Retrofixing The Remote Workforce

The rollout of infrastructure to support remote working en masse has been key to keeping businesses running over the past few years. But this was only ever expected to be a temporary solution - nobody expected the pandemic to last as long as it did, nor for remote and now hybrid working to become the norm. 

According to the UK Office for National Statistics, only 16 percent of workers now work solely from home, while 28 percent have a hybrid working arrangement, oscillating between the home and the office from September 2022 to January 2023. However, during 2022 those working from home rose and fell between 25-40 percent with no clear upward or downward trend, indicating a fluidity to people’s working arrangements. To accommodate this, businesses have to provide equally flexible infrastructure and so now need to look in earnest at the security of the systems rolled out in haste three years ago.

Prime Concerns

There are some very specific challenges associated with remote working. First and foremost is the problem of establishing a secure connection. Traditionally, organisations have relied upon Virtual Private Networks (VPNs) to facilitate this, but these have been compromised in the past. The likes of the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all since issued warnings following a ramp up in VPN attacks post-pandemic.

So, the VPN needs to be secure with no unencrypted connections, or the business needs to have a Zero Trust Network Architecture (ZTNA) in its stead.

Secondly, endpoint protection is a primary concern. Now situated outside the network perimeter and its associated security measures, these endpoint devices have become much more vulnerable. Some users will want to use a combination of personal and work devices, again elevating risk, so it’s important to ensure only authorised devices can connect to the business network. These require remote monitoring, updates and provisions to facilitate the rollout of new applications on an automatic basis and to avoid the need for self-install, which can then burden the help desk.

Managing and securing users, their devices and the infrastructure, is undoubtedly a complex issue, and it’s one that is keeping the cyber C-Suite awake at night, with 52% admitting this is their top source of stress, according to the 2022 Deep Instinct Voice of SecOps report. But the hybrid workforce is also symptomatic of a much wider change which is seeing accelerated use of public cloud, more tightly interconnected supply chains and the expansion of public-facing digital assets, all of which further heighten risk. So, what should be the CISO’s course of action?

Where To Begin

Cyber leaders need to be able to track and analyse activity from different sources across a complex and widely distributed IT infrastructure, but there’s also a need to control cost, particularly in the current economic climate. So, rather than adding to the cybersecurity stack, it pays to look at how it can be consolidated.

Combining technologies over a single platform can provide a cohesive security solution that can monitor endpoints, network access and look for anomalous behaviour without the need to invest in yet more point solutions. Endpoint detection and response is a case in point. Many medium sized businesses cannot justify the expense of investing in a dedicated solution, but by deploying an advanced agent integrated with the Security Information and Event Management (SIEM), it’s possible to remotely monitor endpoints. Endpoint logs and telemetry are fed into the SIEM, analysing and can then be automatically investigated and contextualised using another integrated solution, Security Orchestration, Automation and Response (SOAR).

SOAR enables the business to aggregate and prioritise security alerts through the use of additional contextual and intelligence information. Automated playbooks enable automated response, ensuring a much speedier Mean Time to Respond (MTTR). Essentially this means any attack coming from the remote worker can be qualified, flagged for investigation, and the attack thwarted before business assets are compromised.

User Monitoring

But there’s also the opportunity here to monitor the end users themselves. User Entity Behaviour Analytics (UEBA) can provide end user analysis. It builds user profiles based upon role, access privileges and more, with the net result that any deviation in activity is then flagged to the security team. These parameters can also be applied to specific teams and are highly nuanced so that exceptions can be made when it comes to certain access requests. Adding important context like this can help organisations align with key security frameworks, like MITRE ATT&CK, but more importantly help baseline the new normal from a working practices perspective. 

Given that many businesses are still reliant upon VPNs, a policy based approach that’s hard to enforce or audit, at the early stages of implementing a Zero Trust strategy, have limited or no endpoint detection, and are continuing to see their information estate expand, it makes sense to look at a converged approach.

Combining together these technologies over a converged SIEM can enable the business to more effectively monitor endpoints, run interrogations to uncover potential threats, analyse incidents, carry out automatic incident detection and response, and use behaviour-based threat modelling.

All of which ensures the security team is given more meaningful data that can be used to better protect the remote workforce and the business as a whole.   

Tim Wallen is Regional Director, UKI, US & Emerging Markets at Logpoint

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Is ISO 27001 Worth It?
Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.