The way we collectively live, work and play has drastically changed. As social distancing measures continue, the human and economic costs are becoming increasingly evident in many real and tangible ways.
It’s clear that the “old way” of doing business is no longer possible. Companies of all sizes have shifted to a remote work environment to reduce physical interactions and are considering long-term variations of the remote workforce model. Unfortunately, remote connectivity also introduces new cyber risks to both organizations and individuals. For security teams, understanding this risk is more important now than ever before. To truly understand the risk, security teams need visibility and empirical data on the performance of their security program that can only be achieved through security validation technology.
Why Organizations Need Security Validation
Without data-driven evidence demonstrating security performance, organizations are operating on assumptions—and that’s dangerous as they are at high risk of an attack, as proven in today’s reports about determined adversaries launching COVID-19 themed campaigns. Through continuous testing against real attacks, organizations gain insights to validate that security controls in place are working as they should.
Remote Working and Security Validation: Understanding Risk Exposure
As organizations continue to rely on a remote workforce, risk exposure to an attack started has been on the rise due to increased adoption of cloud infrastructure, employees using home networks and switching to personal devices, and rapid adoption of third-party software tools. Now more than ever, organizations need to take the right steps to protect an expanded attack surface. After all, it only takes one email click on a user-connected device in a corporate environment to provide remote access to an attacker.
To get there, security validation becomes a critical component of protection by enabling organizations to understand business risk and adapt their defenses in these two primary areas:
1) Extending enterprise security functionality to a remote workforce:
The simple truth is that people working from a home environment are the biggest risk area for any enterprise. With security validation, companies can reduce their risk exposure by:
- Controls validation: Validation of controls—access, visibility and monitoring are all essential to reducing risk exposure as VPN solutions provide internal enterprise network access to remote workers.
- Source IP visibility: SIEM correlation after VPN concentrator where attribution to a user may not be as easy to tie back to a domain user.
- Segmentation validation for VPN access: Validating segmentation controls to control lateral movement once authenticated to the network.
- Environment drift: Testing how systems being remote for updates and coming from multiple different public IP addresses changes over time.
2) How user/remote worker exposure increases business risk:
With employees working from home, every connected personal device and wireless connection represents a new entry point for a hacker. Security validation technology provides proactive insight that companies need to understand risk and improve defenses to protect their business-critical assets through:
- Split vs. full tunnel visibility: Validation of an organization’s posture against split tunnel attacks. Due to the use of VPN and the increase in remote connectivity, organizations that have previously only operated full tunnel connections may migrate to split tunnel to reduce bandwidth. However, this can result in bypassing visibility entirely for most network controls (DLP, C2, MFT).
- Unmanaged device access: Endpoint attacks in a work-at-home setting. Maintaining and validating host signatures/controls and possibly not updating when not attached to a domain contribute to the risk of attack. Where possible, a verification of compliance before connecting to environments could be implemented.
- Data Loss: Validating data leakage/loss controls and policies related to remote workers/access.
- VPN recon and movement: Reconnaissance and lateral movement into a network from a remote access system over VPN.
- Phishing/spear phishing email: Phishing email attacks with COVID-19 themed lures.
Security validation provides evidence that an organization is proactively prepared for the latest attacks and adversaries, regardless of what today’s standard operating model looks like. By implementing security validation as a key component to today’s enterprise security strategy, organizations can gain measurable data to understand their business risk and optimize security controls to proactively optimize defenses.
Interested in learning how to validate controls against current and emerging attacks and adversaries? Check out our website to learn more about validating cyber security effectiveness.