There is an adage that goes, “the only constant is change.” And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security.
This is especially true now as security leaders have to support the rapid transition of the network to a secure remote access model. During such transitions, fixed-in-place security solutions – and their rigid policies and configurations – struggle to keep up. Network connections that can change instantaneously in response to shifting business requirements can take a security solution minutes or hours to be reconfigured. And that lag time is prime for exploitation.
Six Critical Elements of an Agile Security Strategy
To close that gap, security administrators need to leverage critical security solutions and strategies to ensure that security can function as nimbly and quickly as the networks they need to protect. But rather than addressing this challenge using a one-off solution, as many organizations under severe time constraints may be inclined to do, they must instead be part of a broader and tightly integrated security-driven networking strategy.
This approach not only solves the problem at hand but can also be easily adapted over the next few weeks and months to augment and further refine the initial strategy. The ultimate goal for network changes is that they should work together as a single, integrated system. An agile security solution enables security functionality to define the limits of network expansion to ensure that new initiatives don’t open up the attack surface to exploitation.
For many organizations, all of their initial secure teleworker solutions are now in place. What’s next will be to enhance and further secure this new networking model with agile security solutions designed to roll seamlessly into your current security strategy.
1. Endpoint controls – As end-users seek network access from remote locations, many may be using personal devices that are connected to home networks that include children engaged in e-school, other remote teleworkers, and even game, entertainment, and home security solutions. This can expose these devices to infection and risk. So in addition to VPN software that simply provides a secure connection back to the core network, they need an agent that can share the security state of the endpoint device and an endpoint management system that can push appropriate security and access policies and updates back to the endpoint device.
In addition, new EDR (endpoint detection and response) solutions provide real-time threat protection for endpoints both pre- and post-infection. In addition to things like advanced antivirus tools to detect and eliminate threats, they also have the ability to detect live threats and defuse them before they are able to execute, enabling endpoint devices to continue functioning securely without extended reimaging or other measures from the remote helpdesk.
2. Dynamic cloud access – Automated security and access controls also need to be applied to users and devices seeking remote access to cloud-based resources. Because users are no longer accessing cloud services from inside the network perimeter, organizations can lose visibility and control over who is accessing SaaS and other cloud resources, and how those resources are being used. The other challenge is that remote workers who are using a split tunnel model to directly access the internet are also being exposed to online threats that the core network security solutions were protecting them against.
There are a wide range of cloud-based controls that can fill these gaps, ranging from security services placed in cloud environments, such as cloud-based email or web filters, to cloud application security broker (CASB) solutions designed to protect access to SaaS applications such as Salesforce or Office 365.
3. Network access control: Implementing a massive teleworker program can create a network access nightmare. Even with a VPN and multifactor authentication place, organizations still need to control which devices can connect to the corporate network, and when they connect, which resources they have access to. Network Access Control can see and identify everything connected to the network, as well as control those devices and users, including dynamic, automated responses.
NAC solutions enable IT teams to see every device and user as they connect. They also provide the ability to limit where devices can go on the network, such as older personal devices that require patching and system upgrades. And they provide continuous monitoring combined with automated response to automatically react to devices that fall out of policy or begin to misbehave.
4. Network segmentation – The next step is to ensure that devices, applications, and workflows are separated, secured, and monitored once they gain network access. In most organizations, once a hacker or piece of malware manages to get past a network access control point, virtually no active network scanning is taking place. Which is why the average dwell time of an attack is anywhere from 49 to 150 days. Network segmentation ensures that all devices, users, data, applications, and workflows are automatically assigned to a specific, security-based segment of the network the moment they gain network access or are initiated by an internal device. This not only ensures that edge-based policies are extended deep into the network, but that workflows initiated inside the perimeter are isolated and protected, from origination to destination.
5. AI-based threat intelligence – Adding automation, machine learning, and artificial intelligence to your network management and control systems help your organization identify and respond to new threats in near real-time. For example, AI-driven intelligence can quickly pivot to new COVID-based threats and lures as the cyber-criminal community embraces a new attack vector, rooting out attacks before security analysts are even aware of them. These systems can also correlate the massive amount of data now being generated by remote workers to identify even the most evasive threats, and then take direct, immediate action to shut them down.
6. Integrated security management – Of course, even though the location of your workers may have shifted, the same management tools that are needed for normal operation continue to remain important (and useful) during remote operations. Tools designed to consolidate, simplify, and automate the management of multiple security devices is essential when human resources are necessarily focused on other priorities.
With the Right Tools in Place, Change can Occur Rapidly and Organically
Deploying security tools and strategies such as these, built around a unified and integrated security fabric, ensure that security administrators can quickly and easily provide full security protections to even the most dynamic and rapidly changing elements of their network. It also ensures that radical changes in network environments, such as the rapid rollout of a corporate-wide secure remote worker strategy, are not only done with confidence but that the tools needed to enhance that transition over the next weeks and months can be deployed quickly and cost-effectively.
Learn More at SecurityWeek’s Security Summit Virtual Event Series