Pricing Login
Interactive demos

Click through interactive platform demos now.

Live demo, real expert

Schedule a platform demo with a Sumo Logic expert.

Start free trial
Back to blog results

April 23, 2020 By Dario Forte

How SOAR helps protect remote workers from cyber threats

The current situation caused by the pandemic has affected the global health, economy, and also the cybersecurity sector. As hundreds of thousands of employees start working from home, hackers and fraudsters will undoubtedly try to exploit the vulnerabilities presented by poorly protected endpoints via home computers and devices. Malicious actors turn to all sorts of devious means to take advantage of unprotected devices, and this leaves entire organizations and businesses with a myriad of poorly protected devices that will certainly create many weak links in their cybersecurity chain.

The problem is obvious. Many organizations have been left with little or no control over the devices and computers their employees manage at their homes, leaving them with inadequate software protection, thus becoming exposed to devastating damage. And as companies desperately seek stronger control and protection over these endpoints, technologies that provide the power to control, orchestrate, and securely connect en masse from their homes are much needed. And the best technology that fits this description comes in the shape of SOAR.

How to deal with the increasing number of cyber attacks

We cannot control the number of cyber attacks we receive. What we can control is how we respond to those cyber attacks. The number of cyber attacks is drastically increasing, and with cyber threats becoming more sophisticated, organizations need to be well-prepared in order to respond to those attacks accordingly.

To put things into perspective and show just how devastating cyber attacks can be, one research from Checkpoint shows some of the most notable cybersecurity attacks that happened throughout the last year that reveals the ugly side of the digital world:

  • Over 770 million addresses and 21 million unique passwords exposed in a single hacking.

  • 620 million account details were stolen from 16 hacked websites and offered for sale on the dark web.

  • More than half a billion Facebook users’ records were found exposed on unprotected Amazon cloud servers.

  • Personal data from over 100 million users of an Indian search service was exposed after an unprotected database was found online.

And this is just the tip of the iceberg. The consequences of a successful cyber attack can be massive and cause devastating, irreparable damage to any organization regardless of type and size. That’s why, in light of the current conditions created by the COVID-19 outbreak forcing people to work from home, organizations need to think in a preventive manner and try to catch cyber attacks in the act, rather than remedy and recuperate after the attack has already happened.

But, given the spiking numbers of cyber threats (mainly phishing attacks, malware, ransomware, cyber fraud), and their sophisticated nature, how is one organization supposed to guard its remote workers against all cyber attacks at any given moment?

What are the most common remote work cybersecurity threats?

Even though remote working has been on the rise naturally over the past 15 years, the COVID-19 outbreak drastically increased the number of remote workers, and this meant that a new pattern of remote work cyber threats is also on the rise. Some of the most common threats that remote workers encounter are:

  • VPN-Brute force

  • Phishing attacks

  • Bypassing of multi-factor authentication

  • Insider threats

  • Browser-based attacks

Even though all of these threats are nothing new in the cybersecurity world, dealing with them from a remote-working environment is different, as many remote workers rely on cloud-based apps and data which creates more vulnerabilities. That’s why organizations need to think of new types of protection that will directly address the vulnerabilities presented by unreliable home or public networks.

What are the priority measures to ensure a secure remote working environment?

One of the first things to ensure a secure home-working environment is to collectively be aware of the necessary measures that need to be taken in order to make the transition smooth, effective, and secure. And of the main things to take into consideration are the following:

  • Protect endpoints and ensure secure home-office connectivity for remote workers

  • Help security staff to ensure continuity of operations

  • Provide secure access to remote applications

  • Founding criteria for a modern On-Prem and On-Cloud Data Protection strategy

More remote workers equal more loose ends. Hackers and other malicious actors know that remote offices are less secure, and they are eager to exploit every vulnerability to gain access to critical data. That’s why it’s important to take the appropriate measures to primarily protect all endpoints and make sure that all remote workers are connected to a secure network.

3 main things to consider when securing a remote working environment

While each and every organization needs to analyze its unique cybersecurity system, here are some fundamental things to take into consideration when securing a remote working environment:

  • Enforce strong multi-factor authentication.

  • Device & Mobile protection (notebook, phone, and tablet), as well as a secure VPN connection.

  • A "home" policy (on the model of the "clean desktop policy" in the company), in which the rules to be followed are clearly specified to avoid serious inconveniences, inadvertent that may occur since the situation is new and uncontrollable.

The necessity of working at home doesn’t look like it’s going away anytime soon, and remote employees need proper remote support protocols in order to minimize the risk and damage caused by cyber attacks. The goal is to keep critical data safe while also ensuring that remote workers have the freedom to keep on doing their regular activities.

In order to manage a new infrastructure that supports the long-term security of remote employees, SOCs and CSIRTs also need to be more efficient at monitoring, detecting, and preventing security incidents remotely. Protecting the endpoints or the security of any software, hardware, and other operating devices used by remote workers is a core priority. And unfortunately, in some cases, common security tools like malware scanners, VPNs, and firewalls won’t cut it.

How to secure remote work from cyber threats with SOAR

The math is simply - sophisticated cyber attacks can be prevented only by equally sophisticated technology. And, in the cybersecurity world, the technology with such contemporary capabilities to prevent cyber incidents in the act is SOAR. Here are some of the reasons to consider deploying SOAR as your first line of defense against cyber attacks:

  • Faster detection of cyber threats: The more time it takes to detect and respond to an attack, the more damage can be done. Without advanced cybersecurity technologies like SOAR, it will take far too much time to detect a vulnerability that may lead to a cyber attack. Thanks to its automation, SOAR allows SOCs and CSIRTs to drastically reduce the response time to threats, leaving attackers with little access time and preventing potential theft of valuable data.

  • Open Integration Framework: Cloud SOAR allows you to connect with over 200 of the most popular cybersecurity tools without ever disrupting the workflow of your organization.

  • Recognize false positives and false negatives: Given that many cyber threats actually turn out to be false threats or false positives, SOAR provides the capability to contain and mitigate alerts without having to create an incident, thus allowing analysts to have more time to focus on real threats without having to manually check every alert.

SOCs and CSIRTs can adjust the degree of automation they want to apply to their workflow processes, which allows them to identify repetitive, mundane, and low-risk tasks and apply full automation to these types of tasks.

And given that cyber attacks are increasing due to more people shifting to remote working, SOCs and CSIRTs need to be very quick and very efficient in order to prevent all cyber threats. Ultimately, SOAR allows SecOps teams to significantly improve the response time, frees up more time for analysts to focus on critical tasks, and empowers SOCs to better protect organization’s (and remote workers’) sensitive data.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Dario Forte

Dario Forte

VP & GM, Orchestration & Automation

Dario Forte started his career in IR as a member of the Italian police, and in that role he worked in the US with well-known government agencies such as NASA. He is one of the co-editors of the most relevant ISO Standard (SC 27) . Dario Holds 5 patents, he has an MBA from the University of Liverpool, plus executive education at Harvard Business School.

More posts by Dario Forte.

People who read this also enjoyed