Network security has traditionally been anchored to office and datacentre locations, in more recent times and with the increase of Remote Working, this has added new security challenges by increasing the overall attack surface faced by organisations, but also potentially taking remote workers away from the security provided by corporate networks.
In this article we will look at the different options available for addressing network security for remote workers and also the challenges it can introduce.
Virtual Private Networks (VPN’S)
Many businesses operate with a network VPN, enabling remote users to connect back to the office network over a secure tunnel. This means that all of the users network traffic goes over the internet, into the office network and back out of it. The benefit of this is that the user will still be protected by network security appliances installed in the office or data centre. There are a few downsides though, firstly if you don’t configure the end device correctly, the user could access the internet without connecting to the corporate VPN, exposing them to security threats. The second issue is that this requires a large amount of bandwidth at the office internet connection, the more users then the faster the connection you will need.
While this scenario works for large organisation such as banks and financial institutions who implement adequate controls and capacity management, implementing a VPN for a large number of staff requires a lengthy period of planning and implementation.
Secure Access Service Edge (SASE)
SASE solutions reinvent the network perimeter and enable you to protect your devices with multiple layers of cloud delivered network security, regardless of their location. SASE solutions can be deployed by installing a simple piece of software to a device and also connecting on premise networks back to the cloud service in order to inspect all inbound and outbound traffic.
Unlike traditional VPN solutions, SASE doesn’t require expensive hardware, nor does it consume large amounts of bandwidth forcing you to upgrade you internet connections.
Once an agent is installed on a device, inbound and outbound network traffic is sent via the SASE service for security inspection. SASE offers a significant increase in security too, with multiple layers of security being deployed including Intrusion Prevention Systems, Application Firewalls, Web Filtering, Malware Scanning, SSL Decryption, Sandboxing and more.
SASE is quick to deploy and can rapidly protect a remote user base from a single piece of software. If your end users do need to connect back to on-premise or private applications and resources, SASE services can also be configured to broker secure remote access, without the need for a VPN.
DNS Filtering & Cloud Web Proxies
Another option would be to deploy DNS filtering and a Cloud Web Proxy service. Like SASE this solution can be installed with a simple piece of software, but it does not give you the same level of features or security coverage.
DNS filtering works by intercepting your web requests and checking the website against a known database of malicious websites. Cloud Proxying takes this one step further by inspecting website and content as your browse for it for malicious content such as malware.
While there are a number of ways to secure remote devices that are off the corporate network, our recommendation is to deploy a SASE solution as it provides a large feature set, enterprise class security and can be quick deployed. If you have any questions about the topics covered in this article then please get in touch.