Starting on February 3, many enterprises have successively started the "cloud office" mode. With the extension of the telecommuting front, various new security threats have gradually emerged after experiencing a surge in VPN access demand and video congestion due to flooding and hung-up. Baishan cloud technology security team provides remote office security solutions for the majority of enterprises free of charge to ensure the security of enterprise data assets.
Scenario 1: There are hidden security risks in VPN accounts
Attackers use employees to log in to VPN remotely to simulate employee logins, using various methods such as VPN forced login, remote login, SMS bombing, account sharing abuse, and non-working hours login to attack the corporate intranet.
Scene characteristics:
-High data sensitivity, requiring privatization deployment
-Unified data access, including business data and office environment data
-VPN access requests surged 20 times, only using two-factor authentication
-Lack of analysis of behavior after VPN login
-I hope to use a system to solve the problem as a whole and reduce costs
Implementation Effect:
-Identified several daily threats of VPN forced login
-Discovered account sharing abuse
-Demonstrated employee dial-in incident with a poisoned VPN
-Realize real-time analysis of employees' VPN login behavior and strengthen behavior analysis
-Found that the VPN login SMS verification code interface was abused, there was SMS bombing, and stop loss in time
Scenario 2: Unknown digital assets are prone to security risks
Attackers usually conduct comprehensive information collection on attack targets, such as port scanning and domain name discovery. If enterprises do not comprehensively sort and protect their assets, services and digital assets exposed on the public network may easily become the targets of attackers.
A large central enterprise
Scene characteristics:
-Urgent demand, insufficient professional security personnel
-Weak security system construction, lack of defense in depth
Implementation Effect:
-It is found that many services of the office network are exposed on the public network, and the protection black hole is filled in time
-Found a fatal attack on the JenkinsRCE vulnerability exposed in the internal container platform of the public network and entering the core system of the internal network, and provide traceability verification
Scenario 3: Office system is maliciously attacked
As the main auxiliary software for remote office, OA, CRM, mailbox and other systems store a large number of core data of production and sales of enterprises. The vulnerabilities of office systems are often used by attackers to initiate attacks such as command injection, probe scanning, and 0day.
A large central enterprise
Scene characteristics:
-Heavy reliance on multiple online office systems
-The office system stores a large number of core data of enterprise production and sales
-The requirement does not cause any impact on the business
-Hope to find unknown threats, especially data leakage
Implementation Effect:
-Discover personal privacy data leakage in internal financial reimbursement system to avoid serious losses
-Discover data leakage of internal OA system, including sales data, meeting records, etc., to avoid serious losses
-Bypass traffic access, does not affect the business?
Scenario 4: Risk of information leakage in the interaction between the office system and the cloud
During the remote office integration process between the enterprise and the third platform, data is exchanged through the API. Due to the lack of a security monitoring system based on the final flow and security monitoring of the interactive data, there is a risk of leakage of sensitive data.
A game company
Scene characteristics:
-Integrated remote office with a third-party platform, data exchange through API
-Lack of security monitoring of interactive data, there is a risk of leakage of sensitive data
-Lack of safety monitoring system based on final flow
Implementation Effect:
-It is found that there is leakage of mobile phone number and user ID information in the API communicating with a cloud service, and rectification in time to avoid further losses
Baishan Cloud Technology Remote Office Security Solution
-Through AI-based streaming security big data analysis, automatically discover possible security threats in the office system and improve the security of enterprise remote office
-Real-time bypass access, including: office network traffic mirror access, log access (VPN, bastion machine, Wi-Fi, etc.)
-Automatically analyze the traffic and logs through the algorithm engine to discover various security risks and attack threats
-Identified threat events can be handled in conjunction with serial devices or blocked by interceptors