By now, most organizations responding to the current global pandemic have already moved their workforce to their homes using a secure remote worker system that includes an endpoint VPN client, online teleconferencing systems, and a headend VPN concentrator. But getting workers up and running is not the same thing as making sure that they, and the corporate assets they need to access remotely, have been properly secured.
There has been a massive spike in coronavirus-focused attacks over the past couple of weeks. Cybercriminals are intentionally targeting not just teleworkers, but even their children who are now being schooled at home using e-learning, to compromise home networks. Their goal is to exploit this new attack vector by taking advantage of novice teleworkers and any gaps in security resulting from a rushed transition to a new networking model. Poorly secured home devices and network, combined with overwhelmed head-end VPN termination systems and corporate resources that have rarely, if ever, been accessed remotely, is a formula for disaster.
Fortunately, several security solutions can be quickly put in place to shore up your existing remote worker VPN strategy.
Home networks rarely if ever provide the same degree of protection that a corporate network can provide. In addition to whatever endpoint device your remote teleworker is using, the network they are using to connect back to the office from likely contains a wide variety of other devices with varying states of protections (if any) in place. There is likely to be another person in the house using the same network for their job. There are likely to be children using devices for e-learning. There are gaming, entertainment, and home IoT systems such as smart appliances or security systems installed. And the home likely broadcasts unsecured WiFi access.
In addition to many of these users being unfamiliar with security risks or how to detect and counter threats, home users who rely on a home computer rather than a secured corporate laptop are likely to be using devices that are a rat’s nest of security issues. Devices connecting to your network may include unpatched operating systems and applications, vulnerable software downloaded from the internet, and potentially unwanted applications (PUAs).
And to complicate matters further, your remote teleworkers are also currently on their own. The corporate helpdesk is no longer a short walk down the hall, so when remote workers make mistakes, they need a solution that can automatically stop attacks and remediate files without helpdesk intervention so they can stay productive. Because if they have to re-image their device, that is a two or three day loss of productivity as the laptop is shipped back and forth from wherever your helpdesk team is now located.
Adding an EDR (endpoint detection and response) solution to end-user devices can go a long way towards addressing these challenges. EDR solutions provide both pre-infection and post-infection defenses to keep endpoints – and your network – clear of malicious malware. It does this by providing things such as advanced antivirus functionality on the front end, combined with the ability to detect and stop advanced attacks in real-time, even if the endpoint has been compromised, by detecting, defusing, and remediating live incidents – enabling your workers to stay on task.
Another of the biggest challenges of rapidly transitioning to a home-based worker environment is that many of these new teleworkers may not have been assigned corporate laptops. Which means there is a great potential that a host of unfamiliar and unsecured personal devices are now accessing your corporate network via VPN. Many of these endpoints are also being used for home internet browsing, social media, or even e-learning. Should one of them become compromised, and it then connects to your network, that secure VPN tunnel now becomes a conduit for malware and cybercriminals.
So, in addition to hardening the endpoint device itself, you must have security controls in place at the head-end to identify, control, and monitor all devices seeking network access. Network Access Control (NAC) solutions enable automated onboarding for large numbers of endpoints, users, and guests. It automatically discovers and identifies every device on the network, then applies granular controls to not only limit where those devices can go on the network, but narrowly restrict access to only those assets needed for remote workers to do their job. And it then provides continuous monitoring combined with automated response to identify abnormal behavior and speed reaction time to events from days to seconds.
Forcing cloud access through your core network is likely to more than double the volume of traffic coming into and out of your network. Remotely connecting all remote workers, redirecting them to their cloud-based applications, and then backhauling all of that traffic back through your network and down to your remote users can quickly overwhelm both internal resources as well as external bandwidth.
The better option is to enable users to connect directly to their SaaS applications. Many VPN clients enable split tunneling so remote workers have a secure connection to the network to access resources like email or databases, and a direct link to the internet and cloud to avoid backhauling traffic through the VPN connection. And it provides protections to ensure that internet-based transactions can’t backflow into the VPN connection and put your network at risk.
However, organizations still need to provide visibility, compliance, data security, and threat protection for cloud-based services. CASB (cloud access security broker) solutions provide policy-based insights into users, behaviors, and data stored in major SaaS applications, combined with a comprehensive set of reporting tools. By placing SaaS security in the cloud, IT security managers can scan provisioned cloud resource configurations and SaaS application data for threats, proprietary information, or sensitive customer records. It also ensures that all SaaS users are monitored and protected by a CASB solution no matter where they are or what device they are using.
Bringing it All Together
Beyond the initial effort to provide workers with secure VPN access to the network, organizations looking to further secure their remote workers and their network may want to consider enhancing endpoint security with EDR, especially when personal devices are used for telework. They will also want to identify, control, and monitor those devices at the point of network access with to ensure they behave as expected. And they will want to provide additional security for cloud-based applications and resources rather than backhauling cloud traffic through the core network.
However, adding a collection of new security tools can also create new management and configuration issues right when security teams are already stretched thin. In addition to advanced functionality, organizations should also prioritize solutions that can be seamlessly integrated into a unified security framework for consolidated management, orchestration, and reporting to reduce the overhead associated with deployment, configuration, and troubleshooting.
Advanced security, simplified deployment, and single pane of glass management ensure that your remote workers and extended network can remain secure, users can remain productive, and your business can continue to thrive even during the current global challenge.
Written by Peter Newton.
Powered by Fortinet, Delivered by IT Vortex.