1-949-407-5125

We never share your data. Privacy Policy

7 Things You Should Keep Track of

Work From Home Cybersecurity Threats:

Having lots of users working from home is the new reality, and our common goal is to get through this time while minimizing the risk of data loss and security incidents. While your IT team is stretched thin with ensuring work-from-home productivity, you may lose sight of cybersecurity threats introduced both by your own employees and the growing list of opportunistic cyber-attacks.

Netwrix solutions address work-from-home cybersecurity challenges and help you detect malicious insiders and external attackers in time to stop a breach.

1

When working from home, a VPN service creates the most secure way of accessing corporate resources, provided that VPN sessions are carefully monitored. IT admins and security managers, already overloaded with tasks required to enable remote working, do not have the capacity to manually sift through noisy logs to detect suspicious VPN connections.


Netwrix Auditor cuts through the noise and provides easy-to-understand reports on successful and failed VPN logon attempts, detailing who initiated the session, what IP the authentication attempt was made from and when it occurred.

Suspicious Remote Access Connections

Abnormal User Behavior

2

With everybody is trying to adapt to the new “work from home” reality, the number of abnormal events in your IT systems has probably increased greatly — taking alert fatigue to a whole new level. You’ve got so much on your plate right now that it’s essential to have a clear, unified view of all anomalous behavior in your environment that enables you to spot compromised accounts or rogue employees and skip chasing down all the red herrings.


Netwrix Auditor’s Behavior Anomaly Discovery dashboard aggregates all alerts triggered by each account and provides a prioritized list of all users in your environment who are behaving abnormally. In just a few clicks, you can drill down and find out who is behind this — a malicious actor or a legitimate account owner triggering alerts by accident.

Privilege Escalations in Microsoft Teams

.  

3

Users in Microsoft Teams are often granted excessive privileges by negligent coworkers, who simply add them to a team to share access to files. While this may appear to be the easiest way to collaborate on projects, it also goes against the principle of least privilege.


Netwrix Auditor records all changes to Azure AD groups, allowing you to easily review them with team owners and catch changes performed maliciously or by mistake. 

4

Signs of Brute-Force Attacks

Brute-force attacks are an age-old tactic to gain access to your infrastructure by cracking credentials. It’s only a matter of time for these malicious attempts to be successful, no matter how strong your password policies are. As more employees work from home, the number of logon attempts in your environment is ramping up, allowing attackers to blend in. Therefore, you need to able to monitor both successful and failed logon attempts and spot true threats in all the noise.


Netwrix Auditor enables you to catch brute-force attacks in progress by reporting on each account that attempted to log on from several endpoints within a short period of time, as well as on multiple failed logon attempts by any account, either of which can indicate an automated attack.

5

Excessive Access Permissions on Sharepoint 

The urgent need to shift to remote work exposes an organization to increased risk from malicious insiders, who were just biding their time to act. To reduce the number of cybersecurity incidents involving your sensitive data (both stored on premise and in the cloud), you should ensure your users' access permissions are kept strictly in line with your business requirements.

 

Netwrix Auditor provides you with a convenient overview of the effective user permissions for all objects in your online and on-premise site collections to make sure that your sensitive data is not subject to unnecessary exposure. 

6

Possible Ransomware Activity

The pandemic has made people even more likely to fall for deceptions that hackers devise to exploit today’s anxiety and uncertainty. We’ve already seen a rise in COVID-19 related phishing emails, and ransomware is also back on the front pages. With criminals constantly inventing more sophisticated ways to propagate crypto-ransomware, you have to assume that sometime, somehow, it will get in, and be prepared to detect it early.


Netwrix Auditor allows you to set up threshold-based alerts to notify you immediately about activity indicative of a malware attack in progress, such as the modification of a large number of files in a short time, so you can take action to keep it from spreading and encrypting all the data it can reach. Even better, you can attach your own scripts to these alerts to automate response and contain ransomware attacks even faster.

Spikes in Failed Activity

A perceived lack of oversight when working from home may embolden employees to look for and try to access data that they are not supposed to work with. Multiple failed attempts by a user to log in or to access files and folders may indicate an insider is trying to access sensitive data without a legitimate reason. Being able to spot such incidents makes you more likely to prevent insiders from harming your critical data.

 

Netwrix Auditor allows you to easily detect these spikes in failed activity across your IT environment, thereby helping you spot illicit attempts to access or modify your sensitive data.

7

Want to learn more about how to bolster security in the work-from-home scenario?

Watch our webinar series «Remote Workers 101: Top 10 Things to Keep Track of», where Netwrix cybersecurity experts share tips on how to detect suspicious activity and prevent data leakage in a work-from-home scenario.

©2020 Netwrix Corporation

300 Spectrum Center Drive, Suite 200 Irvine, CA 92618

Work From Home Сybersecurity Risks:

We never share your data. Privacy Policy

7 Things You Should Keep Track of

Get the Free 20-Day Trial of Netwrix Auditor

1

When working from home, a VPN service creates the most secure way of accessing corporate resources, provided that VPN sessions are carefully monitored. IT admins and security managers, already overloaded with tasks required to enable remote working, do not have the capacity to manually sift through noisy logs to detect suspicious VPN connections.


Netwrix Auditor cuts through the noise and provides easy-to-understand reports on successful and failed VPN logon attempts, detailing who initiated the session, what IP the authentication attempt was made from and when it occurred.

Suspicious Remote Access Connections

2

Abnormal User Behavior

With everybody is trying to adapt to the new “work from home” reality, the number of abnormal events in your IT systems has probably increased greatly — taking alert fatigue to a whole new level. You’ve got so much on your plate right now that it’s essential to have a clear, unified view of all anomalous behavior in your environment that enables you to spot compromised accounts and skip chasing down all the red herrings.


Netwrix Auditor’s Behavior Anomaly Discovery dashboard aggregates all alerts triggered by each account and provides a prioritized list of all users in your environment who are behaving abnormally. In just a few clicks, you can drill down and find out whether an account has been compromised or the legitimate account owner is just triggering alerts by accident.

Privilege Escalations in Microsoft Teams

3

Users in Microsoft Teams are often granted excessive privileges by negligent coworkers, who simply add them to a team to share access to files. While this may appear to be the easiest way to collaborate on projects, it also goes against the principle of least privilege.


Netwrix Auditor records all changes to Azure AD groups, allowing you to easily review them with team owners and catch changes performed maliciously or by mistake. 

4

Signs of Brute-Force Attacks in Progress

Brute-force attacks are an age-old tactic to gain access to your infrastructure by cracking credentials. It’s only a matter of time for these malicious attempts to be successful, no matter how strong your password policies are. As more employees work from home, the number of logon attempts in your environment is ramping up, allowing attackers to blend in. Therefore, you need to able to monitor both successful and failed logon attempts and spot true threats in all the noise.


Netwrix Auditor enables you to catch brute-force attacks in progress by reporting on each account that attempted to log on from several endpoints within a short period of time, as well as on multiple failed logon attempts by any account, either of which can indicate an automated attack.

5

Excessive Access Permissions on Sharepoint 

The urgent need to shift to remote work exposes an organization to increased risk from malicious insiders, who were just biding their time to act. To reduce the number of cybersecurity incidents involving your sensitive data (both stored on premise and in the cloud), you should ensure your users' access permissions are kept strictly in line with your business requirements.

 

Netwrix Auditor provides you with a convenient overview of the effective user permissions for all objects in your online and on-premise site collections to make sure that your sensitive data is not subject to unnecessary exposure. 

Possible Ransomware Activity

6

The pandemic has made people even more likely to fall for deceptions that hackers devise to exploit today’s anxiety and uncertainty. We’ve already seen a rise in COVID-19 related phishing emails, and ransomware is also back on the front pages. With criminals constantly inventing more sophisticated ways to propagate crypto-ransomware, you have to assume that sometime, somehow, it will get in, and be prepared to detect it early.


Netwrix Auditor allows you to set up threshold-based alerts to notify you immediately about activity indicative of a malware attack in progress, such as the modification of a large number of files in a short time, so you can take action to keep it from spreading and encrypting all the data it can reach. Even better, you can attach your own scripts to these alerts to automate response and contain ransomware attacks even faster.

A perceived lack of oversight when working from home may embolden employees to look for and try to access data that they are not supposed to work with. Multiple failed attempts by a user to log in or to access files and folders may indicate an insider is trying to access sensitive data without a legitimate reason. Being able to spot such incidents makes you more likely to prevent insiders from harming your critical data.

 

Netwrix Auditor allows you to easily detect these spikes in failed activity across your IT environment, thereby helping you spot illicit attempts to access or modify your sensitive data.

Spikes in Failed Activity

7

Want to learn more about how to bolster security in the “work from home” scenario?

Watch our webinar series «Remote Workers 101: Top 10 Things to Keep Track of», where Netwrix cybersecurity experts share tips on how to detect suspicious activity and prevent data leakage in a work-from-home scenario.

©2020 Netwrix Corporation

300 Spectrum Center Drive, Suite 200 Irvine, CA 92618