Asset management should always be a critical part of any security program. But with the drastic shift to remote work, it has become an even harder problem.
Now that employees are working from home, it’s difficult for IT & Security teams to answer questions like:
- Are employees running sanctioned software on company devices?
- Are remote work tools configured according to security policies?
- Have user privileges changed? If they have what risk could that introduce?
With corporate devices residing outside of company networks, many IT & Security teams have lost visibility and the ability to apply certain security controls to devices. At the same time, companies are rapidly adopting more remote work tools to keep their business processes afloat.
What’s this all mean? Less time to vet and configure tools.
Take the Department of Defense (DoD). It recently rolled out Microsoft Teams. The DoD did this in weeks — normally, their software rollout process takes months.
As if you don’t have a challenging enough job! Now you have to minimize risk and operate under compressed timelines, all for the sake of business continuity.
We’ve seen a lot of customers use Axonius to get a handle on validating security policies and identifying new risks.
Here are some of the use cases we’re seeing most often.
1. Ensuring remote work software is properly used
Problem: Productivity and teleconferencing tool adoption (like Microsoft Teams, Zoom, and others) has spiked. The rise in this software adoption presents attackers with an opportunity to use these platforms as an attack vector for espionage and data theft.
To minimize risk, you should ensure all your users are configured correctly — but for many management consoles, this is difficult and time consuming.
Axonius Solution: The Axonius Query Wizard ensures all devices have the proper remote work software running on them — and that all software is configured correctly.
For instance, with Axonius’ Zoom adapter, you can immediately identify all devices and users that aren’t using passwords and waiting rooms for Zoom meetings.
This reduces the likelihood of unauthorized users dialing into meetings (aka “Zoombombing”).
2. Verifying user privileges
Problem: Now that employees are connected to their own residential networks, it’s harder to verify and enforce proper user privileges.
For instance, an employee may have always had local admin privileges in the office. But now that certain network security controls can’t be applied, they could be able to download and run whatever applications they want.
Traditionally, finding all devices running with local admin privileges and removing them is difficult and time consuming.
Axonius Solution: The Microsoft System Center Configuration Manager (SCCM) adapter in Axonius lets users query and find users with admin privileges. This takes a process that’s usually several hours down to less than a minute, and lets you drastically reduce the risk of employee devices becoming compromised.
3. Finding users/devices with banned or potentially malicious software
Problem: Removing admin privileges helps reduce risk down the line, you also need to address more imminent risk..
You should be asking yourself, “Despite limited visibility and controls, how can I identify employee devices that may already be compromised?”
Axonius Solution: With certain Axonius adapters (like endpoint management and protection platforms), you can gather a list of all running software on any device.
You can also query to see if any devices are running malicious programs, such as mimikatz, metasploit, or various torrent clients, password crackers, keyloggers, and more.
4. Managing password resets
Problem: Enforcing basic IT and security hygiene policies across the company is even harder when every employee is virtual. Ensuring employees are following password guidelines and resetting passwords on a cadence sounds easy. But across several domain controllers, it’s extremely time consuming.
Axonius Solution: You can look across all devices and identify user accounts with passwords set to expire in any number of days by connecting Axonius’ Microsoft Active Directory adapter in Axonius..
This way, you and your team can buy time and proactively work with employees to ensure password resets are happening in-line with your company’s security policies.
Want to learn more about how Axonius can help you better maintain your security policies — even when employees are remote? Request a demo.
Noah Simon is Director of Product Marketing at Axonius. Noah is passionate about cybersecurity, and always seeking to understand how new technologies can help companies and individuals protect themselves from the continually evolving risk landscape. Noah has previously held product marketing roles at BitSight, Cybereason, and White Ops.