Recent months have been tumultuous to say the least. Organisations have had to rapidly adapt to a new situation which they had not expected and were not fully prepared for.
It is a steep learning curve for many. Remote working was a reasonably popular trend before the current public health crisis and many organisations were equipped to deal with a small portion of their employees using corporate infrastructure remotely. However, those requirements have changed considerably.
Enterprise IT has certainly gotten a lot harder and many enterprise IT teams are finding themselves fighting an uphill battle. Required technology may be out of date, capacity might be insufficient and there may simply not be enough licences to fulfil remote working needs.
In the rush to accommodate these new conditions, enterprises often deploy their already limited resources in an insecure manner either unknowingly or out of expedience. They also have to deal with remote workers’ home security. Enterprises could once rely on office security controls and their limited capacity for remote working. Now they have to place their trust in remote workers’ home computers, networks, devices, preferred apps and security habits.
Remote access during these trying times involves maintaining availability on a network that wasn’t built for mass remote working and ensuring security within an environment which now includes some potentially insecure parts.
Maintaining availability
The demand on remote access tools will mean that they have to be deployed correctly. Inefficient settings or configurations will be a drag on network performance at a time when the enterprise cannot afford it.
Enabling visibility across the environment is an important step to spot performance issues and work out kinks in the remote work delivery chain.
IT teams will have already experienced a number of problems in remote access systems. These systems are complex and require a thorough multi-layered view of the remote access delivery chain in order to keep things running smoothly. Typically, VPN issues will present at the Transport Protocol Layer while downstream issues with resources and applications will come to light in Layer 7 analysis. Inability to see and address these problems at their root will cause unnecessary hiccups and performance sloth.
One ExtraHop customer in France recently dealt with this kind of problem. On the first day of the French national lockdown, users reported being unable to access a number of Citrix applications via VPN. While it was clear that the sudden upsurge of remote workers had something to do with the problem it wasn’t quite clear which specific assets were affected or why.
Wherever the bottleneck lay – it had introduced significant latency into the network. Fortunately, this customer had visibility throughout their environment. By looking at the Independent Computing Architecture protocol metrics – the IT team could identify which Citrix-delivered apps were slowing things down and who was being affected. They then drilled down into the Transmission Control Protocol (TCP) level where they saw a significant increase in retransmissions and zero window events. Using that information, they could identify which NetScaler devices were being overloaded with connection requests.
That kind of visibility also has application in the longer term. Utilisation has to be measured in order to demonstrate the kinds of pressures a network is under. If you need more network bandwidth to accommodate your users – then that data can be used to demonstrate that need. And while it can be used to demonstrate resource deficiencies it can also be used to show the kind of value that an IT team is providing to the business.
That visibility allowed them to enable the performance they need to deal with these trying circumstances. That same visibility is required for maintaining security.
Maintaining security
A close watch must be kept on who is using your network from outside the office walls. Establishing an activity baseline supporting remote workers is important to catch out suspicious traffic. Active directory accounts must be monitored for lock outs and failed login attempts – they can be clues that attackers are abusing employees to gain access to a network.
Another important area to watch is where users are remoting in from. Security teams should be carefully looking at the locations of external IPs seeking to connect to enterprise gateways. Suspicious locations can be signs that a user is not who they claim to be. Furthermore, watching network communications will reveal whether remote workers are using insecure or disallowed apps and services on the network.
When it comes to employee’s personal behaviours and devices, enterprises must enforce policies and police what kinds of apps and services that employees can use. Remote workers have to be brought into that conversation too. With fewer opportunities for face-to-face interactions between coworkers, many criminals have taken to impersonating employees and asking for access to sensitive resources or credentials. In these cases, your employees are your best defence and should be trained to be extra vigilant and call people back on their phone numbers on file, for verification.
Without the training wheels of security within the enterprise, employees need to be more aware of how they behave with company data. They need to be educated on cyber hygiene and the threats that face them while they work from home. This is especially true in areas like email security – phishing attempts have skyrocketed often using the coronavirus as a way to lure in victims – and their employers – by exploiting fears around public health. This is a great opportunity to bring staff on board to the security process which is sure to bring benefits in both the short and long terms.
There is a steep learning curve ahead for many enterprises. IT teams are attempting to effectively manage remote working at a time when resources are at a premium. A critical part of that is enabling the required visibility to not only enable efficient network performance but secure the enterprise against an array of remote working threats.
By Mike Campfield, VP, GM International and Global Security Programs at ExtraHop