No security professional likes to wake up in the morning to hear the news that a commonly-used development tool has been compromised. But that’s exactly the situation that Dtex found ourselves in last week, when major news outlets started reporting that Teamviewer, a popular remote-access software, had been compromised. Lots of users were reporting that their computers were taken over by a third party and their data, passwords, and money was stolen.
Uh oh. Not good news, especially since we knew that lots of our employees had TeamViewer installed on their machines, and use it regularly.
This, after all, is the ultimate insider threat — the outside attacker getting complete, unrestricted access to one of your employee’s machines.
So the real question is, what can you do to be certain that your enterprise isn’t compromised by a certain application?
Here’s how we approached it.
We don’t mean to be full of ourselves (really! We don’t!) but we had a major advantage when it came to tackling this issue: Dtex itself. Using Dtex, we were able to do a simple search in order to locate everyone who has ever used TeamViewer in our company.
This search took ten seconds, and showed us everyone who has ever run TeamViewer this year.
It leaves us with a neat-n-tidy list of which users and machines we need to worry about. This way, we can reach out individually to these users and make sure that they follow the right procedures — and confirm that they haven’t already been compromised.
Even better, we can use this visibility to make sure that no one continues to run or install TeamViewer after we tell them not to.
Sure, that’s cool and all, but is it really necessary?
You bet it is. The big problem with these sorts of situations is that a lot of enterprises don’t know how to handle them.
A lot of companies just send out company-wide emails — “if you use Teamviewer, please update your passwords” or “If you use Teamviewer, please uninstall it.” But these are completely unenforceable directions, and people often ignore these sorts of mass warnings.
A mistake here can cost your enterprise dearly in the form of lost data, potentially causing a huge breach. Plus, it would seriously hinder productivity. Those are some consequences that warrant a lot better than “good enough.”
With this method, you can never be sure that this known risk isn’t compromising your enterprise — and you need to be.
Using an endpoint visibility solution like Dtex means that you’re not leaving it to chance.
But can’t we find this using tools we already have?
Well, try it. Go ahead. We’ll wait. It should only take you 30 seconds or so to get an answer.
What we find at most companies is that they have a really hard time answering questions like this. They either have to search across lots of systems, or they’re using an inferior endpoint tool that can only search back a couple of weeks.