With the UK in full lockdown as the Covid-19 coronavirus crisis bites, businesses that have not shut their doors must pay more attention to their cyber security posture, adding additional protections for the millions of people now working from home, and taking account of a highly active, dangerous and constantly evolving threat landscape.
As a result, many cyber security suppliers and service providers are introducing special offers for new and existing customers, extending introductory offers, and in many cases offering their products gratis. Here, we round-up some of the latest offers that are currently available.
AppGate, a supplier of software-defined perimeter (SDP) security, claims its product has multiple benefits over a traditional virtual private network (VPN), alleviating network choke points for remote workers accessing their business resources, and solving the problem of the inherent lack of security that stems from overprivileged access.
The firm is offering a free 90-day pilot of its SDP product for enterprises affected by the coronavirus. It said the product can be set up quickly, scales cost-effectively to thousands of remote workers, integrates seamlessly with existing network hardware, and provides a simple experience for office workers who are working from home for the first time.
Canadian security awareness platform Click Armor has launched a free coronavirus-edition of its Can I Be Phished? assessment tool for remote workers to test their mettle when it comes to identifying phishing attacks, coronavirus-related disinformation, and other security threats.
The online tool uses gamification to test and improve basic security skills, challenging players to pick out suspicious emails such as fake HR policy updates, fake health advisories and alerts, and fake news.
“People are often surprised how easily they are fooled by the game’s realistic scenarios. They learn to be more careful in looking for real clues and risky elements. In under five minutes, individuals can learn practical tips they can use to protect themselves and their employers,” said Click Armor CEO Scott Wright.
Seattle-based threat intelligence specialist DomainTools has compiled a constantly updated coronavirus threat list to help enterprises make better decisions about the risks to their businesses posed by the pandemic.
It uses a keyword search-based list to include domains that the firm has judged to be high-risk, which are displayed in context alongside information such as their date of creation, and a proprietary risk score.
Jackie Abrams, DomainTools vice-president of product, said that the scoring mechanism, which draws on data points from more than 330 million active internet domains, predicts how likely a domain is to be malicious. It is based on two algorithms that analyse a target’s proximity to other bad domains and how closely its intrinsic properties resemble other bad domains.
DomainTools’ coronavirus list can be accessed via its website, and has grown from only 3,000 domains on 1 March 2020 to more than 57,000 by 22 March, showing how quickly cyber criminals have weaponised the pandemic.
ImmuniWeb has launched a coronavirus salvage plan for affected businesses, including the provision of its solutions to the tune of $500,000 (£414,000/€453,000) for eligible organisations, and an extended version of its free Community Edition for everyone.
This will include security audit capabilities, including PCI DSS and General Data Protection Regulation (GDPR) audits of business-critical web and mobile apps; security and compliance risk measurement and scoring; dark web searches for stolen or leaked credentials and other data; and continuous security monitoring with threat notifications.
The package is available to international organisations or government entities in Canada, Europe and the US that made 30% or less of their sales online last year but expect to shift 70% of more online during the second quarter of 2020 due to the pandemic, with fast-track assistance available for government agencies and suppliers of medical equipment and essential goods.
“The DNA of ImmuniWeb’s Platform is agile provision of highly efficient and effective services in a contactless, paperless and entirely online manner, adjustable for any needs or special requirements,” said the firm’s founder and CEO Ilia Kolochenko.
“For years we have been consistently and coherently reducing complexity and costs of application security for our customers. Today, these advantages may be a lifesaver for many disoriented but resisting companies seeking help to securely transform their business models and shift into digital space,” he said.
The new version widens protection for remote worker collaboration by covering SharePoint Online and enabling secure file sharing within Microsoft Teams, which comes in addition to previously available protection for Exchange Online and OneDrive, shielding inboxes from phishing emails, blocking malware from spreading across a distributed company, and detecting and quarantining any malicious files that may be inadvertently shared.
“Companies that are moving to cloud services and using communication tools, such as Microsoft Teams, must keep their data protected and meet the requirements of secure collaboration and messaging for their employees,” said Sergey Martsynkyan, head of business-to-business (B2B) product marketing at Kaspersky.
“To help companies meet these needs, we have expanded protection for Microsoft Office 365 to cover all associated applications. This gives customers assurance that the entire cloud service is secured by default and that potential threats do not affect employees’ working processes.”
Qualys, a supplier of cloud-based security and compliance services, is offering 60 days of free access to its cloud-based remote endpoint protection solution for existing customers – with new customers prioritised based on sign-up date.
This will let security teams audit and build up-to-date inventories of their remote endpoint hardware and apps, get a realtime view of critical vulnerabilities and risky applications, remotely patch systems without using the limited bandwidth available on VPN gateways, and better realise visibility in device hygiene by tracking common misconfigurations that may leave them exposed.
It will initially support patching for Microsoft Windows 7 environments and above, with patching for Macs, and malware detection and protection available later.
“The entire Qualys team is pleased that during these critical times, we can offer a real solution that will allow companies to ensure the security of both corporate and personal computers,” said Philippe Courtot, chairman and CEO of Qualys.
“Thanks to our cloud-based implementation, this offer will enable companies to assess in real-time their security and compliance posture and remotely patch employees’ devices with the click of a button.”
Data security and privacy specialist Spirion is also offering security teams a 60-day free licence for essential data discovery functionality in its Sensitive Data Manager software.
The offer includes a limited version of its console server software and agent software for examining Windows 7 and 10 endpoints, alongside four hours of professional services to install, configure and fine-tune new installations.
Meanwhile, remote employees can take advantage of a free version of its Data Discovery Agent to uncover personal information held on their home computers, such as social security (National Insurance) numbers, credit card and bank account details, driver’s licence numbers, and passwords, enabling remote workers to take steps to better secure their personal data.
“Spirion was founded to protect personal data, and at no time in our company’s history has data become more vulnerable and more targeted than it is right now,” said Kevin Coppins, the firm’s president and CEO.
“The sensitive data threat surface for almost every organisation, public or private, has grown exponentially in just the past 10 days as dedicated workers do their jobs from home. Our team is committed to working alongside any organisation that is concerned with protecting sensitive data that belongs to its customers, employees, partners, and communities.”
Varonis’ director of security architecture and incident response Matt Radolec has set up a Covid-19 Cyber Task Force to try to take some of the grunt work off its customers’ plates and free up security teams to focus on availability for their remote workforces.
Based on resource availability, some of the zero-cost options will include assistance from Varonis’ incident response team should the worst happen, free consultations with experts via Zoom, health checks on existing customer installations, incident alert tuning, daily and weekly security reports and reviews, and additional monitoring with free evaluation licences for customer VPNs, Office 365 installations, and DNS and proxy servers. Potential new customers can also take advantage of free evaluation licences.