COVID-19 Roundup: Channel Securing Remote Workers

Written by Edward Gately
April 2, 2020

Secureworks is helping organizations cope with business disruption and remote workforce expansion.

More organizations in the channel are stepping forward with offers to help remote workers deal with cybersecurity challenges due to the COVID-19 pandemic.

Secureworks is modifying its remote workforce security, incident response, and managed detection and response (MDR) solutions to reduce the financial burden and speed of deployment to protect vulnerable organizations. Those include health organizations, schools, and state and local governments.

Secureworks is offering the following solutions:

Flexible incident response to help organizations reduce response time in the event of an incident.
Rapid monitoring deployment services.
Remote access vulnerability to assess vulnerabilities more quickly so organizations can test the security of their remote work environment.
Remote consulting engagements to assist in establishing governance, business continuity and disaster recovery plans for remote work environments.

Maureen Perrelli, Secureworks’ senior vice president and chief channel officer, tells us her company’s solutions are designed to ensure partners and customers stay protected from opportunistic threat actors.

Secureworks’ Maureen Perrelli

“First and foremost, we recognize the need for customers to rapidly adjust their security priorities as they adopt remote working practices, while not compromising their overall cybersecurity strategy,” she said. “We also have recommended that they stress to their employees that they stay vigilant and monitor cyberattacks that exploit COVID-19 and promote misinformation.

Perrelli said partners are better able to maintain business continuity and reach out to new customers with Secureworks solutions.

“As threat actors take advantage of the current COVID-19 environment, we have worked to ensure that our solutions promote growth and progression for partners as well as customers,” she said. “Using our rapid monitoring and deployment service, we provide partners additional peace of mind with their security so they can focus on new business opportunities and look toward the future,” she said. “Additionally, our flexible incident response program allows businesses to access security benefits, enable remote execution and mitigate cyber risk efficiently and cost-effectively.”

Vectra Protects Office 365

Vectra is offering its services for free through May 31 to detect Microsoft 365 account takeovers by identifying:

Infiltration and elevation: brute force, adding users and privileges to groups, and staging malware.
Reconnaissance: accessing files in unusual ways, and listing users, files and shares.
Persistence and evasion: installing apps to keep access, changing policy and logging, turning off data loss prevention.
Exfiltration and destruction: creating mail sinks, sharing and downloading files.

Vectra’s Cognito Detect uses AI and threat research to detect and prioritize attacks in real-time. This SaaS-based program delivers daily reports and the support of Vectra’s consulting analysts.

Vectra’s Jennifer Geisler

“We all need to be sensitive to the needs of people in this current environment.” Jennifer Geisler, Vectra’s CMO, said.

“This is an opportunity for a partner to work with their existing clients and offer a Vectra service for free that provides immediate value and understanding of the risks of this new work-at-home paradigm,” she added. “If the client sees a long-term value in the service, than we will work with the partner in converting that offer into a revenue stream.”

Microsoft 365 accounts provide direct access to files and data that are priority targets of theft or ransom, Geisler said. These accounts also provide cybercriminals the ability to move laterally to other users by either poisoning internal content or reply-jacking internal email threads, she said.

“Many products focus on preventing compromise of Microsoft 365 accounts and limiting the types of content shared in the cloud,” she said. “However, when prevention fails – as it inevitably will – visibility and detection to find and stop the compromises before damage is done is extremely limited.”

Microsoft 365 is now the largest attack surface to focus on, she said.

“Everything is there, and that is the new way to move laterally between users,” she said. “Therefore, it is going to get a lot more attention (it was already a prime target) than ever before. Again, visibility into what is occurring and what can go wrong are key.”