Dealing with COVID-19 themed malware
Keeping laptops clean even when they’re not behind the firewall
Cybercriminals are using COVID-19 as bait to trick users into installing malware. It’s not a new idea, and there are no new tactics in these campaigns. What’s different this time is that a lot of people are working from home, outside of the traditional company network protections.
Indeni has just released a new feature to track firewall capacity based on customer predictions of higher VPN usage, similar to the added visibility for VPN users we added for last year’s polar vortex that also resulted in employees working from home. We’ve also extended our trial license to 90 days, because we believe there are more important things to worry about during the pandemic than whether your firewalls are stable.
Due to the targeted malware campaign, we at Indeni recommend IT departments leverage their VPNs to do traffic inspection, rather than using split tunneling. Anti-malware vendors use different signatures and heuristics, so it’s a good idea to have multiple layers of detection, but these tools notoriously interfere with each other if multiple similar products are installed on the same endpoint. Thankfully, the additional layer of detection can be provided at the network layer without causing problems on endpoints.
Indeni also helps with detection by ensuring that firewalls are following best practices in both downloading and applying signatures, and by notifying administrators when content updates fail. This combination of signature update monitoring and capacity monitoring will give administrators enough information to know whether the firewalls are able to keep up with the projected increase in traffic, so there’s less guesswork about whether to fall back to reduced enforcement.
For more information about the advantages of using Indeni to track stability and performance of your security infrastructure, we recommend our blog post about security operations strategy. Or, as always, you can get started with Indeni by downloading our VM right now.