Edgewise is now part of the Zscaler family. Learn More
 
 

COVID-19: Securing newly remote users and admins by extending zero trust

The global COVID-19 pandemic has forced millions of workers to become remote employees, with very little time to prepare. Naturally, the first priority for IT is to ensure everyone has remote access and the tools they need to work from home. But such a rapid move from working in an office to working remotely creates serious security concerns that IT needs to address as soon as possible.

For example, we have customers whose employees are all set up on desktops, which meant that people loaded their desktops into their cars and are now working on them using their personal Wi-Fi service. Some readers may see this and laugh — who doesn’t issue laptops these days? But there are good reasons to put people on desktops. In at least some cases, these desktops and workstations were tied into an isolated, segmented-off network. 

That leaves IT with a very difficult choice: send critical employees home with no way to work or send them home with their machines and figure out the security issues in real time. Most have chosen the latter.

The security issues are formidable. In most organizations, scanning for anomalous behaviors and potential threats is a centralized activity. With traffic now traveling over home networks, traffic inspection is not feasible. 

Other potential security issues include:

  • Insecure connectivity: Worst case scenario, let’s say an attacker specifically wants to target your organization. They can search for employees on LinkedIn, identify nearby individuals, search for their address and then park outside the employee’s home address. Once they’ve identified the strongest Wi-Fi signal, they can use brute-force hacking techniques to get into the device and piggyback over the VPN into the corporate network.
  • Unprotected egress allows exfiltration of data: Because security is often centralized inside the corporate network, remote workers have unprotected egress, which increases the risk of data exfiltration by attackers.
  • Phishing: Cybercriminals are using fear and misinformation of COVID-19 to convince targets to open phishing emails and their attachments. 
  • Expanded attack surface: Overnight, organizations have seen the number of endpoints outside the firewall grow exponentially, which again, increases network attack surface and breach risk. 
  • Unprotected VPN that have lax policies, hastily put together: Few organizations were prepared to support their entire workforce remotely. As a result, the VPNs they hurriedly configured are likely to have insufficiently strong policies that create vulnerabilities attackers can exploit. A classic example of this is split tunneling, which simultaneously allows the device to communicate with the local networks and remote networks. This simple configuration error allows attackers remote access through the VPN.

Stay on the cutting edge. Subscribe to our blog.


Solving remote security issues through zero trust

The key problem is this: Centralized control in monitoring too often relies on a physical network connection, and in the current environment, that model just doesn’t work. Instead, we need to move to a model where security follows devices. People have already moved in this direction when it comes to security in the cloud, where you can’t rely on appliance-based control. Security has to reside in the device itself.

Work from home securely

To help our customers deal with this situation, we’re enabling them to extend identity-based zero trust security to these remote endpoints. It’s a fairly simple process because of our automated machine learning capabilities within our zero trust platform

First, we create a segment for the desktop and verify the identity of all the software trying to communicate over the VPN. That’s critical, because in a typical network address-based security environment, there’s no way for IT to determine what is communicating, only how it is doing so. It’s as if the FBI intercepts a conversation between two gangsters, and, as soon as they realize they’re speaking in English over the regular phone system, the agents assume that the gangsters’ communications are all completely innocent. That’s almost exactly what network-based security systems do. They look at the protocol and the network address. So long as they check out, communications are allowed, even though IT has no idea what or who, exactly, is trying to communicate.

At Edgewise, we identify exactly what software and devices are communicating through the use of unique cryptographic fingerprints down to the script level. These identities are built using immutable properties of the workload, such as a SHA-256 hash of a binary or the UUID code of the BIOS, and many more.

In this way, Edgewise can verify, for example, that Amy’s laptop is running an SAP app that needs to connect to the corporate SAP back-end, and that no other software on her machine is allowed to do so. After we segment the endpoint and establish policies, we leave it in simulate-block (or monitoring) mode to make sure the policy set does what it is supposed to do, and that it doesn’t impede a user’s day-to-day work. It’s pretty obvious when there’s a problem, and it can be easily fixed.  Once we have verified the policies, we move it over to full enforcement mode, and the desktop is now operating in a zero trust environment.

It’s an unsettling and difficult time for most everyone. Not having a security contingency plan in place will only exacerbate concerns. You do not have to settle for compromised security just because your entire company converted to remote work overnight. Identity-based zero trust segmentation can extend from your cloud or data center and can follow your company’s desktops and laptops to keep them and the data flowing through them safe.

Want to delve into this topic in even more depth? Watch CEO Peter Smith discuss it with Paul's Security Weekly crew in this video podcast

Dan Perkins, Director of Products & Solutions

Written by Dan Perkins, Director of Products & Solutions

Dan Perkins is Director of Products and Solutions for Edgewise Networks, where he oversees the direction and development of Edgewise’s zero trust platform. Prior to Edgewise, Dan was Director of Product Management at Infinio, where he was responsible for product vision and the ongoing quality and applicability of Infinio’s solution. He also previously served in several software engineering and quality assurance roles for Citrix. Dan holds a B.S. in computer engineering from Northeastern University.