The VPN is back but don’t forget device hygiene


The digitalised capability of today’s workforce means that many businesses are allowing employees to work from home to help flatten the pandemic curve. Remote working capabilities are letting many public and private sector employees continue working their normal hours.

Over the past few years, many organisations have integrated cloud-based services into their operations, making the rapid shift into remote working seamless. However, the move to the cloud has often accounted for just part of the operations, with many common and proprietary applications still residing on-premise. This leaves organisations reliant on VPNs to secure the communication pathway from remote users to a corporate network with an end-to-end encrypted tunnel. This potentially provides a false sense of security for organisations when used in isolation.

Steve Hunter, senior director, systems engineering, Asia Pacific and Japan, Forescout, said, “While VPNs provide a secure communication path to the corporate network, they don’t enforce security on personal devices and activity isn’t monitored when connected to the corporate network, presenting a new attack surface for remote workers.”

With remote working being the only viable solution for the foreseeable future, businesses must understand the risk this brings. Forescout has identified three ways to help businesses secure their remote workforce:

  1. Get complete visibility into all remote devices connecting to the network
    Organisations can’t secure what they can’t see. Beyond user and VPN authentication, it is important for organisations to identify devices and categorise them as corporate-issued or personal. This provides for specific security policies to be applied to bring-your-own-devices (BYOD), while also monitoring device behaviour and network traffic. This gives organisations visibility into devices at a higher risk than corporate devices. Additionally, relying solely on installed agents to gain visibility into corporate devices can be risky, as reduced IT oversight and governance may cause agents to get misconfigured. Agentless solutions are preferred because they don’t require anything to be installed on devices and they can provide visibility into all devices without blind spots.
  2. Extend the same level of cyber hygiene enforcement to remote devices
    Unlike most home Wi-Fi networks, corporate networks have network controls such as next-generation firewalls (NGFW), intrusion prevention systems (IPS), alternatives to detection (ATD), and network traffic analysis (NTA) to protect the environment and detect intrusions. With the remote workforce connecting to less-secure networks at home, device hygiene and security are essential for both corporate and BYOD devices. Essential security posture checks need to be conducted before letting devices on the corporate network, even if they have authenticated correctly via VPN.

    A single vulnerable, non-compliant, or compromised remote device on the network can provide an entry point for threat actors. Additionally, consumer-grade Internet of Things (IoT) devices on home networks provide opportunities for lateral movement of threats. In these cases, it’s essential to provide continuous end-user education and communication.

  3. Enforce access controls and segmentation policies to reduce mean time to response (MTTR)
    The rapid shift to the remote workforce means that organisations are already operating outside of normal conditions. With cybercriminals aware of this, it is more important than ever for organisations to continuously monitor and enforce policies to prevent cyberattacks from succeeding. Organisations should enforce best practices such as least-privilege access. Users should be automatically notified about compliance issues via captive web portal and balloon/popup notifications, and VPN connections should be terminated if non-compliance persists. Most importantly, organisations should monitor network activity from remote devices to detect deviations and maintain segmentation hygiene.

Steve Hunter said, “The sudden need for businesses to transition to a remote workforce, combined with supply chain challenges, has forced organisations to relax restrictions on remote employees connecting via their personal devices and home networks. This can cause compromising behaviours, unapproved applications, and high-risk data flow onto corporate networks. To avoid this, organisations must use VPNs and device hygiene to ensure that their corporate networks remain secure and visible during this disruptive period.”