Wednesday, 12th May 2021
Logo

Your users have moved, but you still need network monitoring because your Infrastructure hasn’t

Remote working is here to stay - maybe not as widespread as it is today but at a much higher rate than before. As the global pandemic set in around the world, enterprises were forced to send most, if not all of their workforces home. As they did, they onboarded unprecedented numbers of employees into remote working. By Mike Campfield, VP, GM International and Global Security Programs at ExtraHop

This transition cemented a long standing trend. A report by Flexjobs and Global Workplace Analytics showed that remote work has grown by 159 percent over the last 12 years. A Gallup report called The State of the American Workplace - carried out between 2012 and 2016 - showed that 43 percent of American employees already worked remotely at least part of the time.

That said, the recent massive move to remote work was still a shock to the system. Though remote working was building in popularity pre-pandemic - enterprises were not prepared.

For organisations already moving towards remote work, it was a bit easier but by no means simple. New challenges surfaced to ensure employees had the connectivity they needed at scale and created new performance and security issues around connectivity including VPN, RDP, and more. New insight into how and what employees were accessing on the corporate network from home and the tools they were using brought about new visibility requirements. At a time when many were already struggling to see and understand their existing internal activity - chaos was the norm.

It quickly became apparent that additional oversight was needed on everything from printers and other connected devices left on in the physical office space, to the large increase in VPN connections, and employees accessing the corporate network from personal devices. This challenge to see all of the transactions that traverse the network, let alone understand if they are authorised access or malicious activity became a much higher priority. These challenges will continue to morph as a hybrid and transitory workforce emerges. Employees will return to the office but most likely for a few days a week or a few days a month and be constantly connecting from both inside and outside of the corporate network. This will continue to raise the risk of unmonitored connections and activity that has been widening the attack surface.

The Cloud

The advent of remote working has had the parallel effect of deepening some organisations' commitment to the cloud while accelerating others' moves to the cloud. The move towards cloud provides flexibility especially in times when access to the physical data centre is limited. On the one hand it's easier to access your cloud resources from anywhere and provide teams with solutions faster, however, the cloud has also added additional visibility and security challenges.

Cloud misconfigurations are the most common security mishap which can go entirely unnoticed until something bad happens as a result. A McAfee survey from 2019 predicted that the average

organisation suffers from around 3000 cloud misconfigurations a month. Each one of them presents a potential vulnerability that could result in a breach or data leak for that enterprise.

The ephemeral nature of the cloud means that cloud instances are easy to spin up without control or oversight. Enterprises looking for secure migration to the cloud will need to monitor crucial network data which can be accomplished by mirroring that traffic from your cloud provider to a network detection and response solution. With that final piece in hand, enterprises can gain needed visibility into the cloud and combine those insights with their own network data to create a unified vision of the network.

Safe remote work is held up by network data.

The remote work revolution can only be ushered in safely with thorough network visibility.

While many were forced into enacting remote work for the entire workforce, they've also been won over by it. There are a myriad of benefits to it. Employees report better productivity and increased job satisfaction and talent sees it as a competitive differentiator between potential employers. A recent Gartner survey of 317 CFOs found that nearly three quarters of companies are looking to move at least a portion of their on-site employees to permanently remote positions.

The tech giants of silicon valley have announced their intentions to ensure that their employees will be able to work from home “forever” if needs be. So too have UK financial institutions who have declared that their employees are unlikely to return to work in 2020 and are preparing for extending that capability indefinitely.

If organisations opt to cement those transformations - then they’ll be upending much of their pre-existing visibility infrastructure and will need to put measures in place to deal with their hybrid workforce.

One approach is to pay attention to what Gartner refers to as the Security Operations Centre (SOC) Visibility Triad. The three pillars of the Triad include, network data, endpoint data and log data working together to provide a much stronger network security posture.

While each solution on their own is not perfect, when integrated into a cohesive defence you can complete your security story. For example, it is difficult to know if all of your endpoints have been instrumented, like IoT, and endpoints can be tampered with. Log data can be overwhelming and attackers have been known to cover their tracks by modifying or deleting logs. Network data when combined with other sources covers those potential blind spots and completes the triad. Network data is a passive source of data that can’t be tampered with or turned off and is constantly watching all of the activity on the network. With all three solutions working together you can immensely improve your security posture.

When Network Detection and Response (NDR) is combined with traditional EDR and SIEM solutions, you will not only have complete visibility into everything connected inside and across your entire hybrid network and reduce your alerts to those that matter, you will also catch the threats that other tools miss.

The objective, unchangeable nature of network data provides the insights an organisation vitally needs into the internal traffic required for unified network visibility, ensures threats are detected and improves the security of your hybrid network.

The rapid growth of the data centre sector has caused a worsening crisis in staffing levels. The sit...
Jon Healy, Operations Director at Keysource, the global datacentre and critical environment speciali...
Chris West, Head of Global Accounts at Keysource, the data centre and critical environment specialis...
As interconnected services continue to proliferate, with increases in cloud providers, edge services...
By Michael Wood, CMO at Versa Networks.
Today, increased levels of automation, advanced robotics, AI and machine learning are driving unprec...
In this article, Chris Wellfair, Projects Director at Secure I.T. Environments talks about the chall...
By Martin Koffijberg - Director, Business Development Banking and Finance at Axis Communications.