Monitoring remote traffic
Every network setup is different, and at Fox-IT we try to accommodate and integrate with these networks to the best of our ability. To ensure this flexibility, we ask customers to ensure that our sensors receive the traffic that is to be monitored. A lot of our customers ask us to monitor their office client-LAN. If that is the case for you, and your employees now work from home, the traffic of your employees might not be in monitoring scope anymore. Therefore, if you would like Fox-IT to monitor the traffic generated by employees at home, we kindly ask you to verify that your work-from-home VPN is in the SPAN of our monitoring sensors.
If you currently do not have a VPN set-up for your employees to connect them from home, we strongly recommend to do so. Please note that employees need to be thoroughly encouraged to actually use their VPNs. This can also be enforced by only allowing access to internal resources when connected over a VPN.
If you have made adjustments that you would like to verify, or if you need Fox-IT to add subnets to the monitoring setup, feel free to reach out. We kindly remind you that sensors have a maximum bandwidth, and the addition of these subnets can lead to an overloaded sensor. If you are unsure if this is the case for you, contact us.
Security awareness is important in times where employees are not working in the same space. Employees could previously check if that suspicious-looking e-mail was really sent by their colleague by just asking them at their desk. Now, that barrier has increased which could nudge employees to just accept whatever links and documents they get sent. That is not surprising: we have to send each other more links and documents now than ever, after all.
Moreover, Fox-IT has already observed malicious actors abusing the common concerns people have about COVID-19. New phishing campaigns use these concerns by sending fake news updates, or for example ‘infection free’ banking cards. Although these early attacks have usually been easily identifiable as malicious, there is no doubt more sophisticated attacks are soon to follow.
We recommend to inform your employees to keep the risks of their connectivity in mind, and to aid them in improving their security awareness where possible.
You can help your employees improve their security awareness by providing them with training, or by performing an awareness test. An awareness training can give employees something that we like to call ‘healthy suspicion’. A good training informs about the possible risks, but explains how one can handle suspicious situations so employees feel well-prepared. An awareness test provides your employees with a challenge and displays the benefit of training. Therefore, these two approaches complement each other well.
If you like, Fox-IT can help you in this regard. The Fox-IT academy has prepared remote awareness trainings, and our Red Team is available to put your employees to the test. If you would like to know more, feel free to contact by mail to firstname.lastname@example.org or by phone to +31 (0) 15 284 7999.