December 22, 2022
3 Must-Have Security Solutions for Remote Work
Now that remote and hybrid work models are the norm, organizations must adapt their cybersecurity environments to meet the moment.
When the COVID-19 pandemic first forced employees to work from home in March 2020, there was some speculation that the physical office might become a thing of the past. That hasn’t exactly happened, but business and IT leaders have come to realize that some level of remote work is here to stay, even for organizations urging employees to return to the office. Workers now expect flexibility from their employers, and managers realize that remote work capabilities can help their organizations navigate challenges such as extreme weather and talent shortages.
As remote and hybrid work environments continue to evolve, organizations should look to the following four cybersecurity solutions to keep their systems, data and employees safe.
Remote workers rely heavily on cloud resources to do their jobs. Accordingly, they need the protection offered by cloud-delivered security. One technology that has helped companies provide efficient and secure solutions is secure access service edge, or SASE (pronounced “sassy”). According to Palo Alto Networks, SASE combines wide area networking and network security capabilities — such as cloud access security brokers — with Firewall as a Service and zero trust, creating a single, cloud-delivered service model. A SASE architecture can identify users and devices, determine context in real time and apply policy-based security across remote workflows. Gartner predicts at least 40 percent of enterprises will make SASE a part of their security strategies by 2024, up from less than 1 percent at the end of 2018.
SASE solutions provide security services to workers no matter where they are in an office or around the globe. They are a win for security, in that systems are protected all of the time, and also a win for business in efficiency gained. SASE provides security solutions closer to the end user, all across the world, enabling employees to open up documents more quickly and browse more readily than they would if the organization had to backhaul internet services to an office location (for instance, with a traditional VPN). With the deployment of a zero-trust network access solution, all users can directly access the resources they need, no matter if they are in a traditional data center or a private network. This direct-to-cloud and ZTNA approach has enhanced security and made entire workforces dramatically more efficient.
Any large organization that isn’t using multifactor authentication has likely already been compromised, whether leaders know it or not. Recently, we’ve seen an evolution in the space, with vendors and customers beginning to realize that MFA tools that rely on phone calls and SMS alerts can easily be compromised.
Even physical or application-based MFA can be compromised if the authentication can be relayed or replayed. We have seen an increasing number of attacks against employees convincing them to authenticate with MFA to an attacker website that then relays that authentication and establishes an authenticated session. The only way to truly prevent this is to move to modern MFA that validates the authentication end to end. Protocols such as FIDO2 or a passwordless solution that validates the endpoint, plus biometrics, provides a more robust authentication and an amazing end-user experience.
With solutions such as user and entity behavior analytics (UEBA), organizations can detect suspicious behavior on the part of end-user accounts and can identify anomalies in infrastructure components, including routers, servers and devices. As attackers become more sophisticated, the tools we use to protect end users and endpoints must become more advanced.
UEBA solutions look for changes in normal user and system behavior. User behavior can vary, but there are some obvious changes when a system is compromised. Attackers start to look for what data access they have and what other systems they have access to. This almost always shows a change in behavior. Servers, routers and Internet of Things devices all tend to do the same thing day after day, which enables UEBA solutions to detect deviations.
Many organizations find it more challenging to monitor logs and usage data where they are unable to deploy an automated software agent. For those systems, gathering logs (if possible) and analyzing network traffic is required. Integration of these UEBA solutions into a security mesh allows for automated actions to alert admins or potentially isolate a system that starts to behave outside the norm.
Many organizations are still figuring out their mix of remote, hybrid and in-person work. Yet, even in businesses where most employees are expected to regularly come into an office, events will pop up that require at least occasional remote work. Organizations need solutions and practices that enable them to offer employees a high level of security, no matter where they are.
Story by Jeremiah Salzberg, is a security leader with over 25 years of security leadership experience in the financial, telecommunications and manufacturing sectors. He has held security positions responsible for engineering and architecture, penetration testing and incident response, as well as numerous CISO-level positions. In his role as chief security technologist for Sirius, a CDW Company, Jeremiah is charged with evaluating current and emerging security technologies to ensure that clients can effectively address their cybersecurity challenges.