In our last post, we discussed the growing number of attacks on endpoint devices, and how traditional antivirus tools are no longer enough to protect against these threats. Increasingly, hackers are using zero-day exploits, polymorphic malware other sophisticated attacks to breach endpoints and gain access to the corporate IT environment. These attacks show no sign of abating are more and more users work outside the firewall.
Our last post focused on the use of endpoint detection and response tools to continuously monitor endpoints, detect suspicious activity and block threats. But what about the connection between the endpoint and the company network? Traditionally, organizations have used virtual private networks (VPNs) to create a secure “tunnel” through the public Internet. However, VPNs alone don’t provide adequate protection against today’s blended threats.
In essence, a VPN encrypts the data traveling too and from the endpoint device using either the IP Security (IPsec) suite of protocols or the Secure Sockets Layer technology built into every Web browser. Most corporate VPNs provide users with a portal that allows them to access company resources from virtually anywhere as if they were behind the firewall.
VPNs aren’t foolproof, however — weak encryption methods, sophisticated attacks and user error can lead to a security breach. In addition, growing numbers of remote users and third parties need access, which makes managing the VPN an administrative headache.
More critically, VPNs don’t provide granular control. A hacker who is able to compromise a VPN connection would gain the same level of access as the user. Depending upon the user’s access privileges and how the network is set up, this could potentially be devastating.
While VPNs are still an important part of the corporate security infrastructure, they should be used in combination with network segmentation. A properly segmented network restricts the movement of an attacker who is able to gain access through stolen user credentials or a compromised VPN.
Strong access control policies are also critical. Organizations should enforce least privilege access, granting to users only the privileges they need to do their jobs and nothing more. This is particularly important when it comes to privileged credentials, which gives the user administrator-level access to systems. Privileged credentials should be granted sparingly, and carefully protected. Ideally, privileged access should not be allowed via the VPN.
Finally, multifactor authentication (MFA) can add an extra layer of security to VPN access. By using a second factor beyond a password to verify a user’s identity, MFA protects against credential abuse. In addition, MFA helps organizations comply with PCI DSS, HIPAA, NIST 800-171 and other regulations that require MFA for remote access. The right MFA solution also enables organizations to better secure cloud platforms and applications while creating a consistent access experience across on-premises and cloud environments.
Ideally, all of these security features should be fully integrated into a comprehensive remote access solution. Technologent can help you develop a remote access security strategy and implement tools that boost the effectiveness of your VPN.