COVID-19 has employees in nearly every industry stuck working from home – which presents unique dangers in terms of information security. With traditional remote access approaches such as basic RDP and VPN solutions proving increasingly vulnerable to hackers, security experts are exploring Zero Trust approaches to achieving the security they need.
New Dangers are Overwhelming Old Protections
VPN has always been a popular solution for users that need to work from home, but there are many things working against it in the era of Coronavirus. For one thing, although these systems are designed to support remote workers, most VPNs were not set up to enable every employee to work from home at once. In fact, most typical VPN deployments are architected to support as little as 20 percent of a company’s workforce. Therefore, it is critical to rapidly scale up VPN capacity in order for the system to work as designed – but that’s not the only problem.
VPN only protects a single channel of communication – from a user’s endpoint to a corporate server. If the VPN is set up in a split-tunnel mode to improve capacity management and bandwidth, the channel between a user’s computer and the public internet remains unprotected. That means that it’s still possible for malware to infect the endpoint via a drive-by-download or a phishing email.
Once an infected endpoint connects with a VPN, whoever controls that malware has access to everything that the user can see. What’s more, there’s been a new surge in malware designed to infect home users and attack corporate networks, most linked to the novel Coronavirus.
- New malware literally disguises itself as “CoronaVirus ransomware,” displaying a screen that appears to lock the computer for ransom while in fact stealing application passwords instead.
- A related malware family is designed to wipe the master boot record of an infected endpoint, essentially destroying it unless the user has access to an IT specialist.
- Existing malware families such as Emotet are being encrypted using text strings from news stories about COVID-19 in order to foil machine learning algorithms designed to detect them.
- Attackers are hijacking routers in order to direct users to fake web pages filled with Coronavirus information. Victims are then prompted to download an app for COVID-related news and updates – which conceals credential-harvesting malware known as Oski.
- New phishing scams are emerging, designed specifically to target fears surrounding COVID-19. They offer masks, tests, treatments, and more – but what they deliver is just the same old story of malware and credential theft.
Some of this malware can move from the infected computer into the network once the device reestablishes its connection with the office via the VPN. Once on the network, attackers typically have little trouble accessing critical information. Networks are notorious for substandard segmentation and overly broad access permissions, and attackers take advantage of that once they penetrate the network.
The network designers of a previous era tended to assume that if a device was owned by an authorized user and registered with the LAN, it could be granted the same permissions on both the LAN and the VPN. Unfortunately, many users don’t have the same protections when working from home as they do at the office. Their home networks and commercial-grade infrastructure don’t offer much defense against determined hackers. Instead, you need to assume that the devices connecting to your VPN may be compromised and then act accordingly – taking a Zero Trust network approach.
Protecting Against Compromised Home Users with Zero-Trust Network Access (ZTNA)
To apply the concept of Zero Trust to a network, organizations use an assortment of technologies and policies to divide networks into much smaller and more tightly regulated micro-segments compared to traditional VPNs or even LANs. Access to any given microsegment is granted — or not — based on a much more granular list of criteria, and access to the web is done in a way that completely isolated the endpoint from any potential threats.
Some technologies behind Zero Trust Network Access and Zero Trust web access might include:
- Unified Endpoint Management
Each remote worker installs a client on their device that determines whether the operating system and critical applications are patched, up to date, and endpoint protection is turned on. Based on this and other criteria, the device is considered safe to access the network.
- Conditional, Permission-based Access
Users have routines – for instance, they may typically log in at around 9:00 am, log off around 5:00 pm, and do so from their home IP address. The further a user deviates from this pattern, the more likely it is that their device or credentials have been taken over by an attacker. These criteria tell a conditional access engine whether to accept a user’s credentials, deploy multi-factor authentication, or revoke access and alert an administrator. These access decisions should not be made broadly. To the extent possible, granular permissions should be enforced on an application-by-application basis.
- Remote Browser Isolation
Malware can’t infect the endpoint if it can’t reach the endpoint. With this solution, users browse the web via a secure, remote container in the cloud. Each container houses a fully interactive browser that interacts with the public-facing internet and streams only a clean, interactive image of the site back to the user. Even if the user visits a malware-laced site, the malicious payload executes inside the container, which is destroyed once the session is finished. There’s no touchpoint for malware from the internet to infect the endpoint itself.
Zero-Trust Network Access makes VPNs more secure and better suited to working from home. When delivered from the cloud, it can be provided to users working from anywhere, configured from a single centralized management panel, and then scaled to cover all workers as necessity dictates. If you need security solutions to cover workers under lockdown, ZTNA is the way you should go.