Helping Companies Track the Remote Work Journey

By

Nico Fischbach

Global CTO

Forcepoint

As I talk to security leaders, whether that means CISOs, Chief Risk Officers (CROs), or Data Protection Officers (DPOs), it’s clear that many companies are tracking against a similar journey as they adapt to a new way of working. Ultimately, success often depends on partnership and strong ties with other key leaders in their organization, especially the CIO or CTO. If we consider last week as the starting point in the timeline, here’s what company security and IT infrastructure leaders are working through

Week One – A network-centric and communications medium focus

Our customers who had a business continuity plan to rely on started there. At this stage in the journey, customers focused on enabling remote workers and on scaling Internet access and VPN capacity to accommodate large groups of remote users. Next, they started to dive into access-to-application capacity testing as well as making access rules more granular (for example at a country, departmental or when possible, at the application level) to make sure NGFWs and VPN access scaled to meet overall business needs while managing security exposure. This first part was about ensuring enough bandwidth to support a massive wave of remote workers in short order. Next was making sure to enable collaboration at scale, by operating in near-real time when it comes to e-mail, instant messaging and file sharing, with a good user experience when it comes to audio and video conferencing.

Week Two (the current week we’re in) – Focused on application access

For many customers, this week is consumed by ensuring access to both legacy and cloud apps at an extended level. And this includes getting a handle on the SaaS applications that have been activated to address bottlenecks or gaps identified during week one. It’s about making sure business runs smoothly across the company and the friction can be reduced as much as possible. This may mean rolling out broader remote access to a larger number of workers who need to access legacy apps through a VPN. It may also mean making existing cloud apps available to larger groups of employees, or rolling out a video conference solution from select departments to the whole company, or maybe wider access to collaboration apps. There’s a sense of urgency to ensure all employees have access to the tools that help them get work done remotely and adjusting to the local “office” constraints, e.g. the capped bandwidth limits at home or the shared use of computers in some cases.

There’s a risk on this front I’m warning customers about: the sense of urgency also extends to remote workers. They are eager to get access to the apps they need to be effective, which sometimes means creating accounts to access free or premium versions of cloud apps, i.e. shadow IT making a comeback. Also, in times like these, where employees might be setting up apps, they may fall victim to sophisticated phishing attacks that look remarkably like the legitimate setup processes they’re trying to work through. End result, security teams should expect increases in phishing attacks meant to hijack employee credentials. It’s a good time to remind employees of this reality to help them be better prepared.

Week Three – Time to fine tune, focus on data and a first “lessons learned” review

Next week, as companies start shifting from a critical operations business continuity mindset to one that is more business-as-usual -one that is likely to last-they will most likely focus more time and energy around fine-tuning and making access to networks and applications more granular, as well as reviewing their security posture to include their data protection needs. It’s a given that most companies leveraged the cloud to help scale over the past few weeks.

In week three, I also expect some customers to focus on data protection. As more employees access cloud apps and want to overcome bandwidth limitations by storing data locally, there will be a greater need to get a handle on how to secure the workarounds: employees using personal cloud storage solutions to store work-related files if they didn’t have access to the corporate editions, or employees emailing work-related files via their personal free email accounts to circumvent file size limitations. In many cases, that means researching data loss prevention (DLP) solutions as well as how cloud access security broker (CASB) solutions could help with their brand new or expanded and distributed hybrid IT system.

Beyond technology, this is a time to assess lessons learned from invoking business continuity to better understand what to transfer to “business-as-usual” operations in order for the business to move ahead. As an example, at Forcepoint we analyzed data gathered during our remote work tests from a couple weeks ago (we shut offices two consecutive days pre-lockdown to test work-from-home at scale) to assess where we need to put more resources, validate processes and identify gaps early – as a leadership team. It’s also showing us which areas of the business are experiencing little to no impact. Understanding this data also tells us where we need to revise our business continuity plan or if our plan is working as designed.

Some companies don’t have a complete business continuity plan in place or they may need to update the one they have. As this becomes the new way of working for the foreseeable future, this is a foundational aspect of keeping a business operational. Additionally, good business continuity plans can also help mitigate negative long-term impacts to business.

ATEN offers remote working solutions to face COVID-19 pandemic head-on

Bengaluru, India – March 26, 2020 – ATEN, the leading provider of AV/IT connectivity and management solutions, offers remote working solutions for enterprises to stay afloat amid the Covid-19 pandemic.

The sudden outburst of COVID-19 has enterprises grappling for suitable work from home solutions for business continuity. The major challenges that enterprises now face with remote working deployment are excessive software installation and configuration, interrupted internet access, lack of necessary remote accessibly features for professionals and equipment cost of building a remote working environment.

“Companies are heavily relying on remote working solutions for business continuity. The most feasible solution for employees now is to work from home. With the integration of ATEN’s CN series KVM over IP Switches, offering highly secured and mission-critical function, users can ensure safe working from anywhere without having to install external software. ATEN’s affordable and durable over IP server management solutions assures users with operational dependability and efficiency. Our portfolio of remote working solutions apart from being cost-effective also ensures security of business by letting teams work remotely from home,” said Vittal Salunke, PSM- IT at ATEN.

The safest cost-effective solution that ATEN offers is a KVM over IP device namely ATEN CN9600/CN8000A KVM over IP solution.

The solution is economic, easy to set up and highly secured. It provides Point-To-Point Signal Extension Over IP which enables users to simultaneously access different servers and virtual machines over the Internet with low latency without sacrificing performance. Dual LAN and Dual power for redundancy with Bios-level access and Centralized management. It allows system operators to monitor and access servers from remote locations using standard Web browsers or Windows and Java-based application programs and is especially suitable for IT administrators who manage the servers, IT network & IT infra for internal DC or server room. The solution is equipped with advanced security features such as TLS 1.2 Encryption and Third-party Authentication.

Apart from the KVM over IP solutions, ATEN is also offering the ATEN UC9020 StreamLive HD All-in-one Multi-channel AV Mixer which seamlessly integrates all broadcasters’ need for live streaming into one compact device. It is the perfect solution for schools and academic institutions which are facing challenges due to the COVID-19 pandemic as it allows for a steady e-learning environment. By live-streaming classes and lectures, teachers and professors can now reach students anywhere.

# # #

For more information on CN9600, click here

For more information on CN8000A, click here

For more information on UC9020, click here

 

About ATEN India

ATEN India is the liaison office of ATEN International Co., Ltd., the leading provider of AV/IT connectivity and management solutions. Offering integrated KVM, Professional Audiovisual, and Intelligent Power solutions, ATEN products connect, manage, and optimize electronics in corporate, government, industrial, educational, and retail environments. ATEN has 579+ issued international patents and a global R&D team that produces a constant stream of innovative solutions, resulting in a comprehensive portfolio of products available worldwide. ATEN recently won the “2019 HR Asia’s best employer Award” (best companies to Work for in Asia 2019) awards.

At the forefront of the seamless integration of A/V with IT, ATEN’s advanced ability to quickly develop customized solutions in KVM, Pro AV, PDU, USB, and data communication lines allows the company to build products that connect, manage, and optimize products based on customer need. ATEN’s comprehensive portfolio of innovative, reliable products is available worldwide, with local India support. For more information, visit: www.ATEN.com and follow ATEN India on LinkedIn, Twitter and Facebook.

Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild

On March 23, Microsoft released an advisory for two vulnerabilities in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Although the name of the ATM library came from an Adobe developed tool, ATM Light, Microsoft included native support for the ATM fonts with the release of Windows Vista in 2007. These vulnerabilities, therefore, exist within Windows’ native integration for support of PostScript fonts.

Exploitation of these vulnerabilities could lead an attacker to gain code execution on a vulnerable machine after a user on that machine opens a specially crafted document or viewed that document in the Windows Preview pane.

Microsoft’s advisory reports that due to active exploitation of un-patched vulnerabilities in the Adobe Type Manager Library, Windows users are urged to apply Microsoft’s suggested workarounds to reduce risk until a proper fix can be made available in April’s Patch Tuesday.

Tenable provides a full analysis here.

Tips for Securing and Enabling Large Groups

By

Carl Eberling

Chief Information Officer

Forcepoint

As the COVID-19 (Coronavirus) continues to affect globally, many companies to implement work from home plans to keep its employees safe and restrict the spread of the disease. At the same time, businesses are investing on the technology infrastructures to enable employees be prepared to ensure business continuity of their customers in securely and effectively from any location in the world.

Here are some tips to secure and enable remote workers:

• Rely on your organizations’ emergency preparedness or business continuity plans.

               Now’s not the time to re-invent the wheel. Use this opportunity to validate work from home security and 

               capacity assumptions.

• Understand workflows by department to better understand what applications those groups of employees need to get their jobs done.
• Implement a rolling work from home policy for a limited number of employees or locations at a time in order to test access by department or work type.
• Spend time thinking through your communication strategy. Will you communicate at the department level? Regional or office level? How will you communicate the most important updates to all employees?

 

• Test your security plans for both access and capacity.

                Key here is to think through how well your existing security strategy scales to accommodate a large                            increase in remote workers.

• Are you factoring in requirements for on-premises, cloud applications and hybrid environments your employees need to access to do their jobs?
• Does your single-sign-on platform incorporate appropriate levels of security? If not, what gaps need to be addressed?
• On the cloud application front: do the cloud applications your employees use have appropriate levels of elasticity? Can you easily scale to hundreds or even thousands of users to support bursts of users?

 

• Test your VPN for both security and capacity.

               A strong VPN strategy is a foundational piece of keeping people and data secure. This is even more true as 

               organizations plan to accommodate large groups of remote workers.

• Understand the total number of remote workers you need to support and plan a 2x VPN capacity of that number to ensure consistent operations.
• Test for security and capacity at the department level. What applications do marketers need to use compared to developers or finance and accounting? Like mentioned previously, a rolling work from home program can help you test at this level.
• Create separate private, performance-focused VPN connections for dedicated groups of employees to accommodate critical work. For example, you may create a specific VPN for accounting team members to access during end of quarter activities. Or you may create a specific VPN for development team members to accommodate their building key feature enhancements to internal core business applications.

Emergencies like these happen and that’s why organizations create business continuity plans in the first place. Companies need to use these opportunities to validate and scale work from home assumptions. Make sure your VPN and broader security strategy covers all applications your workforce needs to do their jobs no matter where those applications reside. Following the above tips can go a long way to ensure organizations’ security without sacrificing employee productivity.

ATEN conducted their First Customer Excellence Summit for valued Channel partners in Bengaluru

BENGALURU, India – March 19, 2020 – ATEN, the leading provider of AV/IT connectivity and management solutions, recently hosted the 1st Customer Excellence Summit (CES) in Bengaluru for their valued channel partners in the southern zone. CES is a networking conference focused on enabling and empowering ATEN’s technology and business partners. The agenda of the event was to recognize top SI partners, introduce new products as well as to induct new SI partners to the ATEN family.

The event kick-started with ATEN presentations on how the southern zone was faring. Mr. Vijay Joshi, Director Cubix Micro System, and Mr. Ravi Khemani, Branch Head RP Tech, ATEN’s India National Distributors, also had an experience sharing session with the 110 attendees present at the event.

“CES acts as a good medium to connect with our channel partners and to showcase our latest products and solutions to them. It brings all our partners under the same roof and provides us with an opportunity to acknowledge and recognize their efforts. We would like to thank all the partners who joined us for the event and are looking forward to achieving many more milestones in the business together,” said Sunayana Hazarika, Manager- Marketing at ATEN.

In the course of the event, the Top 9 SI partners namely Progility Technologies Pvt Ltd., Actis Technologies Pvt Ltd., BT Convergence Technologies Pvt Ltd., AV Designers, AV Integration Distribution Pvt Ltd., Vinayaka Network Solutions (VINS), Aditech ICT Pvt Ltd., Dataforce Technologies Pvt Ltd., Wystek Systems technologists Pvt Ltd., and Top 2 emerging Regional Distributors from the southern zone namely EIS TechInfra Solutions and Team5 Technologies Pvt Ltd., were accorded with ATEN’s Passion for Excellence 2019 awards for AV as well as IT business in various segments.

ATEN also conducted a live product demo of their latest products for their valued partners. The products included in the demo were ATEN Unizon video matrix switches for centralized connectivity, Product UC9020 for live streaming, and VP series seamless presentation switches. ATEN also conducted Static demo session for products namely ES0152P Network Switches, PE8108G Intelligent PDUs, USB C Docking Stations, USB Extenders, Video Splitters, Quad View KVM Switches, and Video Wall Controllers.

The event was aimed toward creating connections together and to further equip the partners to actively pursue the latest in professional Audio Visual and Integrated Experience Solutions. In the coming months, ATEN plans to host Customer Excellence Summit for their valued partners in north, east and western zones in India.

# # #

About ATEN India

ATEN India is the liaison office of ATEN International Co., Ltd., the leading provider of AV/IT connectivity and management solutions. Offering integrated KVM, Professional Audiovisual, and Intelligent Power solutions, ATEN products connect, manage, and optimize electronics in corporate, government, industrial, educational, and retail environments. ATEN has 579+ issued international patents and a global R&D team that produces a constant stream of innovative solutions, resulting in a comprehensive portfolio of products available worldwide. ATEN recently won the “2019 HR Asia’s best employer Award” (best companies to Work for in Asia 2019) awards.

At the forefront of the seamless integration of A/V with IT, ATEN’s advanced ability to quickly develop customized solutions in KVM, Pro AV, PDU, USB, and data communication lines allows the company to build products that connect, manage, and optimize products based on customer need. ATEN’s comprehensive portfolio of innovative, reliable products is available worldwide, with local India support. For more information, visit: www.ATEN.com and follow ATEN India on LinkedIn. Twitter and Facebook.