The COVID-19 pandemic has turned worldwide social and business interactions upside down, stoking fear and panic everywhere from main street to Wall Street.
Most companies have closed or been forced to close their offices and sent employees to home to work. This massive surge in telework has placed unprecedented stress on corporate IT infrastructures.
The first casualty has been performance, because far too many devices are connecting to corporate networks, firewalls and VPNs than the systems were designed to handle.
Endpoint security is the second. Remote employees — more focused on being productive than following security procedures — are bypassing corporate VPNs to access cloud services. This situation is especially troublesome because they are often using personal devices, which lack security controls found on company issued hardware.
One wrong click can instantly result in an infection reaching into and spreading laterally across the organization’s network. Given the limited capabilities of traditional perimeter firewall and VPN solutions to protect against these remote threats, companies need different security measures to protect their assets.
Here are six practices to consider for securing remote workforces.
1. Inspect Endpoints
It is vital to assess the security posture of all endpoints connecting to the corporate network computing. This practice enables an organization to determine whether each endpoint requesting to access internal resources meets security policy requirements. It requires the ability to track and enforce policy of all devices, while delivering easy user onboarding and offboarding.
2. Leverage the Cloud
Cloud-based Security-as-a-Service offerings can address a myriad of remote work threats by providing multifactor authentication (MFA), network segmentation, network firewall, threat management, antivirus, anti-spyware, and more.
Other SaaS capabilities include file auditing and blocking, global bans on all communications for a defined set of ports and applications, external IP blocking, URL filtering, and a global web application firewall.
3. Inspect Traffic
By analyzing network and application traffic, an organization can protect its networks against malware threats and distributed denial of service (DDoS) attacks.
Application layer attacks typically exploit specific vulnerabilities in an app or protocol. While web servers are typically attackers’ favorite target, others are Session Initiation Protocol (SIP) voice services and Border Gateway Protocol (BGP) activities.
To protect against application layer attacks, an organization needs some form of Zero Trust (ZT) architecture which assumes all users and devices are a threat until they are authenticated, inspected and satisfy security policies. ZT rules can be applied to virtually any combination of host, host group, Active Directory user/group, port, protocol, service, range, and blacklist policy.
4. Quarantine Suspicious Hosts
To reduce the risk of malware spreading laterally, organizations should have the ability to quarantine or isolate suspicious or known-infected hosts. One of the best ways to do this is via endpoint agents, which can identify and quarantine malware threats in real-time. They also enable ZT security enforcement to ensure devices meet policy requirements before being granted access to IT resources.
5. Deploy Endpoint Protections
Devices used for remote work need much more than the basic antivirus and antispyware protection, including MFA and on-board endpoint detection and response (EDR) capabilities.
MFA ensures the person trying to access the network is the authorized user, while EDR continually monitors devices for threats and blocks them. Finally, data should be encrypted on each endpoint device disk and as it travels across the WAN.
6. Use Microsegmentation
Every organization should segment LAN, WAN and local data center traffic into subnets. Doing so will secure communications from workstation to workstation, workstation to server, and server to server — ultimately reducing an organization's attack surface and risk. Microsegmentation also ensures, for example, that an attacker can not move laterally between subnets and deeper into the organization.
Virtually overnight, the COVID-19 pandemic has changed the way organizations around the world work and keep their businesses running. This transformation of business processes requires a requisite response in how we secure remote endpoints and the IT resources they need to access.