Marcus Whittington, Co-founder & COO, Sentrybay and Abhijit Mahadik, Director – Cybersecurity solutions, Raqmiyat, discuss the risks of enabling remote access from unmanaged devices and how Sentrybay’s solutions can help enterprises stay secure.
Are you responsible for IT Security in your organisation and worried about how to provide secure remote access for work from home?
Securing Home Working during the COVID-19 outbreak – VPNs from Home just not enough.
As things stand today on COVID-19 – there are widespread extended requirements for your staff to work from home over the next little while. Not to mention, the phrase “Work from home” brings-in fears not just on data security but also the risk of data pilferage from out-of-control end-user owned remote desktops/PC/Laptops that would be used as endpoints.
Remote access from unmanaged devices introduces elevated risks for a variety of reasons. Often these devices have a lower security posture, possibly out-of-date anti-virus or internet security software; they have a higher risk of compromise because they might be running counterfeit or unlicensed solutions, or they are operating from an untrusted network. The enterprise has little or no control over what software is running or has previously been executed on the device, and limited mechanisms for checking and addressing these deficiencies.
Ordinarily unmanaged devices accessing a corporate network will deliver a higher risk of stolen sensitive data (including corporate login credentials) from attacks involving keylogging, which, along with spyware is ranked the highest global malware, by the NTT Security Threat Intelligence Report. Other attacks to be wary of include screen capture / screen grabbing, man-in-the-browser, saved account detail harvesting, screen mirroring, man-in-the-middle, DLL injection, and RDP double-hop. In the midst of the coronavirus crisis, millions of more people will be accessing corporate networks in less than secure ways, increasing the risk exponentially.
Very common mode of connectivity from these remote devices to corporate networks today is VPN – whether to their office desktops or direct to application servers or for that matter even RDP. Is Working from Home VPN Safe?
A VPN does not protect the user from malware that records the keystrokes entered or takes pictures/videos of the user’s endpoint in order to steal data. They scrape up passwords, credit card and banking information, personal details, and more, to use in identity theft and other malicious deeds. Every piece of data entered into any applications used by the home-based employee/contractor/supplier e.g. word/excel/outlook/Office apps, corporate apps, browser, webmail, SaaS applications etc. – can be uplifted on the endpoint itself by malware – then sent out to the command and control server of the cybercriminal. In summary, all this data is stolen by cybercriminals before it enters the VPN tunnel. It will not prevent you from getting malware in the first place or prevent malware from being able to send your data out.
The malware can also record the login details used to access the corporate network which may be able to be used to enter the network, albeit this requires a more sophisticated attack. Users are also vulnerable to phishing attacks that may seem to emanate from the company or other bona-fide looking companies, in order to steal data. This data can be combined with the data harvested by keystroke logging malware to be sold and then used for more sophisticated attacks targeting the end user or the company.
Ideally, given that many companies are asking employees to work remotely with virtually no time for preparation, they should look for products that can be deployed quickly (i.e. within 24 hours) and which do not involve specially configured software or hardware – a simple download and install from pre-configured software is the preferred option. This means selecting proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive corporate data. It is also important that there is access to a portal that allows simple configuration by administrators.
Additional sensible security measures on unmanaged machines include login credential checking and advanced mechanisms to identify malware C2 communication. Just as people are wearing facemasks for personal virus protection these days, the protections mentioned here are the device facemasks appropriate in the risky circumstances that coronavirus is presenting.
Raqmiyat, is an authorised reseller of Sentrybay, to provide secure work from home solutions to the entire GCC region. “As the coronavirus outbreak continues to spread across the world, organisations are closing offices and mandating remote work arrangements. During this challenging times, organisations are struggling to provide secure ways to provide a secure work from home solutions. By partnering with Sentrybay, we are offering unique and secured work from home solutions to help our customers respond to this challenge without sacrificing their security posture.” said Abhijit Mahadik, Director – Cybersecurity solutions at Raqmiyat.
Our unique solutions solve the misery of end-point cleaning, protection and control. If you have environments supporting BYOD or unmanaged end-points (far off locations, third-party like contractors, vendors etc.) connecting to corporate network to access corporate resources – challenge is to get them cleaned-up and update-to-date to latest AV signatures.
How is SentryBay different? Unlike others who worry about cleaning & protecting the end-points/PCs, SentryBay worry about data security and leave the PC aside as it is not in your control and uses patented technology of anti keyloggers and anti-screen captures to achieve this.
Armoured Browser from SentryBay provides a browser on Mac & Windows – a very unique & secured browser that provides anti-key logging & anti-screen capture and anti-screen scrap features thus enabling a secured browsing environment for sensitive work to be done irrespective of key-logging and screen-capture malware on the PCs.
One good thing with this solution is that it creates separate user & desktop sessions and leave no-trace upon closing. With the enhancements to the solution, it could be installed as a pseudo-remote access solution to lock down use of, say, Office365/SaaS apps/browsing etc. It can also be deployed for Citrix, Vmware or any other remote access solution deployed.
“We have seen a huge surge in demand worldwide, and lot of interests in the UAE for this very niche & unique solution from Sentrybay. Some of our largest banking clients have added licenses in the past week – specifically to enable more employees to be quickly equipped to work from home due to the Coronavirus threat”, said Marcus Whittington, Co-founder & COO Sentrybay.