IT Vortex - Managed IT Services

Considerations for Addressing Additional Security Needs for Remote Workers

By now, most organizations responding to the current global pandemic have already moved their workforce to their homes using a secure remote worker system that includes an endpoint VPN client, online teleconferencing systems, and a headend VPN concentrator. But getting workers up and running is not the same thing as making sure that they, and the corporate assets they need to access remotely, have been properly secured.

There has been a massive spike in coronavirus-focused attacks over the past couple of weeks. Cybercriminals are intentionally targeting not just teleworkers, but even their children who are now being schooled at home using e-learning, to compromise home networks. Their goal is to exploit this new attack vector by taking advantage of novice teleworkers and any gaps in security resulting from a rushed transition to a new networking model. Poorly secured home devices and network, combined with overwhelmed head-end VPN termination systems and corporate resources that have rarely, if ever, been accessed remotely, is a formula for disaster.

Fortunately, several security solutions can be quickly put in place to shore up your existing remote worker VPN strategy.

Endpoint Protection

Home networks rarely if ever provide the same degree of protection that a corporate network can provide. In addition to whatever endpoint device your remote teleworker is using, the network they are using to connect back to the office from likely contains a wide variety of other devices with varying states of protections (if any) in place. There is likely to be another person in the house using the same network for their job. There are likely to be children using devices for e-learning. There are gaming, entertainment, and home IoT systems such as smart appliances or security systems installed. And the home likely broadcasts unsecured WiFi access.

In addition to many of these users being unfamiliar with security risks or how to detect and counter threats, home users who rely on a home computer rather than a secured corporate laptop are likely to be using devices that are a rat’s nest of security issues. Devices connecting to your network may include unpatched operating systems and applications, vulnerable software downloaded from the internet, and potentially unwanted applications (PUAs).

And to complicate matters further, your remote teleworkers are also currently on their own. The corporate helpdesk is no longer a short walk down the hall, so when remote workers make mistakes, they need a solution that can automatically stop attacks and remediate files without helpdesk intervention so they can stay productive. Because if they have to re-image their device, that is a two or three day loss of productivity as the laptop is shipped back and forth from wherever your helpdesk team is now located. 

Adding an EDR (endpoint detection and response) solution to end-user devices can go a long way towards addressing these challenges. EDR solutions provide both pre-infection and post-infection defenses to keep endpoints – and your network – clear of malicious malware. It does this by providing things such as advanced antivirus functionality on the front end, combined with the ability to detect and stop advanced attacks in real-time, even if the endpoint has been compromised, by detecting, defusing, and remediating live incidents – enabling your workers to stay on task.

Access Control

Another of the biggest challenges of rapidly transitioning to a home-based worker environment is that many of these new teleworkers may not have been assigned corporate laptops. Which means there is a great potential that a host of unfamiliar and unsecured personal devices are now accessing your corporate network via VPN. Many of these endpoints are also being used for home internet browsing, social media, or even e-learning. Should one of them become compromised, and it then connects to your network, that secure VPN tunnel now becomes a conduit for malware and cybercriminals.

So, in addition to hardening the endpoint device itself, you must have security controls in place at the head-end to identify, control, and monitor all devices seeking network access. Network Access Control (NAC) solutions enable automated onboarding for large numbers of endpoints, users, and guests. It automatically discovers and identifies every device on the network, then applies granular controls to not only limit where those devices can go on the network, but narrowly restrict access to only those assets needed for remote workers to do their job. And it then provides continuous monitoring combined with automated response to identify abnormal behavior and speed reaction time to events from days to seconds.

Cloud Access

Forcing cloud access through your core network is likely to more than double the volume of traffic coming into and out of your network. Remotely connecting all remote workers, redirecting them to their cloud-based applications, and then backhauling all of that traffic back through your network and down to your remote users can quickly overwhelm both internal resources as well as external bandwidth.

The better option is to enable users to connect directly to their SaaS applications. Many VPN clients enable split tunneling so remote workers have a secure connection to the network to access resources like email or databases, and a direct link to the internet and cloud to avoid backhauling traffic through the VPN connection. And it provides protections to ensure that internet-based transactions can’t backflow into the VPN connection and put your network at risk.

However, organizations still need to provide visibility, compliance, data security, and threat protection for cloud-based services. CASB (cloud access security broker) solutions provide policy-based insights into users, behaviors, and data stored in major SaaS applications, combined with a comprehensive set of reporting tools. By placing SaaS security in the cloud, IT security managers can scan provisioned cloud resource configurations and SaaS application data for threats, proprietary information, or sensitive customer records. It also ensures that all SaaS users are monitored and protected by a CASB solution no matter where they are or what device they are using.

Bringing it All Together

Beyond the initial effort to provide workers with secure VPN access to the network, organizations looking to further secure their remote workers and their network may want to consider enhancing endpoint security with EDR, especially when personal devices are used for telework. They will also want to identify, control, and monitor those devices at the point of network access with to ensure they behave as expected. And they will want to provide additional security for cloud-based applications and resources rather than backhauling cloud traffic through the core network.

However, adding a collection of new security tools can also create new management and configuration issues right when security teams are already stretched thin. In addition to advanced functionality, organizations should also prioritize solutions that can be seamlessly integrated into a unified security framework for consolidated management, orchestration, and reporting to reduce the overhead associated with deployment, configuration, and troubleshooting.

Advanced security, simplified deployment, and single pane of glass management ensure that your remote workers and extended network can remain secure, users can remain productive, and your business can continue to thrive even during the current global challenge.

Written by Peter Newton.

Powered by Fortinet, Delivered by IT Vortex.

Share this post

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!



 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible



zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions