Protecting the remote workers – network gateway

Security Technology

April 28, 2020

Protecting the remote workers – network gateway

Protecting the remote workers – network gateway

Remote workers who are accessing the internet through their home routers are unlikely to be doing so with enterprise-grade security. Especially if the organisation’s home workforce was set up at speed.

At best, their home router might simply have a basic firewall or web filtering features enabled. Even in these situations, whilst it is welcome that service providers have made a step towards improved security, how appropriate or useful will such general public configurations be for your business?

Here are two key steps your organisation can take to secure corporate and personal devices across your network whilst maintaining the advantages and effectiveness of remote working operations and activities.

  1. Secure Internet Gateway (SIG) or DNS protection

Organisations facilitating remote working for their employees need to look for other ways to achieve secure internet access. They need to implement this without putting undue strain on the existing IT resources, such as firewalls. If such situations occur, performance for all remote workers is degraded and the network becomes slow as data must flow in and out of the corporate resources, introducing bottlenecks.  When this occurs workers get frustrated and give up, or look for ways to break from the policy that was implemented to protect them, such as navigating around VPN access or introducing personal devices or shadow IT cloud services to gain improved data access speeds.

Platforms that provide secure internet and Domain Name Server protection (often referred to as Secure Internet Gateways or SIGs) can secure workers when working both inside and crucially remotely from the organisation. This means when working from home, over Wi-Fi, wired or tethered to a mobile provider your corporate IT rules, protection and management, travel with each individual user, no matter where they are located (including secure internet access and virtual firewall protection).

Many of these security solutions are powered from within the cloud and offer behaviour-based protection to the organisation, meaning that they use machine learning models to pick up indications of malware activity from Domain Name Server (DNS) traffic and thus provide protection across the business user base even before an outbreak starts (often referred to as day zero security protection).

As the best of these platforms are deployed globally in a cloud services model they are relatively quick to enable for the entire workforce, even if the team is now spread out in 10’s, 100’s or 1000’s of geographic locations and in one or multiple countries.

Rather than devaluing existing IT infrastructure investments, cloud-based security services can complement current environments, typically enhancing and expending the existing investments of corporate networks, firewall and identify management and intrusion protections systems.

These services can be consumed in a subscription model, so during these challenging times for business they can often be accommodated and introduced via available operating expenses rather than trying to find available capex budgets when cash and cashflow management may truly be king for the organisation.

  1. Advanced Malware Protection

Advanced Malware Protection (AMP) is the natural evolution from the legacy antivirus services that have traditionally been deployed on firewall platforms, servers and employee desktop client machines, and which may have all been configured and designed to operate inside the organisation’s traditional four walls.

AMP focuses not only on preventing malware from getting into and onto the network in the first place but is also designed to halt the spread of malware within and across the network to multiple devices.

Malware Protection should provide proactive monitoring of the behaviour of any suspicious activity, recording and tracking activity for investigation whilst at the same time providing protection on every endpoint and across the wider network.

IT Security teams can gain insight into what processes were running on the endpoint which attempted to trigger an attack, what the malware payload looks like as well as what other internal and external networks it has attempted to communicate with (for example a hacker controlled area) whilst avoiding being compromised or infected.

AMP may extend into a cloud based global security monitoring service, where the cloud platform incorporates features such as sophisticated machine learning and AI to determine how to best protect the organisations endpoints should an unknown threat which has not been seen previously across the global cloud monitoring engine attempt to perform an undesired or unauthorised action.

Unknown, or unseen activity, behaviour or files that is deemed a potential threat will be automatically quarantined and live tested using automatic processes and machine learning within the system. Automated tests are performed in a protected cloud environment for further judgment (sandboxing). If the item is safe, the process or file is released, if it is not classed as safe then it will remain quarantined. This takes a significant workload away from human IT teams that are often overwhelmed with “false positive” security alerts.

Rather than devaluing existing IT infrastructure investments, these cloud managed Malware Protection solutions complement current environments, typically enhancing and expending existing networks, firewall and identify management and intrusion protections systems.

Security cannot be selective

Cybersecurity cannot simply be available only during the periods when employees are working in an organisational premise or campus (“on-net”). Work is something that we all perform, not simply a place that we go to. IT security systems and policies must protect employees wherever they may go and without compromising performance.

As organisations adapt to what is being termed “the new normal” we must not allow our rapid response to local and global situations to create unplugged gaps, weaknesses and vulnerabilities that are easy for cyber criminals to exploit.  As we focus on maintaining our current operations and organisational performance, we can all be certain that criminals will be probing and designing methods to attack, breach and extort those that do not quickly plug such gaps.