ExtraHop, the provider of cloud-native network detection and response, issued a report detailing rapid substantial changes in device usage trends as businesses shifted their operations in March due to COVID-19. The report also warns of the security complexity and risks posed by connected devices, both those used by employees at home, and those left idle but connected to the office network. While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices, including internet of things (IoT) devices, and the ways in which people and organizations interact with them tell a story all their own. Business-Related device activity Steep decline in connected devices at the office raises concerns about questionably secure local networks Using anonymized, aggregate data from across its global user base, ExtraHop analyzed business-related device activity during a one week period at the end of March 2020. This data was compared to activity from a similar study of the same global user base conducted in November 2019. The results reveal not only patterns that illuminate the state of work during the COVID-19 crisis, but also the long-term security implications of a distributed workforce. Key findings from the report include: Steep decline in connected devices at the office raises concerns about questionably secure local networks: ExtraHop observed a 65 percent decline in the number of laptops and a nearly 70 percent decline in the number of smartphones connecting directly to corporate networks in March 2020. Securing local networks That said, the fact that these devices are no longer connected to the corporate network doesn’t mean they’re not connected at all. Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware. Vast majority of office phones and printers are still plugged in, exposing risk: The number of connected IP phones declined by just 7.5 percent, indicating that many of these devices remain on and connected even when no one is using them. According to ExtraHop data, nearly 25 percent of those VoIP devices are Cisco IP phones, for which a critical vulnerability (CVE-2020-3161) was announced in April. Printers – at high risk for vulnerabilities and one of the most common targets of hackers – showed even smaller declines in connectivity, dropping by just 0.53 percent. Physical security cameras Connections from security cameras increased by 47 percent in March Spike in physical security cameras: Connections from security cameras increased by 47 percent in March, indicating that many organizations are taking additional precautions against physical intrusion or nefarious activity. Unfortunately, these devices can also expose organizations to cyber risk. Like IP phones and printers, they often have vulnerabilities and have been observed phoning data home. And don’t forget the treadmills: The connections to the network from treadmills declined 100% when office gyms were some of the first aspects of office life to close down. But the connectivity of treadmills underscores the extent to which every device is now a connected device. IT and security departments now have a much broader attack surface to secure, even the office gym. Availability of applications and critical resources “The almost overnight shift to remote work required a massive effort just to ensure the availability of applications and critical resources for employees outside the office,” said Sri Sundaralingam, Vice President, Cloud and Security Solutions at ExtraHop. “For many organizations, the management of IoT and other connected devices may have been an afterthought, or at least something they didn’t anticipate having to handle long term. As availability and security issues surrounding remote access become more settled, this needs to be an area of focus.”
ExtraHop, a pioneer in cloud-native network detection and response, announces new products and services designed to help midsize enterprises address security maturity, reduce tool complexity, and increase efficiency to better protect their organizations. The new ExtraHop® Spotlight™ service leverages the deep domain expertise of the ExtraHop security analysts and combines it with rich insights derived across customer environments to provide targeted threat investigation guidance for lean security and IT operations teams. The new ExtraHop Reveal(x)™ 5Gbps subscription package provides cost-effective network detection and response (NDR) that delivers complete visibility, detection, and response capabilities for midsize enterprises. Sophisticated security threats ExtraHop customers can now augment their teams with the deep security domain expertise of ExtraHop analysts Midsize organizations face the same sophisticated security threats – from ransomware to insider threats – as large enterprises, but often lack the resources and security domain expertise to combat these threats at scale. With the latest offerings, ExtraHop is helping these organizations mature their security operations, keeping them focused on critical threats while aligning IT operations and security operations teams around common datasets and workflows. According to the 2019 SANS Incident Response Survey, the top two impediments to successful incident response were ‘shortage of staffing and skills’ and ‘lack of budget for tools and technology.’ With Spotlight, ExtraHop customers can now augment their teams with the deep security domain expertise of ExtraHop analysts, providing targeted education and investigation guidance for specific Reveal(x) detections, helping them maximize the value of their investment. Adding another layer of intelligence The Spotlight service also adds another layer of intelligence by leveraging visibility into the most common threats across customer environments to speed detection and scale response for multiple organizations. Midsize enterprises are subject to the same malicious activity as larger organizations" When combined with the cloud-scale machine learning of Reveal(x), this collective insight across customer environments helps customers save time and resources by surfacing only the most pressing threats. "Midsize enterprises are subject to the same malicious activity as larger organizations, but often lack the resources that help large enterprises maintain an upper hand," said Sri Sundaralingam, VP of Product and Solutions Marketing at ExtraHop. Cloud-Native network detection “Competition for scarce security talent is fierce, and budget constraints often slow tool modernization, leaving existing IT and security teams under-resourced. This new offering enables medium-sized enterprises who want to scale their business with a cloud-native network detection and response solution to efficiently cover a wide breadth of use cases.” "For 40 years, our mission has been to provide our customers with innovative solutions that reduce costs, increase productivity, and mitigate risk," said Chris Pyle, CEO at Champion Solutions Group. "As security threats become more and more sophisticated, we are seeing businesses of all sizes looking for solutions to address these security concerns. ExtraHop's expansion into the midsize enterprise will allow us to bring Reveal(x) to a whole new market." Midsize enterprise security solution The new midsize enterprise security solution will open new doors for us to expand our offerings" "At Exclusive Networks, we choose to partner with companies like ExtraHop that provide best-of-breed solutions such as Reveal(x)," said Gilbert de Rijke, New Business Director at Exclusive Networks Netherlands. "We share a joint purpose with ExtraHop to bring industry-leading network detection and response to enterprises of various sizes around the globe and the new midsize enterprise security solution will open new doors for us to expand our offerings.” Enterprise-Grade threat detection "The new ExtraHop Reveal(x) subscription offering is a perfect fit for the APAC midsize enterprise market," said Dan Suto, General Manager of Managed Services at DXC Connect. "This enterprise-grade threat detection and response with complete visibility represents a huge opportunity for our go-to-market strategy with ExtraHop and our managed services clients." The ExtraHop Reveal(x) 4200 (5Gbps solution) will be available globally in March 2020. ExtraHop Spotlight service is now available in North America and will be available for specific global regions in the second half of 2020.