Secure Home Working

Covid-19 changes the rules

Sources estimate that since the start of the Coronavirus lockdown, the number of cyberattacks has increased between 260% – 450%. One threat tracking organsiation quotes that they saw over 1 million attacks per day during peak lockdown.

Cyber criminals are very aware of the lack of affordable security for satellite offices. Today, many home networks have multiple IP-enable devices connecting to them. A single vulnerable device such as IP-enabled doorbell or a family members PC running a non-corporate strength anti-virus makes an ideal entry point for an attacker to enter the home network. Once an attacker has compromised the home network, it is relatively simple to pivot onto the corporate network.

The corporate challenges of supporting home working

Analysts predict that about 60% of the workforce will retain some element of home working for the foreseeable post-Covid future. The security challenge in supporting satellite offices is they lack the same degree of robust security controls as the corporate network. The minimum-security controls for an employee working from home should be a locked-down corporate laptop running company approved anti-virus software. In reality, many remote workers are using BYOD devices with, if you are lucky, a free anti-virus downloaded from the internet.

When surveyed, “most” homeworkers admitted that, in the rush to get back up and running, they have used services not approved by their IT department, such as videoconferencing (70%), instant messaging (60%) or cloud-based storage (53%).

Botprobe gives back the advantage to security teams

Anti-virus software and VPNs play an important role in securing the satellite office. However, these only protect the end-point device. One important difference between corporate security and satellite office security is protecting the network, with security controls such as Intrusion Detection Systems (IDS).

Satellite office IDS is challenging for several reasons. If centralised IDS is used, how do you cost-effectively transfer the vast amount of network traffic from the remote location to the IDS? If each satellite office has its own IDS, how can you remotely synchronise the detection rules quickly and efficiently?

Botprobe’s innovative intelligent data-capture technology takes the advantage away from the attacker and gives it back to the security team. By capturing only the parts of the network traffic that are useful for threat detection, we can reduce the volume of traffic being fed into analysis engines by 95%.

Because our capture probes are handling 95% less traffic, not only are they faster than traditional IDS solutions, but our software is optimised to run on much lower powered devices, making satellite office IDS affordable.

To learn more about how Botprobe’s home worker security solutions are:

faster

more secure

cheaper

contact us on info@botprobe.co.uk, or 01223 852824.

Botprobe – securing today’s home workers with tomorrow’s technology.

Download Our Briefing Paper

In a post-covid world, a home worker security solution that only protects end-points is not enough. Download our briefing paper to learn more about how protecting remote worker’s home networks can protect your corporate network.


Benefits of Botprobe’s Home Worker Protection Solution

Low cost of purchase

  • Our data-capture technology is optimised for low-power devices, thereby reducing entry cost of hardware probes
  • Easy integration into existing network infrastructure
  • Integrates with existing analysis/detection engines such as SIEM, ELK or third-party managed services

Increased detection capability

  • Brings corporate level security to satellite offices by adding a network protection layer to your existing security
  • 95% reduction in analysis traffic means fewer false positive alerts
  • Next generation detection rules can be written using powerful SIEM search languages
  • Able to replicate existing Snort or Suricata IDS rules, where needed

Faster detection

  • 95% reduction in network traffic that requires analysis
  • Security analysts gain more time for threat hunting, as they can spend less time preparing analysis data
  • More efficient detection rules

What does Botprobe detect beyond other security solutions?

VPN

Malware

Connection to malicious website

Connection to ransomware website

Connection to TOR network

Connection to crypto miner website

Connection to website with weak security

Connection to IP bogon

Botnet detection

DNS whitelisting

SSL certificate blacklisting

Malicious/Hacker activity

–   CVE/Vulnerability exploit

–   FTP/SSH/Telnet password attack

–   Network scan

–  Corporate policy rule bypass

Data leakage

Anti-Virus

Malware on the end-point

Connection to malicious website

Connection to ransomware website

Connection to TOR network

Connection to crypto miner website

Connection to website with weak security

Connection to IP bogon

Botnet detection

DNS whitelisting

SSL certificate blacklisting

Malicious/Hacker activity

–   CVE/Vulnerability exploit

–   FTP/SSH/Telnet password attack

–   Network scan

–  Corporate policy rule bypass

Data leakage

Malware on the network

Connection to malicious website

Connection to ransomware website

Connection to TOR network

Connection to crypto miner website

Connection to website with weak security

Connection to IP bogon

Botnet detection

DNS whitelisting

SSL certificate blacklisting

Malicious/Hacker activity

–   CVE/Vulnerability exploit

–   FTP/SSH/Telnet password attack

–   Network scan

–  Corporate policy rule bypass

Data leakage

Watch Our Promotion Video

Information Sheet