3 minute read
Pitfalls to avoid.
from TBtech April Edition
by Launched
Yet, organizations continue to tackle new security problems with old technologies. Security strategies need to evolve to meet the needs of today’s business – where users can log on and access corporate resources from anywhere and anytime, no matter what device they are using, and expect to be protected from today’s highly sophisticated threats without impacting performance.
But old habits die hard. These are five pitfalls that organizations fall into when trying to protect remote workers:
Advertisement
1. IGNORING UNMANAGED DEVICES
It’s easy to put your head in the sand and pretend that users aren’t accessing corporate systems on their personal devices. With corporate policies in place, people understand the security risks they are taking by using their phone, tablet, or laptop when logging in. But they do it anyway. Unmanaged devices (and networks, such as home Wi-Fi) pose a major security risk to the organization.
The consumerization of the cloud has also made it easier than ever for users to use a credit card to use own systems or create an infrastructure without following corporate policies or letting IT know. It takes one click to give threat actors access to a device and then spread throughout the network, so businesses need to make sure they can secure the connection between unmanaged devices and corporate systems.
Isolation technology, for example, can create a virtual air gap between users and web content, stopping ransomware, drive-by attacks, and malware before they can access end devices. This is a user-centric rather than devicecentric approach, ensuring that even unmanaged devices and infrastructure (that IT is not aware of) are protected.
2. FAIL TO PLAN, PLAN TO FAIL
Malicious actors are becoming more sophisticated and adaptive in their methods. Cybersecurity is a constant battle between threat actors and security teams. As soon as a new security control is developed, attackers quickly find a way around it. The gap is then plugged by a new tool, and attackers identify another way in. What works today won’t necessarily work tomorrow. Today’s Highly Evasive Adaptive Threats (HEAT) target web browsers and employ techniques to evade multiple layers of detection in current security stacks, including firewalls, sandbox analysis, and phishing detection. HEAT attacks can be used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware and other attacks. Knowledge is power when it comes to all matters security related, and even more so when it comes to emerging threats like HEAT attacks.
3. RELYING ON VPNS
VPN appliances are not scalable enough to meet the needs of digital, agile organizations where users need to access applications quickly and reliably wherever they are. Once credentials are compromised through social engineering, fake login forms, or phishing, threat actors have unrestricted access to the network with little to no east-west security controls in place. Even when they do work, VPNs sap bandwidth and increase latency by backhauling Internet traffic to a secure data center.
Organizations should look at alternative methods of secure remote access, such as cloudbased application isolation, providing connections to applications with a layer of threat prevention. This offers enhanced Zero Trust access and maximizes security posture without impacting the end user experience.
4. OVER-CONSOLIDATING SECURITY SOLUTIONS
Vendor consolidation makes sense to some extent. According to Anomali, organizations rely on an average of 50 to 80 security tools, and that rises to 120 for large enterprises. This software sprawl can lead to higher capital and opex costs while causing integration and visibility issues.
In 2022, Gartner reported that 75% of global organizations plan to consolidate their security vendors over the next 12 months. But too much consolidation can result in a degradation of effectiveness. No vendor can deliver a best of breed security solution that protects across all threat vectors. Anyone who attempts to develop or bolt together a complete solution inevitably will have to compromise. While it makes sense to do some consolidation, relying on a single vendor introduces too much risk. Software sprawl and tech debt are big problems in the industry, but companies must be careful when trading simplicity for weaker protection.
5. RELYING ON DETECT AND RESPOND
The trend in security over recent years has been to tell customers that breaches are inevitable and to focus on detecting malicious behavior inside the network. East-west security is critical, but it shouldn’t come at the expense of protection. HEAT attacks bypass traditional detect-and-respond cybersecurity approaches by hiding in plain sight among seemingly innocuous technologies, such as JavaScript and VPNs. Threat actors can breach the network avoiding detection for days, weeks, or even months. The problem is that the speed at which they make their move after the initial breach. Even a few minutes can be enough time to deliver the payload. Despite what some security vendors say, protection is not a losing battle – prevention works.
The combination of SASE security and Zero Trust, which sees all content as suspect and subject to strict security controls, results in a preventative approach that addresses the legacy flaws of today’s network security stack and changes outcomes.
