As the COVID-19 pandemic engulf Europe, more and more cities have come under lockdown in desperate effort to stem the contagion. On Wednesday, Mette Frederiksen, Denmark’s PM has announced during a press conference that Copenhagen, along with all major city will observe lockdown measures, effective on Monday.

Denmark is the second European country after Italy to impose draconian measures after the number of confirmed cases has peaked at 514 (updated on 12.03.2020).

Following in the footsteps of Italy, Denmark has effectively shut down schools, kindergartens, universities, museums, and most shops, apart from those selling emergency supplies (food and hygiene items) and pharmacies.

In consequence, corporations operating in Danish territory, as well as local business owners, have unanimously decided to suspend office attendance, endorsing all remote work requests for the duration of the COVID-19 pandemic.

To ensure business continuity, staff working from home have received special instructions on how to access company assets: VPN, for secure connections, online data-sharing tools, such as OneDrive for documents and spreadsheets, and miscellaneous virtual workspaces.

Despite most customer-facing businesses being prepared for the Work-from-Home Exodus”, the data flood has taken a great toll on both ISPs and system administrators curating the organizational physical and logical data-transmission and handling resources.

In a bid to compensate for the increased data load, Internet service providers have already begun expanding the infrastructure and upgrading the software as necessary.

Distributed Workforce & Data Integrity Are Feasible

As outlined in Heimdal™ Security’s article on remote work planning and enforcement, upscaling is feasible. Still, we are left with two major issues: workforce distribution and the impact on business continuity and global revenue. The second issue refers to how data transmission is handled by individual endpoints.

Relying mostly on VPNs for data retrieval and/or modifications, sysadmins can easily become overwhelmed by the sheer number of data ‘contamination’ instances.

As we speak, connections resolved by VPN solution are marked as liabilities, since the service can no longer ensure confidentiality due to massive data surge.

One of the implications would be the fabrication of a ‘recognizable’ footprint, which can (and will be) used by malicious actors to intercept the information while in transit.

To circumvent this issue, sysadmins have begun reconfiguring the company-owned VPN services, in an attempt to accommodate all the requests. At this point, redesigning the network infrastructure could prove an exercise in futility, as it would mean committing considerable resources.

VPN technology has many benefits in terms of data privacy; however, when applied to such a large scale, it will inevitably lead to transmission breakdown and even data loss in some cases.

Naturally, with the VPN overwhelmed, the connection between the endpoint and the company’s server(s) becomes unreliable, increasing the risk of data leak via traffic sniffing or other types of malicious eavesdropping techniques.

DNS over VPN

At Heimdal™ Security, we believe that privacy should complement data security and that you need not sacrifice one for the other. Our studies reveal that both issues related to data integrity can be solved should system administrators chose to employ locally-deployed DNS over VPN.

Strictly speaking from a technical standpoint, connections resolved through ‘endpoint DNS’ are, by far, more secure compared to the one mediated by a VPN solution.

For some time now, cybersecurity experts have discussed the possibility of having all the traffic requests routed through a secure, company-owned cloud. This will not only decreased latency in sending data but will also increase the detection rate of malicious code hiding in random (background) traffic.

Thor Foresight Enterprise, Heimdal™ Security’s DNS filtering solution, addresses this very issue: although DNS and subnet masks are predefined, which precludes the use of VPN-type tunneling, this ensures that no malicious package evades detection, by blocking the connection to the Command & Control servers employed in malware dissemination.

In all regards, DNS outperforms company-owned and curated VPNs since it effectively adds an extra layer of security to your existing cybersecurity infrastructure.

DNS over VPN just one of the measures required to ensure business continuity during the COVID-19 pandemic.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Curating User Rights

Another ‘continuity’ vector that must be addressed is directly related to how businesses or rather system administrators handle users’ rights. Even if most of your staff work from home, the risk of insider threat remains the same if they retain admin-type rights. Unfortunately, there are cases where companies would grant employees admin rights during this work from home bout.

The reasons are not hard to comprehend: either the sysadmin hasn’t moved past the ‘close-contact’ rights management (admin has to manually input credentials into each endpoint) or the automated solution has major design flaws (semi-automatic responses, lack of rapid de-escalation actions, limited upscaling capabilities, etc.).

Insider threats can occur from anywhere in the world – we have moved passed the scenario whereupon ‘the bad guy’ has to be in contact with your endpoint for data exfiltration or to cripple the entire network.

Everything can be done remotely and the incursion can leave very little ‘fingerprints’ behind, this being the main reason why the digital forensics process has become so cumbersome, to the point that the investigator can do nothing but rubber-stamp the case.

Business owners, especially those operating SMBs, will try to ‘cut corners’ by using ‘home-bred’ solutions. In-house admin rights management solutions can behave in anomalous ways when handling requests mediated by external resolvers.

In other words, the solution can work like the proverbial Swiss watch when the endpoints are connected to the internal networks but can encounter various issues during these off-premises sessions.

These shortcomings can be solved by deploying a fully automated and remote admin rights management solution.

Thor AdminPrivilege™ can help your sysadmins review, manage, and adjust the users’ right from anywhere in the world and is fully compatible with any device running Microsoft Windows or Mac OSX.

Data integrity can be achieved through DNS over VPN, while workforce distribution can become a feasible ‘battleplan’ with the proper remote admin rights management solution.

Reducing downtime and reinforcing endpoint security with remote automated patching

Per Heimdal™ Security’s internal data, more than 80 percent of ‘exploitable’ security holes can be closed through patching. There’s a wide variety of patches available for download; some are ‘cosmetical’ in nature, addressing various visual and UI-related issues. Others may grant users access to pre-alpha features or enhance accessibility.

Security patches are vital and should occupy the ‘front-seat row’ of your company’s cyber-resilience plan. Ease of deployment and rapid upscaling are two major issues that create bottlenecks which, in the end, tend to create a security breach that can (and will) be exploited by malicious actors.

Throughout the COVID-19, the need for remote, autonomous patching, becomes even ‘more’ crucial – your sysadmins should focus on essential tasks, such as keeping the company’s IT infrastructure operational (capable of handling the unusually high number of requests) instead of having to manually apply security patches or perform system updates on each endpoint. There’s another consideration: if all employees choose to work from home it would be impossible for the sysadmin (and his team) to manually patch machines.

As always, our company’s recommendation is to deploy a remote and silent patching solution.

Heimdal™ Security’s X-Ploit Resilience module will automatically patch all your company-approved applications and software without your employees having to overburden the sysadmin with requests for rights elevation. The list of apps and software supported by our patching module is being updated each day. In addition, for companies using ‘home-made’ apps, the module accepts customizable .msi packages, which can be uploaded via the Infinity Management dashboard.

Automated remote patching with a small footprint reduces downtime due to unpatched apps/operating systems and improves the cyber-resilience factor, moving past cumbersome patch-deployment solutions such as WSUS and SCCM.

Miscellaneous

Of course, moving past DNS and user rights, one can always bolster the company’s cyber-resilience, by providing staff with data access alternatives. For instance, instead of allowing your work-at-home employee to connect directly to the company’s cloud or servers, you can use tools like OneDrive to ‘clone’ to documents and resources hosted on the cloud and/or in-house server.

During this WFH period, you should have your IT staff research alternative communication tools. Since most companies have decided to approve all remote work requests from concerned staff, Internet traffic has increased exponentially.

At this very moment, ISPs have already taken the necessary steps in order to accommodate all the connection requests – reconfiguring routes, upgrading the software, laying new fiber-link pathways, etc. Unfortunately, the technical implications of the “Work from Home Exodus” extend even further than that; most online communication and file-sharing services are having a hard time keeping up with the ever-fluctuating traffic.

For instance, Microsoft’s Teams has had several ‘misfires’ due to the high number of comm requests, most of them being video or audio calls. File-sharing and chat functions are also unreliable. Even Heimdal™ Security’s internal communications have been affected by this issue (see the attached image).

A short-term solution would be to switch to an alternative application: Slack, HeySpace, Winio, or Zoho Connect.

Wrap-up

The COVID-19 pandemic is far from over. However, according to the Chinese authorities, there may yet be a ‘break in the gloom’ as the number of confirmed cases has shown a drop in the last couple of days.

No doubt the perspective’s more than encouraging, but this doesn’t mean that we should stop observing lockdown rules.

Heimdal™ Security strongly advises you to comply with the health authorities’ recommendations, avoid crowded areas, wash your hands, avoid contact with people exhibiting COVID-19 symptoms, and report to your health provider ASAP if you feel that you may have been exposed to the infection.

Comments

COVID-19 IS INNOCENT!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP