COVER ALL ASPECTS OF THIS HIGHLY TARGETED THREAT VECTOR
Ensuring that people have access to systems and data necessary for their roles, while also preventing inappropriate access in a more automated way, is a constant effort.
Depending on how security controls are implemented, remote work can bring significant risk to an organization due to potential varied devices, applications, access avenues, and means of conducting business. The scale and increase in functions of remote workers mean that this potential vulnerability is at the top of many attackers’ lists.
TrustedSec’s Remote Worker Assessment includes a review of policies, processes, and tools that must be working in harmony to attain best practices. Once established, these controls must be baselined, automated, and tested against the most likely attack vectors. TrustedSec has broken down the assessment into multiple phases, depending on the needs of the organization.
TrustedSec will review the policies, processes, and procedures by which remote access is authorized, approved, monitored, audited, and revoked when no longer needed. Areas of review include:
- Measuring to manage risks of mobile devices
- Identity and access for resources and organizational assets
- Protection of information at remote sites
- Password management
- Onboarding, termination, or change of employee responsibilities
- User awareness
- Email protection
- Endpoint detection and response
- Encryption controls for data-at-rest and in-transit
- Regulatory alignment
Proper endpoint hygiene now requires converting existing Group Policy processes to cloud-based configuration management in order to maintain control over endpoints and enable configuration management at scale.
To save time and resources, TrustedSec will help convert and review configuration management tools, including Azure Desired State Configuration (DSC), System Center Configuration Manager (SCCM), or Remote Monitoring and Management (RMM). This process includes:
- Converting traditional management of endpoints with Group Policy to DSC policies or other appropriate endpoint management technology
- Performing a CIS benchmark assessment of each policy and the base configurations in place
- Ensuring that remote access policies and processes are designed to both protect the organization and the individual
- Remediating the policies to best integrate CIS controls, promoting proper cyber hygiene
The TrustedSec Endpoint Security Review service provides focused cyberattack simulations using real-world tactics, techniques, and procedures (TTP). The assessment can employ specific goals or blended threat scenarios to test the effectiveness of the hardening procedures.
TrustedSec delivers an integrated approach to assess your Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to endpoints. This may include:
- Ensuring that multi-factor authentication (MFA) is required for access to sensitive resources (webmail, VPN, etc.)
- Attempting to boot alternate media
- Attempting to access hard disk offline (verifying any disk encryption)
- Checking BIOS passwords
- Attempting common man-in-the-middle (MitM) attacks
- Identifying potential avenues for local privilege escalation
- Validating endpoint security solutions (Antivirus, Endpoint Detection and Response, blocking access to cloud storage, etc.)
- Validating corporate wireless security settings
- Validating local firewall configuration
- Validating read/write restrictions to external media
Validating that the Map Network Drive is restricted