The Risks of Returning to the Office

With many states now opening up and restrictions being eased in others, companies are getting ready to ease employees back into the office. No doubt they are thinking carefully about sanitization of premises, reconfiguration of spaces, how to arrange workflows to lower the amount of human contact, and other essential aspects of the return to office life. What many don’t realize, however, is the danger posed as soon as user devices begin to operate within the firewall.

Those devices have been living in the wild for a year. Who knows what kind of exotic creatures they may have run into? A good number carry malware. If the bad guys penetrated a laptop, they may be quietly waiting for its return to home turf. Why take a low-percentage shot at bypassing corporate security from the outside when you can wait a few months and exploit systems from within?

Consider the fact that little or no planning was involved when Covid-19 restrictions forced staff to work from home. Companies had anywhere from a few hours to a couple of days to scramble before state mandates shuttered their premises. Once home, IT faced a mountain of help desk requests. In some cases, they were forced to accept the lesser of two evils: Rather than deny users access to the network, they permitted some to operate with consumer-level applications and operating systems. Windows 10 Pro laptops, for example, are not designed for the enterprise. But that was what the user had available.

Another Catch-22 surrounded administrative privileges. It’s one thing to restrict admin privileges when you are behind the firewall. But many home workers couldn’t download what they needed unless IT relaxed restrictions. Perhaps it was only to download a printer driver or a tool to enhance productivity. Whatever the reason, the sanctity of administrative privileges may have been compromised.

The bottom line is that the laptops of the work-from-home brigade could already be weaponized in preparation for the return to headquarters. Admin privileges granted for that printer driver installation may now be in the hands of the bad guys. Therefore, it is vital that organizations take steps to prepare themselves for the havoc that could manifest upon employee return.

What Steps to Take

Before staff return, it is advisable to upgrade your vulnerability scanning and patch management systems. Those systems must be of sufficient caliber to safeguard the network on several fronts.

As soon as a laptop is docked on the office network or tries to access the office WiFi, it needs to instantly be detected and identified. It is not enough to set up a scan at 10 am every morning to check for rogue or new devices accessing the network. If a user doesn’t log in till 10.30 am, almost 24 hours will have passed before IT is alerted about a questionable device.

By then, an attack may have been carried out or the bad guys could have entered and burrowed into some dark corner of the network where they can study company habits, finances, intellectual property (IP), and other assets unobserved. Instead of scans scheduled daily, then, the system must be able to detect laptop presence immediately.

What happens then? That device must be isolated so it cannot contaminate servers and other devices. It should be quarantined until fully scanned, patched, and all vulnerabilities and threats removed. Vulnerability and patch management systems, therefore, should be capable of accessing quarantined devices to clean them up in such a way as to not put the network at risk.

Patch scans should verify that all critical patches have been installed. If not, the device remains in quarantine until all high priority or security related patches are up to date. Additionally, a thorough security scan should check for any vulnerabilities. This should include checking for installed software that is really a backdoor, or applications installed by the user that have a backdoor hidden within. Check, too, for untrusted processes and software running on any device, as well as extra privileges granted to users during an emergency.

What Your Solution Should Do

Scanning and patching tools should be able to terminate rogue or suspicious processes automatically, or leave them running in a sandbox to collect evidence for investigation purposes. Remember that the SolarWinds attack could have infected just about any software. No device must be allowed to access the network until all such matters have been fully resolved.

Attention should also be paid to group memberships such as the local administrator group. The security system should be alert for new user being added to such groups, or administrative accounts being modified. It should be possible to suspend suspicious accounts until fully verified and approved.

One further aspect should be mentioned. It is likely that upon their return, more than a few users will be up in arms that their laptop can’t access the network. They correctly want to be productive immediately. A raft of quarantined devices could send emails flying and see help desk calls spike. It would be wise to prepare a bunch of loaner laptops to hand out to employees to enable them to hit the ground running.

How Syxsense Can Help Your Business

Syxsense fulfills all of the above duties. As well as being a comprehensive vulnerability scanner, it offers IT management and patch management on one console.

Additionally, the newly released Syxsense Cortex Covid Readiness Job protects corporate networks from devices that reconnect with unauthorized software installed, outstanding patch vulnerabilities, or open security vulnerabilities.

Syxsense Cortex recognizes device returning to the corporate network and immediately quarantines them from communicating to other network devices. While the device is isolated, Syxsense Secure maintains a direct connection and scans the device for vulnerabilities, alerts IT staff of issues, installs updates, modifies settings, removes risk factors, and then restores the secured device to connected status.

Why Syxsense Cortex?

Endpoint protection has become an increasingly important security concern in a world where there are so many ways to access, share, and look at information. In fact, almost 70 percent of breaches occur at the endpoint, which presents a challenge to overstretched and overworked IT departments that have more threats to deal with than ever.

Worse yet, breaches are rarely a one-time event. Almost 30 percent of companies with one breach have another breach within two years. Furthermore, the average breach cost runs in the billions of dollars — and most IT departments can take up to 200 days on average to identify a security breach.

To help you plug all those holes, Syxsense Cortex is a next-generation visual IT and security management process automation technology that simplifies the complexities of IT and security practices with an easy-to-use, drag-and-drop interface that can harden your company’s IT defenses without the need for large teams and specialists.

Syxsense Cortex offers always-on technology that never takes a day off or even a break — because we all know that cyber criminals never stop working.

As a complete endpoint security platform, Syxsense Cortex shows you what’s happening right now as well as potential security issues down the line, turning all that data you’re collecting into something of an IT crystal ball. You may not be able to prevent attacks from happening, but Syxsense Cortex gives you the power to deal with your company’s IT security on your terms, not theirs.

Intelligent IT Hyperautomation

At the forefront of the Syxsense Cortex product is visibility, security, and peace of mind in environments that are ever-changing. Instead of convoluted policies and complicated risk assessment capabilities that are always one step behind, Syxsense Cortex provides intelligent IT hyperautomation for companies that want to leverage information they already have for a true sense of the changes and risks that are out there. It’s real-time security for an always-on, always-changing world, and Syxsense Cortex helps you stay ahead.

With the power of the Syxsense Cortex Processor, you can process more information faster than you would ever be able to do otherwise, allowing you to leverage new or existing resources to do more with less. By parsing and bringing in data through complex workflows, you’ll be able to immediately understand any risk relative to your environment, which helps increase visibility even when you’re paying less attention.

When action has to be taken, Syxsense Cortex Jobs allows you to execute multi-step actions directly at the endpoint, reestablishing control or eliminating the risk in ways that best suit the nature of the data risk. Better yet, Syxsense Cortex can provide proof of the eliminated risk, minimizing the need for exhaustive follow-up or other acknowledgements of a data breach.

Stay One Step Ahead With Syxsense Cortex

By processing automation at the endpoint, Syxsense Cortex leverages your own data to trigger responses or actions.

Never again wonder about your true vulnerability state, the status of your networks or devices, or what processes are running — Syxsense Cortex allows you to realize the benefits of automation with intelligent endpoints, monitoring and alerts that will keep you in the know on potential threats and any changes that occur to your environment. You can start with pre-built templates for monitoring and patching, or set up alerts to cue you when it’s time to take action.

With Syxsense Cortex’s hyperautomation, you’ll get everything you need to manage your company’s IT, including Covid-readiness, VM-host patching, server and device monitoring, complex multi-stage patching, evaluating images for updates and risk reduction.

Automate Your IT Demands

Unlike other IT management tools that trade one confusing interface for another, Syxsense Cortex utilizes a convenient, drag-and-drop designer to allow easy, automated responses to the vulnerabilities that threaten your network. With simple logic and intelligent endpoint triggers that ask questions in real time, Cortex allows you to trigger an appropriate action based on an ideal workflow.

When it comes time to grant approvals, Syxsense Cortex’s granular control gives you the power to delay or confirm action before taking the next step. For those that are responsible for monitoring job conditions, real-time approval is given to administrators so that the right action can be taken now or pushed to a later time.

After identification and approval, Syxsense Cortex Actions does all the heavy lifting for you so that you can spend less time managing it all. From security and patching to software deployment, process blocking and scripting demands, just about any action can be offloaded and taken care of without constant babysitting.

Syxsense Cortex leverages your data to trigger real-time responses.

Prioritized Risk Mitigation

With Syxsense Cortex, you get it all — accurate knowledge, proactive responses, and simple implementation of all important IT policies and rules.

For vulnerable access points, risks are identified, prioritized and addressed in real time, with as much or as little oversight or hands-on management as your organization sees fit.

The power of Syxsense Cortex allows you to leverage intelligent endpoints that are constantly in communication with the rest of the network, waiting for an action or input.

Try Syxsense Cortex Free for 14 Days

The best part about Syxsense Cortex is that it’s free to try for 14 days. For most, it only takes a short while to realize the benefits of Syxsense Cortex. From comprehensive threat alerts and quarantining capabilities, Cortex provides real-time security management with both OS and third-party patching for all your company’s devices.

Get up and running quickly and realize the benefits of tools such as live device location maps and device timelines to really understand the state of your network historically and in real time. Administrators won’t be hampered by artificial user limits or missing support for crucial IoT security issues, meaning that no network is too large or complicated for the benefits of AI-driven decision making.

Not Just Syxsense Cortex

In addition to Syxsense Cortex, here at Syxsense, we’re also dedicated to providing IT security solutions that integrate all the tools you need into one, easy-to-use interface. As the first IT management and security solution that brings together vulnerability scanning and patch management capabilities into a single interface in the cloud, Syxsense Secure is yet one more way that you can harden your IT security against all threats.

We call it the future of threat prevention, but all you need to know is that you’ll get the ability to stop breaches, patch and quarantine devices and collaborate with others in the IT department to identify and close attack vectors. With the Syxsense line of products, you can stay informed, manage, and take action with the click of a button.