Locking Down Exposed Services With a Remote Workforce


Kevin Diffily, Product Marketing Manager at IntSights

The COVID-19 pandemic has shown signs of easing up in certain geographies around the world, but many employers are still erring on the side of caution and encouraging remote work for non-essential employees. This has created new perks and challenges alike for office workers, as they attempt to navigate altered family dynamics and ad hoc home workspaces to maintain productivity and hit their goals.

But the newly-minted remote workforce is not alone in experiencing drastic changes to their ordinary workflow. Threat actors have taken advantage of the COVID-19 pandemic, easily circumventing lax home security protocols and infiltrating common corporate collaboration tools. The growing dependence on SaaS platforms for standard business operations has left many organizations vulnerable and scrambling to shore up their network defenses.

Cyberattacks Rise as Businesses Grapple With Remote Work

YL Ventures' The CISO Current Report: Q2, 2020 noted a sharp increase in cyberattacks as remote work has become more common, and 47 percent of CISOs were accordingly concerned with data exfiltration so long as their employees remained largely remote. YL Ventures reported a 96 percent spike in phishing attempts, a 19 percent increase in supply chain attacks, a 15 percent jump in attacks against VPNs, a 17 percent uptick in data exfiltration attempts by insiders, and a 15 percent rise in vulnerability disclosures.

These numbers offer a sobering reminder to security teams that they simply cannot control cyber activity that occurs beyond their perimeters. As long as employees are forced to work from home for their own safety, the risk of suffering a devastating data breach or cyberattack grows. CISOs can get one step ahead of their adversaries by using Cyber Threat Intelligence (CTI) to identify and validate threats targeting their organizations and shut them down at the source.

Using Cyber Threat Intelligence to Secure Exposed Services

CTI enables security teams to completely flip their defense strategies from reactive to proactive. With automated, real-time, and actionable threat alerts appearing in their feeds every day, security practitioners can analyze the threats that pose real risk to their organization and take them down before they evolve into full-fledged attacks.

The IntSights External Threat Protection (ETP) suite has a feature that enables organizations to mitigate the risk of exposed services by identifying them proactively. Our sophisticated algorithm detects exposed DevOps servers, like Microsoft Azure Active Directory, and uses enhanced Github monitoring capabilities to identify leaked code. The exposed services feature uses domain assets to find publicly exposed relevant services. This includes internal or limited access platforms that are accessible outside of the organization: internal login pages, databases, servers, and services like Jira or Confluence.

Security teams are facing an unprecedented challenge in their response to remote work. However, they can save themselves from a potentially devastating cyberattack or data breach by employing a CTI solution that offers exposed services detection, enabling them to thwart attacks in the making.

Sustaining Partners