The COVID-19 pandemic has forced most enterprises to change how IT operates. However, the rush to adopt new modes of work, such as remote users, work from home users and cloud services, has created numerous cybersecurity concerns. Faulty VPN configurations and sloppy policy design have left many organizations exposed and vulnerable to attack.
Simply put, enterprise support for remote workers increased their vulnerability footprint, and most were not ready for the consequences. Others attempted to leverage new technologies, such as ZTNA (Zero-Trust Network Access), or SASE (Secure Access Service Edge) to harden their networks against attack. Yet, many have found that just locking down their network connections at endpoints or the edge was simply not enough. Other types of attacks, such as ransomware or data exfiltration, still managed to succeed, and technologies such as ZTNA and/or SASE did nothing to reduce insider threats.
SASE, in essence, creates a private SD-WAN, which is designed to prevent intrusions from the public internet; the technology does this very well. ZTNA creates a software-defined perimeter that allows endpoints to securely connect to applications and services on the network. Deploying both SASE and ZTNA is a good starting point for securing endpoints and the network in what has become the “new normal” of enterprise operations.
However, SASE and ZTNA leave some critical gaps in protection, especially with endpoints that are mobile or used from remote locations. Credentials (along with devices) can be lost or stolen, employees can still unwittingly download ransomware, spyware or other malicious applications and bad actors can still become an insider threat.
“With ZTNA, you positively identify the user, you use the principle of least privilege, and then you trust, but verify,” said Dave Martin, senior director, product management – threat response at Open Systems. “With SASE, the idea is to combine the network and the security layers to make it easy to deploy security controls; to deploy preventive controls.”
Martin warns, though, that those technologies alone may not be enough to protect enterprises. “The best way to contain a threat should be dictated by the threat,” he added. “That means you must be aware of a threat, and the threat actors.”
It is the lack of threat awareness that trips up many enterprises. “In the rush to adopt new technologies to meet the challenges presented by COVID-19, many organizations just went the route of deploying all this new technology, and are just assuming that it works,” said Martin.
Naturally, most businesses have deployed other security technologies on the endpoint, such as antivirus and antimalware, as well as email filtering and threat scanning products. However, most of those products are not fully automated or integrated into an overall cybersecurity system, and commonly fail to deal with zero-day threats or insider threats. These shortcomings have given rise to Managed Detection and Response (MDR), a cybersecurity technology that is sold as a service and brings real-time threat monitoring, along with automated response, into a business’ cybersecurity arsenal.
“Recently there’s been a recognition, generally speaking, that [the] prevention layer’s not enough; you have to be continually monitoring, and you have to assume that you’re in a constant state of breach. And the only way to really know that is if you’re monitoring,” Martin said. “MDR brings forth that monitoring and handles response. MDR, with its advanced threat detection services and response, then becomes a natural feedback loop to the SASE layer.”
MDR, as Martin points out, can be paired with SASE to take on the additional roles of insider threat detection, as well as other threats that may come from an infected endpoint or server. What’s more, MDR constantly looks for traffic or activity that falls outside of established norms and can respond automatically to contain the threat.
Threats are still on the rise, and many enterprises still have not yet determined if and when they may return to onsite work environments. In these uncertain times, it makes a lot of sense to consider MDR, SASE and ZTNA to address cybersecurity hygiene issues.