The new capability is a free addition to the EventTracker platform, and is designed to spot irregularities among dispersed Work From Home employees.
Netsurion has strengthened the Work-from-Home capabilities of their EventTracker SIEM platform, with the addition of Remote Workforce Threat Detection as a core component of the platform. It is thus available at no charge to EventTracker customers.
Remote Workforce Threat Detection is an upgrading and a consolidation of capabilities that were in the EventTracker platform before.
“This is not all spanking net new,” said A.N. Ananth, Netsurion’s president. “5% of the workforce has always been remote, and we have been able to address that because we are software and on the endpoint. Right now, however, 75-80% of the workforce is now remote. For them to be productive, it became clear that we really had to gird for the long haul, and had to solve for capacity on the VPN. VPNs are being used 10x what they were before.
“In addition, with extra dependence on many of the cloud systems, particularly around Teams, and GSuite, rather than a simple password you also needed to account for their authenticators. So what we decided to do was put all off the assets we have into this new Remote Workforce Security feature.”
Remote Workforce Threat Detection is specifically designed to provide visibility and protection around the Microsoft 365 and Google Suite productivity solutions, Single Sign-On authentication solutions, including Okta, Cisco Duo and Microsoft; VPN solutions from Cisco, Palo Alto Networks, Fortinet, and SonicWall, and Remote Access via RDP.
“The bad guys figured out organizations have enabled remote access to your equipment, so they are trying to get in with attacks on VPNs and remote enabled resources like RDP,” Ananth said. “These have gone up big time. It has made a juicy target for ransomware.”
Remote Workforce Threat Detection also looks for COVID-19 related phishing attempts.
“COVID-19 related phishing is going gangbusters,” Anand said. “Usually this time of year, phishing is focused on tax refunds. Now it’s on COVID topics like a COVID cure.”
Ananth gave some examples from the early returns.
“One customer in Ft. Lauderdale told everyone to work from home, and Remote Workforce Threat Detection found a log-in from Cuba,” Ananth said. “In this case, it turned out that the company has a real employee who lived in Cuba, so it turned out to be a false alarm, but identifying this kind of suspicious incident is what this is intended to do.”
Other incident reports turned up cases where the company IT wasn’t aware of where people went.
“They found people who were at places which were not listed at their homes on their W-2 form, where they went to their parents home or somewhere else,” he said. “But we have also found logins from China and Russia, mainly because many people use the same password for this network they used elsewhere, so if it’s compromised somewhere else, the bad guys get the keys to the kingdom. This has resulted in some surprises for the IT team.”
The end user installs the endpoint-based software agent with an installer from the Web site, if they are willing and able to do so. If they aren’t or if they forget, there is a back door to enforce compliance.
“We have the right to install it on their device if an employee doesn’t want to do that, but there are other ways we can get them, when they contact the company, like with the company server or another VPN that we do have control over,” Ananth said. “Ideally we would like both.”
The new capability, as a free part of the EventTracker SIEM, is aimed at their traditional market, from larger SMBs through the midmarket.
“We don’t play at lower end of the market, although MSP partners do sell into that space, but we don’t play at the Citibank end either,” Ananth said. “We have two classes of customers. One is a single location with perhaps 150 employees, 60-70% of whom are at home. At the higher end, you have maybe 5000 employees now at multiple locations. Netsurion is well known in the franchisee space, and we are strong there.”