Security Operations Center (SOC) as a Service providers always need to be ready for anything. No one, however, could have predicted 2020’s country-wide shut down with thousands of people scrambling to finding ways to work at home. Although each situation is unique, businesses and organizations fall into two general categories: those that were prepared and those that were not.
Sam McLane, Chief Technical Services Officer at Artic Wolf, says your clients with well-developed business continuity plans were ready to accommodate a suddenly remote workforce, including cybersecurity, to protect their networks. Unfortunately, many other organizations don’t address cybersecurity proactively.
“Most companies view cybersecurity as a responsive endeavor, and preparation and planning for bad get left to the side,” McLane says. “The level of maturity a company has with regards to cybersecurity is measured, in part, by how well integrated their proactive and reactive measures are linked, communicated, and practiced.”
“Organizations that had no plan in place, likely face greater risk exposure to cybersecurity threats because, they are more focused on keeping their business running on a day to day basis, and the cybersecurity threats that can arise,” says McLane.
Security Risks from a Remote Workforce
McLane says there is a major exposure when employees work from home on personal devices and using their own internet connections to access the corporate network and data. Issuing corporate-owned laptops can only solve part of the problem.
“Even with a corporate laptop, the consumer-grade modem and the internet connection itself — Wi-Fi, in particular — create risks,” says McLane. “A virtual private network (VPN) is a standard best practice that provides a secure, encrypted connection. Enabling multifactor authentication with the VPN adds another security layer.”
He adds that the misconception based on trust in the home environment creates another vulnerability. “People tend to let their guard down when at home and keep that guard up at the office or while traveling for business,” he explains. “Many employees who are new to working from home do not establish this boundary until something bad changes their perspective.”
SOC as a Service Providers Step Up
Organizations working with SOC as a Service providers have the advantage of a trusted advisor in their corner who is prepared to support them in disasters and emergencies. When workers are forced to work off-site, McLane says, “SOC as a Service providers should also have a renewed focus on patching vulnerabilities, implementing access controls, and a review of their VPN access policy.”
He advises SOC as a Service providers that the best tools to use at this time are the solutions you currently have in place. “Introducing new tools is always a challenge, and doing so when organizations are dealing with COVID-19 or other disaster could only introduce new operational challenges,” says McLane. “What MSPs should be doing is doubling down on the use of their electronic communication and ticketing tools and the documentation they place within them, so everyone has access to the information they need wherever they are.”
The Arctic Wolf Concierge Security Team recommends that SOC as a Service providers:
- Ensure that endpoint protection is deployed, updated and integrated into the SOC as a Service solution. Also, enable additional endpoint telemetry and remote containment by deploying agents to all endpoints. Arctic Wolf’s agent is available at no additional cost.
- Require multifactor authentication, especially for VPN and cloud services, and monitor activity. Strengthening authentication requirements is a key proactive measure that organizations can implement to minimize risks introduced by a remote workforce.
- If an organization makes changes to its infrastructure, notify the SOC as a Service vendor. Your partner’s team monitors activity and will alert you and your clients if they detect security issues, but informing them of infrastructure changes will help them be more proactive in addressing risks.
For a Time Such as This
McLane points out, “Due to the very nature of managing security operations for customers, SOC as a Service providers must always be prepared for business continuity in the event of emergencies or disasters.”
He says the current situation that workforces in the U.S. — and the world — are facing requires that you build your business on systems and tools that can be accessible by the entire team no matter where they are. When it’s business as usual, a stronger strategy will be in place, and if disaster strikes again, you’ll be ready.