Retrofixing The Remote Workforce

The rollout of infrastructure to support remote working en masse has been key to keeping businesses running over the past few years. But this was only ever expected to be a temporary solution - nobody expected the pandemic to last as long as it did, nor for remote and now hybrid working to become the norm. 

According to the UK Office for National Statistics, only 16 percent of workers now work solely from home, while 28 percent have a hybrid working arrangement, oscillating between the home and the office from September 2022 to January 2023. However, during 2022 those working from home rose and fell between 25-40 percent with no clear upward or downward trend, indicating a fluidity to people’s working arrangements. To accommodate this, businesses have to provide equally flexible infrastructure and so now need to look in earnest at the security of the systems rolled out in haste three years ago.

Prime Concerns

There are some very specific challenges associated with remote working. First and foremost is the problem of establishing a secure connection. Traditionally, organisations have relied upon Virtual Private Networks (VPNs) to facilitate this, but these have been compromised in the past. The likes of the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all since issued warnings following a ramp up in VPN attacks post-pandemic.

So, the VPN needs to be secure with no unencrypted connections, or the business needs to have a Zero Trust Network Architecture (ZTNA) in its stead.

Secondly, endpoint protection is a primary concern. Now situated outside the network perimeter and its associated security measures, these endpoint devices have become much more vulnerable. Some users will want to use a combination of personal and work devices, again elevating risk, so it’s important to ensure only authorised devices can connect to the business network. These require remote monitoring, updates and provisions to facilitate the rollout of new applications on an automatic basis and to avoid the need for self-install, which can then burden the help desk.

Managing and securing users, their devices and the infrastructure, is undoubtedly a complex issue, and it’s one that is keeping the cyber C-Suite awake at night, with 52% admitting this is their top source of stress, according to the 2022 Deep Instinct Voice of SecOps report. But the hybrid workforce is also symptomatic of a much wider change which is seeing accelerated use of public cloud, more tightly interconnected supply chains and the expansion of public-facing digital assets, all of which further heighten risk. So, what should be the CISO’s course of action?

Where To Begin

Cyber leaders need to be able to track and analyse activity from different sources across a complex and widely distributed IT infrastructure, but there’s also a need to control cost, particularly in the current economic climate. So, rather than adding to the cybersecurity stack, it pays to look at how it can be consolidated.

Combining technologies over a single platform can provide a cohesive security solution that can monitor endpoints, network access and look for anomalous behaviour without the need to invest in yet more point solutions. Endpoint detection and response is a case in point. Many medium sized businesses cannot justify the expense of investing in a dedicated solution, but by deploying an advanced agent integrated with the Security Information and Event Management (SIEM), it’s possible to remotely monitor endpoints. Endpoint logs and telemetry are fed into the SIEM, analysing and can then be automatically investigated and contextualised using another integrated solution, Security Orchestration, Automation and Response (SOAR).

SOAR enables the business to aggregate and prioritise security alerts through the use of additional contextual and intelligence information. Automated playbooks enable automated response, ensuring a much speedier Mean Time to Respond (MTTR). Essentially this means any attack coming from the remote worker can be qualified, flagged for investigation, and the attack thwarted before business assets are compromised.

User Monitoring

But there’s also the opportunity here to monitor the end users themselves. User Entity Behaviour Analytics (UEBA) can provide end user analysis. It builds user profiles based upon role, access privileges and more, with the net result that any deviation in activity is then flagged to the security team. These parameters can also be applied to specific teams and are highly nuanced so that exceptions can be made when it comes to certain access requests. Adding important context like this can help organisations align with key security frameworks, like MITRE ATT&CK, but more importantly help baseline the new normal from a working practices perspective. 

Given that many businesses are still reliant upon VPNs, a policy based approach that’s hard to enforce or audit, at the early stages of implementing a Zero Trust strategy, have limited or no endpoint detection, and are continuing to see their information estate expand, it makes sense to look at a converged approach.

Combining together these technologies over a converged SIEM can enable the business to more effectively monitor endpoints, run interrogations to uncover potential threats, analyse incidents, carry out automatic incident detection and response, and use behaviour-based threat modelling.

All of which ensures the security team is given more meaningful data that can be used to better protect the remote workforce and the business as a whole.   

Tim Wallen is Regional Director, UKI, US & Emerging Markets at Logpoint

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Is ISO 27001 Worth It?
Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Arctic Wolf Networks

Arctic Wolf Networks

Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service that redefines the economics of cybersecurity.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Certification Forest

Certification Forest

Certification Forest are one of the leading certification training providers across the world.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.