Home / LifeStyle / Why VPNs alone won’t protect your remote workers

Why VPNs alone won’t protect your remote workers

As organizations were forced to leave their employees To work from home Many turned on during the pandemic VPN Services with which you can remotely connect to your corporate networks. Cyber ​​criminals were aware of this and used VPNs to gain access to corporate networks. Outdated software and poor security practices have been used to gain access to the company’s VPNs, but attackers have also started using voice phishing or use Vishing Steal VPN credentials from remote workers.

To learn more about how companies can ensure secure access while working remotely, TechRadar Pro spoke to Tony Howlett, CISO of SecureLink.

Where are VPN services missing when it comes to giving employees access to corporate networks?

VPNs are used to secure data in transit, not necessarily to secure the endpoints. VPNs also just provide the connection, they don̵

7;t provide credentials for the servers or hosts, so they have to be routed and managed separately. Given that VPNs connect you to a remote network without proper segmentation, the destination network is often vulnerable to being scanned or skipped over to other systems or networks that the user is not authorized to access.

(Photo credit: Shutterstock.com)

How can cyber criminals use a VPN as a vehicle for side attacks?

Because most networks are not properly segmented, hackers who get VPN access to a less sensitive network can often access more critical networks that house things like payment, accounting, development, or other more sensitive systems. In addition, users who work from home can often have malware that infects other computers on their home network (e.g., computers for children and / or spouses) to attack their VPN endpoint and then join the corporate network through that connection to get.

Can you tell us more about Vendor Privileged Access Management (VPAM) and the benefits of these solutions that VPNs don’t?

VPAM offers transport and system access in one solution. It broadcasts the connection in such a way that there is no native network connection, which prevents the sideways movement mentioned above. Additional controls for the least privilege can be applied that bind the use case to specific application ports and even time periods. The system integrates with Privileged Access Management (PAM) systems so that the actual credentials are stored in an encrypted vault and never seen by the provider’s user. Finally, it offers a high resolution audit that records actual keystrokes and mouse movements for monitoring and auditing purposes.

What factors does your platform use to decide when to revoke a user’s permissions?

The nice thing about our VPAM system is that it can be integrated directly into a provider’s directory service, so that a provider’s employee no longer has access to the customer’s systems the moment they are terminated. This automates the offboarding of users when they are no longer authorized and enables rights to be canceled in near real time.

(Image credit: Shutterstock)

What is Least Privileged Access (LPA) and how does it prevent users from being granted more privileges than they need?

Least privileged access ensures that access levels and rights are based on a user’s title and need to get their job done. In other words, it offers just the right amount of access – nothing more, nothing less. When a manufacturer user is set up in SecureLink, he receives a symbolic connection profile with which he can only access certain networks, servers and application ports that he needs for his work. Unlike VPNs or desktop sharing tools, they simply don’t have direct access to the underlying network to further explore or use.

What caused your company to create the SecureLink platform in the first place?

The ever increasing number of services that companies outsource to third parties and the risk these connections pose to a company’s systems and data. The fact that many providers require some form of privileged access also increases the risk and damage that a hacker can do with these types of connections.

(Image credit: Shutterstock / LStockStudio)

Did you have to change your platform to support remote workers in addition to remote vendors and contractors? What lessons has your organization learned from the pandemic?

We didn’t have to change the platform to support in-house employees as our core and main use cases specifically focus on accessing networks for third parties (contractors, vendors, etc.). However, many of our customers have been able to quickly and easily migrate to SecureLink for remote access for their remote workers. While internal access requirements are often different, we were able to use the SecureLink platform to support this use case and get them through the crisis. Through this pandemic, we learned a lot about the importance of our product and platform. Although there is a pandemic for all of us, hackers or bad actors will not stop trying to infiltrate networks due to COVID-19.

Are you currently working on new products or services to make remote access easier for businesses?

We just released a cloud option so customers don’t have to host their own SecureLink server. We are very excited about this as it offers a turnkey solution that can be discovered quickly. With SecureLink hosting the appliance, companies don’t have to worry about ongoing upgrades, monitoring or patching. SecureLink manages all of these components to free up time and bandwidth for IT teams.

  • Also, check out our full list of the best VPN services

Source link