Expanding Protection with Remote System Control
Introduction
Sinkholes can be used by both bad actors and system administrators alike. Bad actors can redirect systems to malicious domains and security admins can stop systems from reaching those domains. If remote employees are not using the corporate VPN, do security teams have the ability to manipulate system redirects and sinkhole malicious domains?
Video
Remote system control is more important than ever
Remote workers can directly access cloud-based applications or use the internet to complete various tasks. This direct access minimizes the need to use the corporate VPN which can provide some level of protection against malicious domains. Since a remote system is not using the corporate firewall and may not always be connected to the VPN, there’s a greater risk of connecting to or being redirected to a malicious domain. An organization’s ability to protect that endpoint can be challenging.
When traditional security solutions – from a firewall to a web gateway – are not available for controlling and directing traffic, security admins and responders need alternative options. One option is to sinkhole the malicious domain and prevent systems from connecting to, or redirecting to it, regardless of the links that remote users click.
Security teams need comprehensive response capabilities to protect endpoints and prevent them from accessing known malicious domains.
Solution
CrowdStrike Real Time Response (available with Falcon Insight™ and Falcon Endpoint Protection Pro) enables responders to directly access remote endpoints and run a wide variety of commands including kill processes, remove files or directories, manipulate the Windows registry or even run custom scripts. With a simple script, responders can sinkhole a malicious domain to provide some network level security and protect users from navigating to it.
Closing
Get immediate time to value, extend your visibility and protect your organization regardless of physical location. Try CrowdStrike’s Falcon platform for free: https://go.crowdstrike.com/try-falcon-prevent.html
Content Provided by Anne Aarness
