Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Securing Remote Work Setups in the Age of COVID-19

Azure Sentinel News Editor by Azure Sentinel News Editor
November 24, 2020
in SIEM
0
The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security
3.9kViews
471 Shares Share on Facebook Share on Twitter

Assuming that many VCRM readers are finding themselves responsible for managing the IT infrastructure of remote staff as well as their own setups, Paul Schackenburg shares some practical steps to improve the security of this “new normal,” based on his experience in helping clients transition to remote work.

Last month I provided some tips based on my long experience in working from home, since then the U.S. and many other parts of the world have been feeling the effects of COVID-19 a lot stronger.

This article will give you some practical steps you can take to improve the security of this “new normal,” based on my experience in helping my clients transition to working from home. I’m assuming many readers are in the situation of managing the IT infrastructure of working from home staff as well as themselves working from home.

Back to Basics
Communication is key for managing everyone’s expectations. Make sure the IT team sends out emails, Teams or Slack announcements, holds video conferences or uses other ways of letting everyone know where the IT systems are at. As I stated in last month’s column, IT is definitely at the center of keeping businesses working during this pandemic and this is the time to show everyone that technology is the foundation for keeping businesses running. Then you need to remind everyone that the bad guys are using this situation to attack businesses of all sizes.

Communication goes the other way too; make sure your users have easy ways to communicate back to you about security issues as well as be able to forward suspicious emails.

Because many new and different procedures have been implemented in a hurry there’s a greater risk that cleverly worded phishing emails will be opened or that Business Email Compromise (BEC) will succeed. BEC is where attackers have managed to get a foothold in your organization, perhaps into someone’s email system. By watching normal email traffic they can set up a tailored email, for instance from the CEO to the CFO asking for money to be wired somewhere to close a deal. Or bank account details for a supplier can be changed (to the attacker’s details). These types of attacks are much more likely to succeed in the current situation and your best protection is user awareness through security training.

If your users are connecting from personal computers (or work computers that you now can’t easily manage) make sure users update their browser to the latest version (and don’t use Internet Explorer). While you’re at it make sure they update Windows, other application software and do the same on their phone. Yes, this is a big ask for non-technical users, but you simply can’t allow the lack of physical presence to result in out-of-date software.

Since it’s likely that other family members (including curious teenagers) will be around, teach your users to use the Windows Key + L to lock their screens when they leave their PC for a break, and use a PIN for their smartphones/tablets.

If your users are storing business data on their local PCs (as they process it) make sure you disseminate instructions (as well as external hard drives or cloud backup accounts) on how to back up this data and their systems.

Connectivity
Many businesses still use VPN technology for Work from Home (WFH) scenarios, particularly where a lot of company data still exists on-premises. But these VPN systems may have had to be scaled up from a small subset of staff that access them regularly to a much larger group of people. Make sure you pay particular attention to logging and reviewing this access as this could be a vector for attack.

On the other hand, if your organization is well on its way towards the cloud, many of your business applications and data lives in the cloud. But the access patterns for these will have changed with most people now accessing these from their homes rather than the office or the road. If you haven’t considered using a Cloud Access Security Broker, now would be a good time to implement one. (I am aware that minimizing change is another imperative during these times but a security breach due to lack of awareness of what’s going on with your SaaS systems and data will lead to “a lot of change” in very short order).

One CASB that’s quite easy to get started with is Microsoft Cloud App Security (MCAS) that’s part of Microsoft 365 licensing. Not only will it give you insight into the cloud app usage of your users, it has a catalog of over 16,000 cloud services with a rating of what they offer as far as security, privacy, regulations etc. This will help you deal with Shadow IT and also block SaaS applications that are putting your business at risk. MCAS will also help you apply policies for data classification of files and can block risky sessions. The big strength of MCAS over other CASBs on the market is the integration with Office 365 and other security solutions in Microsoft’s portfolio.

If you don’t have a SIEM in place consider implementing one. The main challenge with security (such as the VPN attack vector mentioned above) is that if you don’t have centralized monitoring and log aggregation you don’t have visibility, effectively blindfolding your defenders. I have found Azure Sentinel quite easy to get started with and it provides monitoring of Office 365 with a single click. AWS CloudTrail log monitoring is also easy to set up in Sentinel and is free until the end of June 2020. Because Sentinel is cloud based it’s quite quick to get up and running and the pricing is competitive with other solutions on the market. It’s also got a strong community providing different plug-ins and playbooks to enhance Sentinel.

Make sure you have means to access user’s PCs at home for helpdesk scenarios or to assess security issues they may bring to your attention. If you don’t have anything in place, Windows 10 has a built-in feature called Quick Assist that lets you connect and see their screen.

There’s also the built-in Steps Recorder where a user can step through an issue they have and send you a recording of the steps in a ZIP file.

Even better is to eliminate passwords as the weakest link by enabling Multi Factor Authentication (MFA), sometimes called Two Factor Authentication (2FA). This means that in addition to having the username and password you also need a device (normally a smartphone but it can also be USB key or similar device) to login to a service. MFA is free in Office 365 for instance (with very little adoption unfortunately) and I’ve had good success with my security-conscious clients with Duo Security. One particular deployment has a Remote Desktop host running in Azure with users accessing it all day, for their work and I sleep like a baby at night because I know there’s no way to get in to that server apart from acknowledging a prompt on a smartphone.

The endgame is of course to get rid of passwords altogether but that’s probably not feasible in the current situation.


If your users took their work PCs home, there might be some worry about domain joined computer account passwords if they’re not connected back to the corporate network using a VPN and thus can’t access Domain Controllers. This recent article should lay to rest most such fears — the short version is that the client PC password check will “wake up” after the default of 42 days, but if it realizes that it can’t access a DC it’ll go to sleep until it can.

Conclusion
I hope some of those tips are useful for you and as we all continue to battle through this pandemic I trust you, your loved ones and your business users stay safe both in the physical world and the digital world.

Reference: https://virtualizationreview.com/Articles/2020/04/29/secure-remote-work.aspx?Page=2

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

February 8, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
Vectra AI and Microsoft partner on security integration

Vectra AI and Microsoft partner on security integration

Microsoft and Docker collaborate on new ways to deploy containers on Azure

Microsoft and Docker collaborate on new ways to deploy containers on Azure

Microsoft Releases Azure Sentinel, a Cloud Native SIEM, to General Availability

Check Point Software Technologies Recognized as a Microsoft Security 20/20 Partner Award Winner for Most Prolific Integration Partner

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

What’s new: Microsoft Teams connector in Public Preview

Ingest Fastly Web Application Firewall logs into Azure Sentinel

3 months ago
Vectra AI and Microsoft partner on security integration

Azure Sentinel Learning Path Now Available

2 months ago
Azure Sentinel All-In-One Accelerator

Azure Sentinel All-In-One Accelerator

4 months ago
Enriching Windows Security Events with Parameterized Function

Azure Sentinel Analytics Rule to Keep Track of Cloud Shell

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News