COVID-19 Roundup: Channel Securing Remote Workers

Secureworks is helping organizations cope with business disruption and remote workforce expansion.

Edward Gately, Senior News Editor

April 2, 2020

7 Min Read
ADPnbsphas received various accolades for its work in promoting a diverse workforce Part of its diversity and inclusion focus is providing a flexible
ADP has received various accolades for its work in promoting a diverse workforce. Part of its diversity and inclusion focus is providing a flexible work environment, including onsite day care centers and discounts to offsite centers, as well as flexible work schedules and telecommuting. ADP committees and councils engage its associates in helping execute its Diversity & Inclusion priorities, including its annual Diversity & Inclusion Summit.ThinkStock

More organizations in the channel are stepping forward with offers to help remote workers deal with cybersecurity challenges due to the COVID-19 pandemic.

Secureworks is modifying its remote workforce security, incident response, and managed detection and response (MDR) solutions to reduce the financial burden and speed of deployment to protect vulnerable organizations. Those include health organizations, schools, and state and local governments.

Secureworks is offering the following solutions:

  • Flexible incident response to help organizations reduce response time in the event of an incident.

  • Rapid monitoring deployment services.

  • Remote access vulnerability to assess vulnerabilities more quickly so organizations can test the security of their remote work environment.

  • Remote consulting engagements to assist in establishing governance, business continuity and disaster recovery plans for remote work environments.

Maureen Perrelli, Secureworks’ senior vice president and chief channel officer, tells us her company’s solutions are designed to ensure partners and customers stay protected from opportunistic threat actors.

Perrelli-Maureen_Secureworks.jpg

Secureworks’ Maureen Perrelli

“First and foremost, we recognize the need for customers to rapidly adjust their security priorities as they adopt remote working practices, while not compromising their overall cybersecurity strategy,” she said. “We also have recommended that they stress to their employees that they stay vigilant and monitor cyberattacks that exploit COVID-19 and promote misinformation.

Perrelli said partners are better able to maintain business continuity and reach out to new customers with Secureworks solutions.

“As threat actors take advantage of the current COVID-19 environment, we have worked to ensure that our solutions promote growth and progression for partners as well as customers,” she said. “Using our rapid monitoring and deployment service, we provide partners additional peace of mind with their security so they can focus on new business opportunities and look toward the future,” she said. “Additionally, our flexible incident response program allows businesses to access security benefits, enable remote execution and mitigate cyber risk efficiently and cost-effectively.”

Vectra Protects Office 365

Vectra is offering its services for free through May 31 to detect Microsoft 365 account takeovers by identifying:

  • Infiltration and elevation: brute force, adding users and privileges to groups, and staging malware.

  • Reconnaissance: accessing files in unusual ways, and listing users, files and shares.

  • Persistence and evasion: installing apps to keep access, changing policy and logging, turning off data loss prevention.

  • Exfiltration and destruction: creating mail sinks, sharing and downloading files.

Vectra’s Cognito Detect uses AI and threat research to detect and prioritize attacks in real-time. This SaaS-based program delivers daily reports and the support of Vectra’s consulting analysts.

Geisler-Jennifer_Vectra.jpg

Vectra’s Jennifer Geisler

“We all need to be sensitive to the needs of people in this current environment.” Jennifer Geisler, Vectra’s CMO, said.

“This is an opportunity for a partner to work with their existing clients and offer a Vectra service for free that provides immediate value and understanding of the risks of this new work-at-home paradigm,” she added. “If the client sees a long-term value in the service, than we will work with the partner in converting that offer into a revenue stream.”

Microsoft 365 accounts provide direct access to files and data that are priority targets of theft or ransom, Geisler said. These accounts also provide cybercriminals the ability to move laterally to other users by either poisoning internal content or reply-jacking internal email threads, she said.

“Many products focus on preventing compromise of Microsoft 365 accounts and limiting the types of content shared in the cloud,” she said. “However, when prevention fails – as it inevitably will – visibility and detection to find and stop the compromises before damage is done is extremely limited.”

Microsoft 365 is now the largest attack surface to focus on, she said.

“Everything is there, and that is the new way to move laterally between users,” she said. “Therefore, it is going to get a lot more attention (it was already a prime target) than ever before. Again, visibility into what is occurring and what can go wrong are key.”

Higher Cyber Risk for Telecoms

More cybercriminals are targeting telecom companies striving to …

… keep services up for a dramatically increased remote workforce. Positive Technologies‘ analysis of real attacks against mobile network operators (MNOs) and subscribers shows on average there are more than 1,400 attempts on subscriber location tracking daily.

Eighty-six percent of networks are vulnerable to traffic interception where criminals can steal one-time passwords and account credentials. In addition, nearly 100% of networks are vulnerable to spoofing and impersonation, techniques that are used together with social engineering to commit fraud.

Michael Downs, Positive Technologies’ managing director of U.K. and EMEA, tells us MNOs have generally become more vulnerable to cyberattacks over the last three years, which means that their customers also are more vulnerable by extension. Cybercriminals constantly are evolving their hacking techniques at a faster pace than MNOs are deploying new protection measures, he said.

Sign up for Channel Futures’ new EMEA newsletter, where we feature news and analysis involving companies based in Europe, the Middle East and Africa, as well as those doing business in that region.

Downs-Michael_Positive-Technologies.jpg

Positive Technologies’ Michael Downs

“Security must be a priority during network design,” he said. “This is truer now than ever, as operators are tasked with keeping services running during the pandemic, and also as they begin to tackle construction of 5G networks. Attempts to implement security as an afterthought at later stages may cost much more. Operators will likely need to purchase additional equipment, at best. At worst, operators may be stuck with long-term security vulnerabilities that cannot be fixed later.”

Signaling attacks cause denial of service for customers. They also enable outsiders to track subscriber location, intercept text messages and obtain sensitive subscriber information, Downs said.

“These vulnerabilities have already been leveraged to criminally obtain access to bank accounts of network subscribers,” Downs said. “In some cases, attackers can also downgrade users to insecure 3G networks. Today, mobile operators do not have the resources and operator equipment to perform a deep dive analysis of traffic, which makes it difficult for them to be able to distinguish between fake and legitimate subscribers.”

Positive Technologies’ analysis of mobile networks has observed a low standard of security even in cases where expensive solutions had been implemented to filter signaling traffic.

“This speaks to the fact that a systematic approach to security has not been taken,” Downs said. “Proper network security is impossible without an understanding of both the relevant security threats and the holistic approach needed to resolve them.”

Lending a Hand

Other channel companies pitching in during the pandemic include:

  • Email security provider Vade Secure‘s new Current Events feature provides MSPs and administrators with increased visibility into all email traffic. This happens during a surge in all types of email communication, both legitimate and malicious.

  • Darktrace has made its full suite of solutions available for virtual deployment in direct response to the rise of remote working. Remote-working security teams can access cyber AI, letting them realize meaningful results in a matter of days.

  • HPE announced new virtual desktop interface (VDI) solutions for a number of its products to support remote workers. It also is offering customers flexible purchasing options to lower financial risk.

Read more about:

MSPsVARs/SIs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like