Remote Access: Top 5 Threats
May 18, 2020 | Remote Access, Multi Factor Authentication
"Is Remote Access safe?" - the entire IT security community is pondering over this million-dollar question, thanks to the COVID 19 pandemic. In order to have an uninterrupted business process, the IT administrators are mandating employees to work remotely. In this scenario, the organized cybercriminals are creating their wonderland out of this pandemic situation to reap maximum illegal benefits from the vulnerabilities associated with remote work processes. ARCON has identified the top 5 remote access threats and has produced brief accounts on how organizations can mitigate those threats successfully.
- Poor Privileged Access, Authorization policies: Absence or poor privileged access control policy and user authorization mechanism results in employees accessing resources, applications or critical systems that they are not supposed to access. This is a major and serious loophole organizations leave in the remote IT infrastructure where the malicious actors misuse it by compromising privileged accounts and siphoning off confidential information.
Solution: A robust Privileged Access Management (PAM) solution can ensure that the IT administrators seamlessly monitor the privileged user activities and access is granted strictly on ‘need-to-know’ and ‘need-to-do’ bases.
- No multi-factor authentication of remote users: Multi-factor authentication (MFA) is a robust validation mechanism to authenticate standard IT users and elevated users like Privileged Users. Without MFA, organizations miss the strategic door that authenticates system based users while working remotely in any IT infrastructure and prevents suspicious third parties by denying access to the critical IT components.
Solution: MFA ensures that only legitimate IT users are accessing the critical systems in the entire IT ecosystem.
- VPN connections: Modern IT environment is getting too segmented. This has resulted in proliferation of privileged accounts and the IT threat vector has also expanded. The regular administrative tasks and increased data management tasks are managed through Virtual Private Network (VPN) Access which is traditionally more “trusted”. A VPN connection is unsecure on two counts though. VPN tunnels are vulnerable to hacking, which could give cyber criminals access to IP addresses and DNS servers. Secondly, a VPN connection can never establish the veracity of the end-users. In a backdrop, where a growing number of digital identities are accessing systems from outside the conventional data-center ‘perimeter’, there is no surety whether the remote user is legitimate or not. Attacks due to unsecure VPN connections can be devastating if the cyber criminals eye privileged accounts, the source of attack kill-chain.
Solution: ARCON Application Gateway server (AGW) uses the network overlays, network encryption, software defined perimeter and host based agents to establish a secure VPN-less connection. The tool suffices Zero Trust Network Access (ZTNA) framework. Access to systems is based on ‘identity’ along with other attributes and contexts such as IP address, geo-location, devices used, time and date. All in all, operational efficiency is maximized along with robust access monitoring.
- Poor Endpoint Privilege Management: The attack vector expands if endpoints are not monitored and controlled. Data misuse, data abuse incidents, corporate espionage, credentials abuse, data exfiltration incidents will rise exponentially if IT users (including remote users) have uncontrolled elevated privileges to Enterprise Critical Applications.
Solution: A robust tool like ARCON | Endpoint Privilege Management reinforces security that helps to create rule-based restrictive privilege for critical applications. The algorithms of Machine Learning in EPM identifies risk-based assessments of the privileged users who access critical applications regularly. As soon as ML identifies the risky user profiles, AI analytics generate risk scores based on those profiles and help the organization to take crucial post audit IT decisions. EPM tool also restricts privileged access only on “need-to-know” and “need-to-do” basis which helps the administrators control the user activities even while working remotely. ARCON | EPM makes sure that the privileged right is revoked immediately after the completion of the task. It helps implement just-in-time privilege practice. It removes standing privileges, which is a very risky IT practice. ARCON | EPM establishes a robust security component on and around the endpoint privileges and eliminates risk elements from the enterprise network.
- Malicious Insiders: Malicious insiders are likely to access confidential information without any intrusion alert. Under normal circumstances, internal employees with malicious intentions have an additional advantage of accessing database servers, application servers in the enterprise network as they are privy to confidential information. While working remotely, the circumstances turn more favourable towards them who apparently pose as authorized users and can access critical enterprise data assets. If the number of privileged users increases who are working remotely, then it invariably becomes a huge challenge for the IT administrators to manage, control and monitor their activities on a real-time basis.
Solution: The obvious way to overcome this challenge is to have a robust ARCON | User Behaviour Analytics (UBA) which can help the admin officers with a detailed analysis of the end-user behaviour. With the help of real-time monitoring, the administrators come to know who was accessing what, why, when and at what time. Any unusual or suspicious activity of any employee who is working remotely is notified to the administrator and the organization can take prompt and necessary actions before it is too late.
As many global organizations have adopted remote work culture in this pandemic situation, it is highly imperative that these organizations take adequate security measures to control every possible sophisticated IT threat. ARCON’s Privileged Access Management, User Behavior Analytics, Application Gateway Server, and Secure Remote Access are robust tools to ensure seamless remote access. The tools provide both resilience and agility to organizations.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Endpoint Privilege Management mitigates risks arising out of endpoints. ARCON | Secure Compliance Management is a vulnerability assessment tool.