Message to Our Customers (In Response to COVID-19)

Dear Expanse Customers, 

I am writing to reassure you that Expanse services continue as normal. We’ve always had a secure work-from-home capability in place for our employees, and we’re taking advantage of that now to continue to serve you during this critical time.

We realize that you are dealing with a storm of professional and work issues, combined with worry about family and friends. If you have any questions or specific needs we can help you with, please let us know. I’ve included some additional information below about what we are observing across our national security and major enterprise customers as it pertains to work-from-home and Internet-based attacks. 

Best regards,

Tim Junio
Co-Founder & CEO, Expanse

Those of us in IT and cybersecurity know that not all human psychology is wired for good. We are already observing intrusion attempts against government agencies to try and undermine public responses to the coronavirus

In normal times, according to a University of Maryland study, Internet-based intrusion attempts happen every 39 seconds. We expect to see an increase of bad behavior on the Internet with so much of the workforce moving to a 100% remote model for an indefinite period of time. We want to help our customers be proactive, ready, and invulnerable to attacks now, not later, when it’s too late. This hybrid, zero-trust, multi-cloud network model is the future we founded Expanse to address.

Some of the key risks we regularly see with remote employees and are particularly sensitive to at this time, include:

  • Misconfigurations and/or failure to patch Windows remote access services, like Remote Desktop Protocol (RDP), Server Message Block (SMB), and even NetBIOS. In the last couple of weeks, we have been particularly focused on a newly disclosed exploit against SMBv3.
  • Inconsistent application of network traffic controls, which can make it easier for Internet-based attackers to gain initial or sustain illicit network access. Examples of how this may manifest: 
    • Untrusted IPs may be permitted to connect to corporate resources.
    • Firewall-based rules are not uniformly enforced across the network, such as segmentation policies or geofencing
  • Misconfiguration or misinstrumentation of network remote access and security appliances in the haste to add capacity for more workers. This can result in insecure protocol access (e.g., Telnet), weak password security and/or management, inadvertent unencrypted logins (e.g., default web servers), weaker-than-usual configurations for routine services (e.g., for SIP or file sharing), or unintended public accessibility of sensitive log data.
  • Shadow use of software-as-a-service or commercial cloud products for business convenience and haste, forcing central IT and security into a catch-up mode to understand what is in use where and with what corporate data.