitor and eliminate information security incidents in real time. The Angara Professional Assistance Cyber Resilience Center is ready to continuously provide a high level of protection of the "immune system" of our customers and quickly connect additional ones to its SOUND, especially in a difficult epidemiological situation. Despite the general quarantine, ACRC analysts continue to monitor the state of the IB around the clock. Moreover, ACRC staff are conducting a number of activities to increase vigilance. Increased monitoring of process behavior on user hosts, analysis of NIS events that provide remote user connections, control of critical subnet traffic and much more,
concludes Oksana Vasilieva, CEO of Angara Professional Assistance
File:Aquote2.png

Akronis Infoprotection cancels cloud backup fees for coronavirus epidemic

On March 27, 2020, the company Acronis ITProtect"" announced that to support the business of its partners and customers for all customers of services operating on the basis of Acronis Data Protection Cloudy"," the fee for using the service is canceled. The promotion will last until July 31, 2020. The service is provided by Acronis Information Protection partners (providers service). here More.

Astra Linux has developed instructions for organizing a secure "remote" for CII using Astra Linux SE

How to use Zoom safely? Check Point Tips

Because of the COVID-19 pandemic, more people are staying at home rather than going to work or meeting with friends. Up to 50% of employees worldwide can now work remotely. Online communication platforms have become necessary for personal and business interaction with the rest of the world. One of the most popular such platforms is Zoom - it has about 20% of the global market. How can I safely take advantage of Zoom? On March 26, 2020, the Check Point team spoke about some recommendations. More details here.

Solution for secure remote access from "Aladdin R.D." special

On March 26, 2020, Aladdin R.D. launched an action for remote employees, in which it proposes to use the JaCarta Authentication Server (JAS) special-price solution. The solution is designed for secure remote access and enhanced authentication using OTP (user authentication using one-time passwords) on the smartphone as an additional authentication factor in VPN and VDI (VMware Horizon View, Citrix XenApp/XenDesktop). More details here.

FSTEC recommendations for ensuring the safety of CII entities in the context of the coronavirus pandemic

"Asset" proposed a solution for the organization of safe remote work during the epidemic on special conditions

March 24, 2020 company Asset"" announced the proposal of a solution for the organization of safe remote work on special conditions. As part of the action, until May 1, 2020, there is a special price for a set USB of tokens, and EDS Rutoken PKI the software product VPN Rootoken is provided free of charge. More. here

Research Institute SOKB provides SafePhone free of charge

On March 23, 2020, the SOKB Research Institute announced that in connection with the transition of many employees to remote work, the company decided to provide the product to the SafePhone for free. More details here.

DeviceLock provides its data protection software free of charge for the duration of the epidemic

On March 23, 2020, it became known that the company DeviceLock will provide free of charge to everyone its products to protect corporate data when using terminal access for the period of the COVID-2019 coronavirus epidemic. More details here.

Rostelecom-Solar Introduced Secure Remote Solution

March 20, 2020 company Rostelecom Solar"" announced the development of a comprehensive secure solution for the organization of remote work. The solution is easy to deploy and scale, so companies can organize a home office for employees in a few days access with access to corporate resources without sacrificing. information security More. here

SprutMonitor will help companies control remote employees for free

On March 19, 2020, the company Humming-bird"," which is the developer of the monitoring system employees "," SprutMonitor announced the distribution of an unlimited number of free licenses to the local version of " ON SprutMonitor." The free license has no functional restrictions. More. here

Infotecs has granted free licenses to its secure remote access software

March 19, 2020, in Infotecs order to quickly resolve all issues and taking into account the difficult situation with the development coronavirus of infection, announced its readiness to provide the necessary number of licenses ON for the organization of secure remote access,, ViPNet Client HS and ViPNet Connect ViPNet IDS all ViPNet SafeBoot Russian interested organizations on a free basis for a period of 6 months. here

SearchInform will provide an IB outsourcing service for free when transferring employees to remote work

On March 18, 2020, SearchInform announced a decision to provide an IB outsourcing service to companies that transfer employees to remote work for free. This will allow the business in this situation to quickly and painlessly organize work in a modified format. More details here.

Read also