This article looks at some key Cyber Security Controls that will help to reduce risk, particularly when you’re protecting a remote workforce from internet based threats. While this is not a comprehensive list of controls, we feel that all of these items are quick to deploy and will offer an immediate increase of security in an organisation.
- Secure Access Service Edge (SASE)
SASE solutions reinvent the network perimeter and enable you to protect your devices with multiple layers of cloud delivered network security, regardless of their location. Often businesses will have security controls installed into the office and while this works to protect devices that are connected to the office network, devices that are used remotely will not benefit from this security unless they connect back to the office via a VPN. This in itself also introduces other challenges such as capacity issues, can your office network facilitate the inbound and outbound traffic of your entire userbase all at once?
SASE solutions can be deployed by installing a simple piece of software to a device and also connecting on premise networks back to the cloud service in order to inspect all inbound and outbound traffic.
Another benefit of SASE is that it can be used to protect and securely access private workloads such as databases, web applications and more, all of this delivered without having to open up any firewalls and expose your servers and infrastructure.
- DNS Filtering
If it is not possible to deploy SASE, consider looking at DNS filtering and web based proxy solutions. While these won’t give you the same coverage as a SASE service, they’re still very effective at reducing the risk faced by organisations, particularly when it comes to blocking Phishing attacks. Again DNS filtering is deployed by installing a small piece of software, so your remote workforce will also benefit from this protection.
- Endpoint Protection & Endpoint Detection & Response (EDR).
Centrally managed Endpoint Protection is key as it allows you view the status of security and threats detected across your devices while also giving you the ability to remotely respond to threats. Endpoint Detection & Response will also enable you to search for suspicious signs of activity and for Indicators of Compromise.
EDR should be high up on the list of any IT manager or security professional, as it gives visibility across entire environments and starts to shift the focus away from signature based protection and looks at the Tactics, Techniques and Procedures (TTP’s) deployed by attackers so you can detect and stop new and never-before seen attacks. Most organisation rely on preventative security technology but when that prevention is bypassed e.g. by a new attack, they lack the detection and response tooling and capabilities to quickly detect, respond and mitigate attacks.
EDR is particularly effective in remote working scenarios as it often includes Incident Response tools and it gives you the forensic ability to respond to incidents remotely. We often see organisations that will rebuild computers if they become infected with malware, this can be very difficult if a user is remote. EDR allows you to reverse the effects of a malware or non-malware based attack without having to rebuild a full device. More importantly though, it gives you full visibility across your whole environment and allows you to query your endpoints and servers, e.g. which devices have made a network connection to Russia in the last 24 hours, what programs have been executed from the downloads folder in the past 30 days.
As we said at the beginning, we have listed these controls because we feel that they provide organisations with remote workers a rapid increase in their overall security maturity and are quick to deploy. Do not forget about other technical controls and measures such as patch and vulnerability management etc.
Our Managed Detection & Response services incorporate a number of these technologies so please get in touch if you’re interested to find out more or have any questions about this article.