Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave 2021 Network Security Report Shows How Threats Have Evolved in a Remote Workforce World

The COVID-19 pandemic created enormous challenges for businesses worldwide – and cybersecurity challenges were prominent among them. Employees transitioning to working from home created new vulnerabilities in network systems designed for a centralized, in-office workforce. As a result, there was a subsequent spike in cybercriminal activity, as bad actors hastened to take advantage of the situation, along with an increase in malware attacks and other network security threats.

To give organizations a better view of how the network security landscape has evolved, Trustwave SpiderLabs utilized its internal and external network vulnerability scanning systems and threat intelligence to provide insights into which threats were most pervasive. They compiled their findings in the 2021 Network Security Report.


18002_2021-network-security-report-cover
RESEARCH REPORT

2021 Network Security Report

There’s been no shortage of malicious attacks and bad actors the past year – and no signs of the threat landscape slowing down. Trustwave compiled a report of popular network attack methods and suggested mitigation tactics for organizations to prepare their defences. Read our 2021 Network Security Report for an overview of the prevalent threats over the last several months and proactive security measures you should take.


We sat down with Prutha Parikh, Senior Security Research Manager, Trustwave SpiderLabs, to discuss some of the key trends from the 2021 Network Security Report in more depth.

How has the remote work environment changed the required approach to network security?  

With the move to remote work, we saw a sudden surge in the use of personal devices accessing corporate networks while being connected to home Wi-Fi networks. These home networks can be largely unsecured, making them a primary target for attackers looking into a point of access.

Enterprise-level security solutions do not guard systems on home networks. Home networks typically use obsolete software and are not regularly patched, making them much more appealing to cybercriminals. This shift to home network utilization has exponentially expanded the edges of corporate networks, requiring organizations to adapt their protections. In our research, we noticed an uptick in VPN and video conferencing tool vulnerabilities – along with insecure, open access to remote access tools and external services directly accessible over the Internet.

SolarWinds has put supply chain security in the spotlight. What’s the big network security takeaway from that security incident?

Organizations should always take a holistic approach to security. The SolarWinds supply chain attack showed that a well-rounded defense-in-depth approach to detection and response is critical when prevention fails. From a network security best practices standpoint, the SolarWinds compromise shouldn’t deter organizations from installing patches from suppliers.

As mentioned in the 2021 Network Security Report, having an up-to-date asset inventory, continuously monitoring the network for known vulnerabilities, and ensuring systems have the latest patches installed should remain an integral part of an organization’s holistic security program. 

VPNs have received some negative press in the past few months and have been at the root of some high-profile system compromises. What makes them so dangerous if compromised? What VPN best practices do companies need to ensure they’re following to ensure security?

VPNs were designed a couple of decades back to create and expand “trusted on-premises networks”. Organizations traditionally used them to provide remote users with a secure channel for communication into corporate networks. They were not built for today’s modern complex ecosystems and multi-cloud infrastructures.

VPNs take what we call a “perimeter-based” approach to security – trusted users on the inside and untrusted users on the outside. This approach was somewhat sufficient pre-pandemic with firewalls and other security solutions protecting office workers.

But, when the dramatic shift to remote work happened a year ago, it highlighted some of the challenges that came with this perimeter-based model of security that VPNs relied on. Employees were connecting into corporate networks from multiple locations, sometimes through bring-your-own-devices (BYOD) and unmanaged devices while on their home networks. This de-centralized workforce created a very large enterprise attack surface for VPN solutions. The access-to-all-or-nothing motto is the reason a VPN compromise can be extremely dangerous. Once an attacker is on the corporate network, they have access to everything. So when an attack occurs, the damage could be significant.

The move to multi-cloud solutions makes “Zero-Trust” solutions a more secure alternative to VPNs. Unlike VPNs, these solutions don’t inherently grant access to everything but instead allow for a more granular approach based on the concept of least-privileged access. By default, access is denied unless permissions are explicitly granted. The Zero-Trust model can segment the network, and users must authenticate every time they want to access an application or system. This is a more secure design for hybrid and remote environments, given the rapid shift to the cloud.

That said, VPNs will still be in use for on-premises networks, and based on the use-case, a combination of using Zero-Trust solutions and VPNs together is more likely to stay around. For enterprises that rely on a VPN for protecting their on-premises networks, here are some of the VPN best practices to follow:

  • Enable and require multi-factor authentication
  • Proactively apply security patches released by VPN vendors
  • Ensure VPNs are correctly configured to minimize security risks
  • Run the VPN in full tunnel mode as opposed to split-tunnel mode
  • Restrict BYOD and unmanaged devices from connecting to the VPN; Zero-Trust solutions are a better security solution for personal devices

Latest Trustwave Blogs

DOJ Disrupts Russian Botnet Created Using Unchanged Admin Credentials

The US Justice Department conducted a court-authorized operation in January that thwarted an on-going Russian GRU botnet campaign that used unchanged publicly known default administrator passwords to...

Read More

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024...

Read More

Understanding Why Supply Chain Security is Often Unheeded

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture.

Read More