Nozomi Networks - Gain control over network activity in the home office

As the world sorts itself out during and after a pandemic, one thing is certain - remote working is here to stay. Fortunately, technology can provide the visibility needed to secure operational access, whether employees are working from the office or from home. While this level of flexibility was not as readily embraced in the past, secure remote access (SRA) is now widely used to help businesses exist and grow.

Businesses have no control over the home office infrastructure.

Take, for example, a 70-year-old operating engineer who was considered high risk due to a medical condition and needed to isolate himself. The company he worked for needed to provide secure remote access just for him to get "inside" their facility to manage their critical assets.

The challenge was that by enabling remote access to critical plant assets, the company was significantly increasing its attack surface. In fact, according to research by NordVPN, 62 per cent of employees are now vulnerable to cyberattacks because personal computers were used for remote work during the COVID-19 pandemic.

Another survey found that COVID-19-related phishing emails are on the rise, with many different strains of malware embedded as attachments. AgentTesla (45 per cent), NetWire (30 per cent) and LokiBot (8 per cent) were the most actively used malware families, according to researchers at Singapore-based Group-IB's Computer Emergency Response Team (CERT-GIB). With some minor differences, the goal of all these malware samples is to collect user credentials from browsers, mail clients and file transfer protocol (FTP) clients, take screenshots and surreptitiously track and send user behaviour to cybercriminals' command and control centres.

"One of the things that has changed is that an organisation no longer has control over the infrastructure its employees use to do their jobs," said Pam Johnson, vice president of customer experience at Dallas TX-based solutions provider TDi Technologies. "For example, they're using personal computers to access the corporate network. They're using unsecured WiFi to access operational systems. That's a fundamental problem that could lead to malware from personal computers getting onto the corporate network via home WiFi.

"We're used to knowing who's touching our critical infrastructure because outsiders had to sign in to a visitor log," said Bill Johnson, chief executive and founder of TDi. "And when they're on site, all cyber hygiene rules, cyber protocols and visitor protocols are followed. They don't bring in USB sticks or laptops from outside, they use devices that are within the four walls of the company. But with so many employees working from outside, the cyber challenges that exist today are added to the personal and physically distant challenges."

A large increase in the number of people working from home, and most likely continuing to do so, has led to a shift in the micro view of how employees work and in the macro perspective of how the industry will work in the future. The pandemic has forced an industry that has been slow to change to the smallest detail to accept assistive technology.

"We've been providing remote access to various industries since '91, and I've never found people so eager before. And not only are they eager to look at secure remote access, they come to us with a shopping list of requirements," Bill Johnson said. ''They need to be IT-centric or OT-centric or be able to create a unified view. That's another thing we hear a lot: 'I have these other tools, and you need to integrate with them, or you need to give me access to these other critical tools that I'm using to manage my business.' So the pandemic has led to people being more informed about security requirements. In the past, that was a nice to have. Now it is a must."

OT/IoT Security's three-legged stool.

Security has always been seen as a collection of people, processes and technology, but the latter is now playing a bigger role in enabling businesses to operate remotely.

"I've found that people have often been the inhibitor to technology because they simply didn't want to allow technology to be accessed remotely," said Bill Johnson. "In the past, SCADA technologies and OT technologies were not connected to a network that could be accessed remotely. As a result, some organisations default to 'security by obscurity'. But the COVID-19 pandemic has forced organisations to rethink both people and processes.

While it might be preferable for employees to be physically present, secure remote access technology allows organisations to manage remote access to critical systems in a responsible and secure manner by creating situational awareness and providing the ability to verify who is touching corporate infrastructure.

Remote access - the double-edged sword

"Remote access may be the only way to keep a business alive and generating revenue right now, but if you do it wrong, you can put the company out of business," says Bill Johnson. "That's why people have always been a roadblock in this process. And it's also why companies are very specific about what technology capabilities they need to get it right."

"From a business perspective, we always want to know who the people are and where they're coming from," Bill Johnson said. "What are they doing? How are they doing it? Are they authorised to be here? Show me the log and the audit and the tracking of their remote access."

Best practices for secure remote access

To ensure secure operational practices, Bill Johnson, chief executive of TDi Technologies, and Pam Johnson, vice president of customer experience, provided a list of best practices that businesses and employees can follow:

Enterprise

• Protect everything with firewalls, VPNs and two-factor authentication (basically zero trust).
• Monitor remote access connections to gain visibility into all remote systems interacting with your network
• Ensure standards and policies are in place, including rules for secure servers and the settings on those servers.
• Constantly check that these settings have not changed
• Evaluate how these servers are configured, what software is on them and what version they have, as well as all the automation behind the scenes
• Apply patches when it is possible to do so securely from a remote location
• Incorporate a regular password update process through automation.
• Keep a log of configuration or firmware changes, what was done and by whom

Staff

• During remote access, check the location you want to visit before going there
• Do not click on links and files you are not familiar with

Nozomi Networks integrates with remote access management tools

Nozomi Networks' solution continuously monitors remote access activity to detect anomalous activity before operations are disrupted. It provides detailed visibility into every remote connection, including every system within the enterprise network that a remote user connects to, the protocols used, the network zones or VLANs traversed, and any configuration or firmware changes made to any of those systems.

Nozomi's OT and IoT visibility and security solution also integrates with remote access management tools. This enables cybersecurity and operations teams to secure almost any type of remote access to their converged OT/IoT environments, including VPNs, terminal servers, jump servers and clientless remote desktops.

If you are interested in Nozomi Networks' monitoring solution, we would be happy to advise you. Of course we can also organise a test installation in your company. You can reach us by phone, email or our contact form.