{"id":109716,"date":"2020-04-20T06:00:51","date_gmt":"2020-04-20T13:00:51","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=109716"},"modified":"2020-08-07T15:21:00","modified_gmt":"2020-08-07T22:21:00","slug":"cortex-remote-access-security-risks","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/04\/cortex-remote-access-security-risks\/","title":{"rendered":"Five Remote Access Security Risks And How To Protect Against Them"},"content":{"rendered":"

COVID-19 has upended our way of life, and in doing so, has unleashed a Pandora\u2019s box of new cyber threats. Security teams not only face the universal challenges imposed by this crisis, but must also overcome unique obstacles such as protecting a newly remote workforce and stopping pernicious attacks targeting remote users. <\/span>Here are five top security risks that teams must deal with, as well as technology and user education best practices to keep users and data safe:<\/span><\/p>\n

 <\/p>\n

1. Weak remote access policies<\/span><\/h2>\n

Once attackers get access to a virtual private network (VPN), they can often penetrate the rest of the network like a hot knife through butter. Historically, many companies deployed VPNs primarily for technical people needing access to critical technology assets. Not so much the case anymore \u2013 VPNs are often encouraged for all users as a more secure connection than home or public networks. The problem is that many legacy firewall rules enable access to practically everything in the network. <\/span>We\u2019ve shared examples of this type of vulnerability being exploited by disgruntled former employees<\/span><\/a>, and it can just as easily be exploited by attackers.<\/span><\/p>\n

Recommendation: <\/b>It\u2019s critical that companies enforce access based on user identity, allowing specific groups access to only what they need to get their jobs done, and expanding access from there on an as-needed basis. You can also reduce an attacker\u2019s ability to move laterally through the network with network segmentation and Layer 7 access control, patching internal servers and clients and leveraging advanced threat prevention capabilities and antivirus to block exploitation attempts. These Zero Trust principles can help limit your exposure.<\/span><\/p>\n

Resources: <\/b>Learn the <\/span>5 Steps to Zero Trust<\/span><\/a> and extend this methodology to your remote access policies.<\/span><\/p>\n

 <\/p>\n

2. A deluge of new devices to protect<\/span><\/h2>\n

Global \u201cstay at home\u201d policies have forced many organizations to purchase and ship new laptops and other devices to their newly remote workforce. Some organizations are allowing employees to temporarily use personal home devices for business purposes. This surge in new devices presents unique challenges for security teams. Teams must ensure that these devices are protected against malware and viruses. With a geographically distributed workforce, they need to make sure they can install, manage and support security products remotely.<\/span><\/p>\n

Recommendation<\/b>: If you haven\u2019t done so already, start by extending endpoint security \u2013 both endpoint protection as well as detection and response capabilities \u2013 to all of your remote users. Consider endpoint and network security solutions that are designed for geographically distributed workforces, such as cloud-native approaches. These solutions should block endpoint threats such as malware, exploits and fileless attacks, but also detect risky behavior, such as employees using unauthorized desktop sharing applications at home. Limit corporate network access to only trusted devices (e.g., those who meet defined criteria through host information profiles).<\/span><\/p>\n

Resources:<\/b> Find out how <\/span>Cortex XDR<\/span><\/a> provides the best protection available against endpoint attacks, and see how <\/span>Prisma Access<\/span><\/a> extends network protection to remote devices.<\/span><\/p>\n

 <\/p>\n

3. Lack of visibility into remote user activity<\/span><\/h2>\n

With the sudden explosion in remote workers, security teams must monitor a new host of endpoint devices for malware, fileless attacks and a flurry of threats targeting remote users. However, many security teams lack visibility into remote user activity and into east-west traffic inside the network, so they can\u2019t detect advanced threats from remote users or identify an attacker jumping from a compromised user\u2019s machine to hosts inside the network. <\/span>Security analysts \u2013 like the rest of the workforce \u2013 are often also working from home<\/span><\/a>, which exacerbates existing SecOps challenges such as managing siloed detection and response tools and pivoting from console to console to investigate threats. This combination of problems makes it easier for adversaries to slip under the radar and carry out their attacks.<\/span><\/p>\n

Recommendation: <\/b>Rather than invest in point solutions, consider security platforms that maximize integration between systems, limiting the amount of switching between tools and providing visibility into all data \u2013 including remote user activity. <\/span>Extended detection and response (XDR)<\/span><\/a> not only protects endpoints, but also applies analytics across all your data to find threats like unusual access or lateral movement, and simplifies investigations by stitching together data and identifying the root cause.<\/span><\/p>\n

Resources:<\/b> Find out how <\/span>Cortex XDR<\/span><\/a> can detect and stop attacks involving remote users by integrating with <\/span>Prisma Access<\/span><\/a>, <\/span>Next-Generation Firewalls<\/span><\/a> and third-party security products.<\/span><\/p>\n

 <\/p>\n

4. Users mixing home and business passwords<\/span><\/h2>\n

Users have a bad habit of reusing passwords over and over again. They are either unaware or negligent of the risk that one site gets hacked, their password gets published somewhere like pastebin.com, and boom \u2013 attackers now have access to all of their accounts, including their corporate ones. With a remote workforce, this problem becomes exacerbated by employees using personal devices and networks with much lower standards of security than their corporate-controlled alternatives, making it easy for attackers to access company data.<\/span><\/p>\n

Recommendation<\/b>: If some on-premises network and email security mechanisms are no longer available, security teams should double down on educating users to identify phishing attempts and to choose strong, unique passwords, encouraging the use of a password manager. They should also implement client certificates and multi-factor authentication in order to prevent attackers from gaining access through unsecured devices.<\/span><\/p>\n

Resources: <\/b>Learn how <\/span>security profiles<\/span><\/a> in Next-Generation Firewalls and Prisma Access can help you enforce multi-factor authentication and block network-borne attacks. See how <\/span>User-ID<\/span><\/a> and credential theft prevention can stop workers from using corporate passwords in non-corporate websites.<\/span><\/p>\n

 <\/p>\n

5. Opportunistic phishing attempts<\/span><\/h2>\n

Phishing is still the number one way to gain access to corporate networks. A global pandemic provides the perfect conditions for phishing, as adversaries often use fear, urgency and panic as tools to pressure people into clicking malicious links. <\/span>Coronavirus-based spam<\/span><\/a> is now being used as a lure and the over-communication and panic will cause some users to click practically anything.\u00a0<\/span><\/p>\n

Recommendation<\/b>: Again \u2013 <\/span>user education is paramount<\/span><\/a>! Make sure everyone in your company knows how to identify and report suspicious links and emails, and that they are being extra cautious during this time both with their business accounts and any personal accounts that they may be accessing on their work computers. Make sure your email security is up-to-date and that your endpoints are protected to help prevent and detect malware.<\/span><\/p>\n

Resources: <\/b>Learn how the cloud-delivered <\/span>WildFire\u00ae malware analysis service<\/span><\/a> \u2013 which is built into Cortex XDR and many other Palo Alto Networks products \u2013 aggregates data and threat intelligence from the industry\u2019s largest global community to automatically identify and stop threats. Additionally, <\/span>URL Filtering<\/span><\/a> blocks access to malicious sites to help prevent phishing attacks.<\/span><\/p>\n

Learn more about how Palo Alto Networks can help you <\/span>secure and protect your remote workforce<\/span><\/a>. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Learn technology and user education best practices to protect a newly remote workforce and keep remote users safe from common security risks.<\/p>\n","protected":false},"author":370,"featured_media":108494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[6737,111,6833,102,506,73],"coauthors":[3907],"class_list":["post-109716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-cortex-xdr","tag-ngfw","tag-prisma-access","tag-remote-access","tag-url-filtering","tag-zero-trust","net_sec_category-next-generation-firewalls","sec_ops_category-must-read-articles"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/03\/IMG_2009.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/370"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=109716"}],"version-history":[{"count":3,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109716\/revisions"}],"predecessor-version":[{"id":109719,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109716\/revisions\/109719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/108494"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=109716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=109716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=109716"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=109716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}