Securing the Immediate Shift to Remote Work
Securing a Network Infrastructure has never been a static activity. Adjustments are always needed but are normally related to disruptive technologies that are introduced over time. What we are experiencing now is a massive shift in network architecture in an unprecedented short period of time. The migration of a workforce from inside a network to remote locations has already strained corporate (and government) resources driving the need for upgrades, but this initial wave of IT upgrades is not the only challenge that organizations will face. We believe that there are three phases of this forced migration:
• Physical IT infrastructure expansion
• Security Incident Identification expansion
• Zero trust architecture expansion
Use Case #1: Standard Operating Environment (SOE) used remotely
This use case has two components that need to be addressed. As noted earlier, the load on a VPN concentrator will need to be addressed before an entire workforce can shift to remote access. The Network Architect can use Split tunnels or Symantec Web Security (WSS). WSS is the ideal solution to split tunnels because traffic to web services not under corporate control can be secured by WSS. Additionally, Symantec Secure Access Cloud mediates a secure network connection between each remote user and application, to provide least-privilege access to authorized services and reduce the attack surface. An SOE is more likely to have a known endpoint security posture and participate in a Domain Environment. This will certainly reduce the attack matrix but there is always an opportunity for an actor to succeed. If an actor gains access to an SOE endpoint on a corporate network, they will explore the environment to determine what information is available and to move laterally across the network
Use Case #2: Use Your Own Device (UYOD) environment used remotely
We know that some organizations are asking users to connect to corporate assets from home computers, most likely by installing a VPN. This method of access introduces extensive risk to an organization because the back office has little to no control of the security posture of the endpoint. The endpoint may already have an active threat or could become infected when used for family computing activities.
Use Case #3: UYOD environment connecting to United States Government (USG) resources
If a UYOD worker is using a CAC or PIV card to authenticate to web applications within government networks, they are raising the risk to the organization. If their system is infected with sykipot-like malware, the actor can ride on the connection and attack the web service the user is visiting or access the user’s sensitive information. The CAC and PIV software does not have an ability to perform Network Access Control over this type of connection. The security posture of the entire network would rely on the protections of that one machine.
Use Case #4: Bring Your Own Device (BYOD) Mobile device access
Desktop utilization is not the only stress point on a corporate network in this migration window. Mobile connections to corporate resources are likely to increase regardless of a corporation’s BYOD policy. While solutions have been introduced for securing mobile devices, applying these to BYODs continues to be a challenge due to lack of an enforcement mechanism. On personal devices, as opposed to managed endpoints, the employee is the “admin” and essentially decides what goes onto their device. This has made it difficult to achieve widespread adoption of Mobile Threat Defense (MTD) apps on employee BYODs. This was an issue even before the remote migration. We expect this problem to be exacerbated by recent trends.
Reference (Full Report)
White Paper By Symantec...Securing_Remote work.pdf
.png)
Comments