Securing the hybrid workplace demands dynamic defense
Advanced preventive protection for cloud email, collaboration and storage With the massive shift to working from home and large numbers of workers entering a hybrid workplace, cloud-based collaboration and productivity tools have become ubiquitous at businesses around the globe. Although long envisaged, the hybrid model has exposed the complexity of securing the workplace on a practical level. Protocols, business processes and IT tools now have much more impact on good security, both for home and business networks, not to mention for mitigating increased risks from devices crossing between personal and business use. The year 2021 saw plenty of news around the large-scale hack of business platforms like SolarWinds Orion and intrusion campaigns targeting IT services companies that ran outdated versions of the Centreon IT monitoring tool. For many businesses, these events should have driven home the point that cyberthreats are increasingly targeting cloud-based systems, collaboration platforms, their users and the IT admins tasked with making it all run smoothly. These have been the very means that enable businesses to find additional efficiencies throughout the pandemic. While clearly critical, what few IT Admins and budget holders may have counted on was the scale of risks unleashed when entire service platforms were targeted by threat actors. In March 2021, the exploitation of Microsoft Exchange, in which ESET researchers identified more than 10 different threat actors or groups that likely leveraged the vulnerability, became a feast on unpatched internet-facing servers that sent shock waves across the IT industry. Are these large-scale threats distracting from threats closer to home? ESET’s T2 2021 Threat Report demonstrates that employees working remotely and using remote access tools like Remote Desktop Protocol (RDP) to access company data, tools and IT help are at high risk. In T2 (May-August) 2021, ESET detected 55 billion new brute-force attacks (+104% compared to T1 2021) against networks with public-facing RDP services. This is a sign of how critical RDP has become in the home and hybrid workplace.
This also demonstrates how critical security practices are when setting up, configuring, and using collaboration tools, servers and other business systems. Security is a twofold responsibility: the first on the part of IT admins, who set the rules and monitor activity, and the second on the part of a business’s staff, who use the tools but may waver in their security practices.
Cybercriminals cannot always be stopped from knocking at the door with their false wares. Thus, it is no surprise that phishing and fraudulent messages dominated the T2 2021 email threat scene, with the most heavily impersonated brands being Microsoft, followed by logistics company DHL, electronic signature service DocuSign and file sharing service WeTransfer. However, in their defense, security solutions can be deployed to detect and block these threats. Enterprise grade security for SMBs With the security burden only increasing in the second half of 2021, ESET has upgraded ESET Cloud Office Security with a powerful enterprise-grade tool, ESET Dynamic Threat Defense (EDTD), which directly addresses the problem of unknown threats with its zero-day threat prevention technology. The threat landscape is not static, and new threats arise every day; employees need to stay productive without their machines being slowed down by heavy processing tasks from security solutions. Once EDTD is set up, there is no need for admins or users to take any further action. EDTD decides whether a suspicious or unknown sample is benign or malicious by sending it to a cloud-based sandbox for analysis.
The cloud-based sandbox is precisely where EDTD can immediately show its value because it off-loads the processing power needed to detect new or unknown threats from employee machines to the cloud. Once in the cloud sandbox, suspicious samples are subjected to multiple machine learning models and robust detection techniques to determine a definitive outcome.
In the face of ever-present threats like phishing and malicious email attachments, organizations should keep track of news on the latest campaigns targeting corporate accounts. In this way, employees can be warned in a timely manner about what to steer clear of. But, what is more secure, is not to rely solely on employees’ security awareness and instead deploy a cloud sandbox solution like EDTD that provides a robust layer of protection, even against never-before-seen threats.
Image 1. ECOS dashboard view for ESET Dynamic Threat Defense
With EDTD engaged, ESET Cloud Office Security (ECOS) provides user-friendly administration and flexibility that is backed by enterprise-grade protection.
New behaviors require new security Rewinding to just prior to the pandemic, when businesses were hunting for additional security solutions, we would find ESET introducing ECOS. Bolstering security for Microsoft 365, including OneDrive and Exchange Online, ECOS proved easy to implement and manage for SMB and Enterprise customers alike. Within weeks of its launch, MSPs also offered ECOS in managed environments, simplifying security provision and reporting for cloud customers. ECOS has now been put through its paces, securing the very solutions intended to address operating costs, improve productivity and ensure business continuity. While the pandemic has cemented the use of many of these tools, increasing attention must be paid to securing them. Specifically, ECOS extends protection to Microsoft Teams and SharePoint Online. This is a big plus for SMBs which are operating in the cloud because it hardens protection for business continuity via the very tools that allow distributed work and collaboration.
What can ESET Cloud Office Security with EDTD do for SMBs? While the onus of properly configuring and securing infrastructure like Teams, SharePoint Online and Outlook lies on both service providers and their clients, these tools impact any and all of their users. When security incidents do occur on large platforms, which are now heavily used even at SMBs, we can expect super blooms of ransomware and other malicious campaigns seeking to leverage extensive periods of vulnerability and access exposed networks.
If you use powerful tools like Teams, SharePoint and Exchange Online, you have signed up for a role in securing your environment. While not all attacks and disruptions faced by organizations have stemmed from large-scale events, mitigating the impacts mirrors practices employed against common threats, and comes down to addressing the “what can be controlled” in a business’s own environment. Considering the near-universal uptake of productivity tools, a product like ECOS goes a long way in adding immediate protections for the most popular tools. Spam and malware For the benefit of IT admins who need to manage protection for 25 seats or more, ECOS delivers an effective multi-tenant and scalable service, protecting all major Microsoft 365 cloud services against malware, phishing and spam emails.
ECOS checks all incoming emails delivered to a customer’s Microsoft 365 inbox. Our award-winning antispam technology works as the first layer, filtering out spam messages with near-100% accuracy. The second layer is our malware scanner, which detects malicious or suspicious attachments. The third layer protects against phishing (anti-phishing). Learn more about these features here. Every file that is uploaded to OneDrive shared via SharePoint or transferred via Teams is checked using our powerful malware detection engine, which leverages the same technology as ESET’s endpoint solutions. If the engine detects a dangerous file, it is placed in quarantine, where it is accessible only by administrators; the user remains protected.
To back that up, admins benefit from ECOS’s easy-to-use cloud console, which gives an overview of quarantined items and immediately notifies them when detection occurs.
Images 2-3. ECOS dashboard views of detections and quarantined items
What else has ESET Cloud Office Security seen in its first year? Many businesses that have onboarded these indispensable productivity tools have enjoyed the confidence of knowing that the built-in security provided by Microsoft is sufficient to maintain business continuity, and, more broadly, to keep their systems safe. By Microsoft’s own account, a lot of “us” are on Microsoft 365 and Teams. As of Q3 2020, Microsoft reported 258 million monthly active Microsoft 365 business users and 75 million daily active Teams users. That’s on top of the 1.2 billion active users of Microsoft Office.
Their success also means the platforms are targeted in various ways from malicious macros in Word documents sent via Outlook emails to incidents of exploitation of Microsoft Exchange servers. Neither security by design nor Microsoft’s native security have completely stopped these security challenges. This is to be expected for such a large infrastructure and their outsized user numbers. As such, the use of these key Microsoft products strongly warrants users adding further security measures. ECOS is cost-effective, rapid to deploy and scalable across the entire range of business and institutional sizes.
Images 4-6. ECOS dashboard views for Exchange, Teams and SharePoint
In 2021, via ECOS’s many dashboards, IT admins were able to see threat types that slipped by Microsoft’s native security:
HTML/Fraud: A detection name covering a diversity of HTML-based content, distributed with the aim of gaining money or other profit from the victim’s involvement. This includes scam websites, as well as HTML-based emails and email attachments.
HTML/Phishing.Agent: A detection name for malicious HTML code often used in a phishing email’s attachment. When such an attachment is opened, a phishing site is opened in the web browser, posing as an official banking, payment service or social networking website. The website requests credentials or other sensitive information, which is then sent to the attacker.
DOC/Fraud: A detection name mainly covering Microsoft Word documents with various types of fraudulent content, primarily distributed via email. The goal of this threat is to profit from the victim’s involvement, often by persuading the victim to disclose online account credentials or sensitive data. Documents often contain links to websites where victims are asked to fill in personal data.
While malicious documents vectoring from email and malicious websites still comprise the largest proportion of threats to business ecosystems, we shouldn’t forget that these also track to newer SharePoint-based features that mushroomed in popularity under COVID-19. These files can and do make their way to SharePoint. ECOS for hybrid work Security culture, IT admin skills and system settings are critical to addressing the security demands brought by both hybrid work and the large uptick in collaboration and productivity platforms, as well as RDP. These realities mean more security is essential. The addition of EDTD now ensures immediate protection via additional cloud technology to protect not only computers within the company perimeter but also employees connecting from home offices or other remote locations. Via the analysis of unknown samples by EDTD, not only does the PC encountering the sample remain better protected, but all endpoints within the company perimeter proactively receive the same detection and protection. If a company requires improved security now, but its IT department is overwhelmed with work, simple automation of security is a key requirement. ECOS + EDTD supplies that. To find out more, try our interactive demo of ECOS here.