MINERVA LABS' REMOTE USER PROTECTION

Getting Started with Remote User Protection

Remote User Protection is a term coined by Minerva Labs to broadly cover the security protection of all remote working options and not just working from home.

WATCH OUR VIDEO

Defining Remote Users

Before we explain how to protect remote users, and why Minerva Labs’ solution is unlike anything else in the marketplace, we first need to explain what we mean by that term.

A “remote user” doesn’t only refer to an employee who works from home. The term also applies to any third party users and devices that are able to connect remotely to the corporate network. Work-from-home employees are certainly the most visible group of remote users, and the ones currently making the headlines. The speed of the transition to working from home, and consequently the vast number of employees now needing cybersecurity protection, is a consequence of the worldwide Covid-19 pandemic.

While the pandemic may have been the catalyst, the flexibility of remote working has been embraced by both employers and organizations, and is likely here to stay. However, as the Internet of Things (IOT) and the need for remote support of smart devices continues to grow, a greater need exists for other non-employees to connect remotely to your network. Other typical remote-user use cases include:

Third-party vendors offering
technical or other support
the organization needs

Consultants accessing business apps and files

Doctors and other medical
professionals needing to
consult patient records, or
perhaps issue a prescription

Stock brokers and financial
-professionals placing time
sensitive trades, or requiring
access to clients financial
information

The immense number of remote users has created an unprecedented number of new endpoints, in particular laptops and desktops, requiring work from home protection.

WFH ebook

Beware of Access Point Weaknesses

Businesses need protection from hackers who would exploit weakness anywhere in a system in order to gain a foothold in a network and access secure data.

If a user’s device is compromised, the device can be used to steal data, or to  gain access to a business network, so businesses need to safeguard against any ransomware, viruses, or other malware accidentally introduced into the network by their own employees. If a user clicks on a phishing link, masked in a seemingly innocent email, they may inadvertently be sharing sensitive information or downloading malware. This would create an access point to the business network for the hacker to exploit. So the first step for businesses is to educate employees on awareness of what to look out for, in order to safely work from home, without the security framework of the office. Other opportunities for exploitation from malware include keyloggers, and programs that take screen grabs and export them.

Threats To Remote Users

Keylogger

Secretly watches and logs every keystroke that is typed on the hacked device, essentially recording everything the user does and sending it to the threat actor.  Imagine working on a device with an installed keylogger. Visiting your bank’s website and entering your credentials? Keylogger is recording your username and password. Writing a private email? Keylogger can read every word. In this way, keyloggers have the ability to copy all passwords and IP address entries from the personal unmanaged device, even if a Virtual Private Network (VPN) was used to connect to the business network.
All sensitive information that is typed, including PIN codes, account numbers and email passwords, could be at risk of being sent to the attacker. Keyloggers not only pose a direct security threat to the user but, the obtained private information could easily be used as an access point to cause damage to a business. Case: Watch Your Six

RAT

RATs can do damage to your system in several ways, including taking screen grabs, and opening a reverse shell. To avoid detection, infiltration is symptomless and the computer speed remains the same.. RAT typically uses screen monitoring by taking screenshots every second and sending it back to the attacker. That means that if personal information like bank account information, or private data is visible on your screen, the threat actor now has it. Using a reverse shell, RAT can continue to have remote access capabilities which it can use to distribute further malware, and record video, or activate keylogging.  Case: Parallax RAT

VPN

A VPN’s job is to open a secure tunnel between two endpoints. However attackers are able to infiltrate the business through a session on an unmanaged device, even if a VPN is in use. If a computer becomes infected during a VPN session, through a phishing email or other means, it will remain undetected. Once started, the session remains unmonitored by the host checker, allowing malicious code to travel within the VPN, and then infecting the business network.

New Endpoints

The proliferation of many new endpoints which cannot be easily managed, results in increased exposure to security risks. Reliance solely on the IT department would create a debilitating pressure to provide a comprehensive support center and secure all these new endpoints.  Employees don’t often have the technical know-how to fix problems that may occur when applications are not working correctly on their home devices, even if they are able to self-install a program or anti-virus solution. In other words, business shouldn’t rely solely on their overtaxed, and possibly under-trained IT staff to maintain remote security. Link: Endpoint Security

Common Remote User Prevention Options

Current remote user prevention methods include a VPN or Virtual Desktop Infrastructure (VDI) and Anti-virus (AV) solutions.

VPN

A VPN allows users to connect securely to the business network, through an installed vpn application or web based  connection, which creates a tunnel between the device and the network. Using the internet, through the secure connection, the user can access business network files and resources and transfer data through the tunnel.

VDI

The VDI provides a secure remote connection for a user to an individual virtual desktop on a central server. Access to applications on a windows-based system is managed by the administrator and data can be restricted from leaving the network.

Anti-Virus

Anti-virus software protects systems from known malware, offering a minimum layer of protection, through prevention, detection and removal of the threat. By running scans, isolating known  infected files for deletion and warning of potentially dangerous links and websites, anti-virus software is the most commonly adopted solution for work from home protection.

Why current RUP methods aren’t enough

No in-depth IT knowledge or previous skills are needed to simply implement and run Minerva’s Remote User Protection solution. The IT team and management will be able to see all the times malware attacks tried to run and were prevented by Minerva, while individual users will only see notifications of prevented malware attacks specific to them. With this additional visibility into attacks that have been prevented, organizations can better analyze the risks caused by these unmanaged devices. When an attack is stopped, the organization can decide to end a session immediately or allow it to continue.

When Minerva’s Remote User Protection is active, no data is stored or collected. Running only for the duration of the remote connection, Minerva is not active when the user is not connected. This works to safeguard user privacy and is GDPR compliant because outside of the active session user’s are free to browse without being tracked.

Offering rapid deployment through a quick download and click to run, simplicity of use and prevention against even the stealthiest of malware attacks, Minerva Labs Remote User Protection keeps the business network safe, and gives the organization additional options for staying safe, even when employees are working remotely.

Minerva Lab’s Remote User Protection

Minerva’s Remote User Protection focuses on prevention. Minerva is able to thwart malware attacks from happening in the first place, even from previously unknown malware, such as undefined strains of ransomware, malspam, viruses and spyware. Not reliant on a “detect and respond” approach, attacks are blocked  which prevents endpoint infection and protects user and network files.

Minerva’s anti-evasion platform has successfully stopped attacks from RAT, Qbot, Kraken and even the lesser-known ransomware Sekhmet.

Minerva’s Remote User Protection runs complementary to anti-virus solutions, adding a powerful layer of defense.  Whether working from home, in office or any remote location, the workstation is protected when utilizing remote user protection.  The protection gives visibility into what is passing between endpoints and can prevent infection. Since it is inactive when there is no remote session, the end user can be comfortable that their private data remains private.

No deployment, it just works

Minerva’s Remote User Protection is a seamless solution, which doesn’t disrupt the workflow or speed of the device. There is no limit to the number of remote users that can connect simultaneously to the network nor limits on permissions for user interaction.

Best of all, Minerva’s Remote User Protection does not require any installation, no elevation of privilege, no reboot. The protection starts running at the beginning of a session, continues throughout the entire remote session, and shuts down when the session ends with no interruption to the user.

Minimal reliance on the IT team

No in-depth IT knowledge or previous skills are needed to simply implement and run Minerva’s Remote User Protection solution. The IT team and management will be able to see all the times malware attacks tried to run and were prevented by Minerva, while individual users will only see notifications of prevented malware attacks specific to them. With this additional visibility into attacks that have been prevented, organizations can better analyze the risks caused by these unmanaged devices. When an attack is stopped, the organization can decide to end a session immediately or allow it to continue.

When Minerva’s Remote User Protection is active, no data is stored or collected. Running only for the duration of the remote connection, Minerva is not active when the user is not connected. This works to safeguard user privacy and is GDPR compliant because outside of the active session user’s are free to browse without being tracked.

Offering rapid deployment through a quick download and click to run, simplicity of use and prevention against even the stealthiest of malware attacks, Minerva Labs Remote User Protection keeps the business network safe, and gives the organization additional options for staying safe, even when employees are working remotely.

To see our Remote User Protection in action

Request a Demo Today