In the wake of COVID-19 we now have new breeds of remote workers. Businesses have always had a small proportion of remote workers however, pre COVID-19 these were normally field based personnel connecting to specific corporate applications and resources via VPN.
Along with the mass migration of workers to home environments, shortfalls in corporate laptops, PC’s and tablets with which to arm the expanded remote workforce means organisations are relaxing remote working policies to allow the use of personal devices (BYOD), with varying security postures, to access a much broader set of internal corporate applications than ever before. Now, more than ever, it is essential that companies have the ability to identify malicious activity originating from their remote access channels.
The majority of organisations already had varying degrees of remote access monitoring in place. However, these organisations are finding that they have to rapidly scale up their remote access infrastructures to cater for the new normal.
Rolling out functional SaaS services and VPN connectivity quickly often introduces multiple blind spots that existing solutions weren’t designed to address. This may be a result of using new technologies or simply that the vast increase in traffic has resulted in scaling issues with existing monitoring solutions.
When scaling out infrastructure and applications we need to ensure that we have visibility into these new environments as well as have capacity within existing systems. We therefore need to review and ensure that we ingest the appropriate data sources to provide insights into these environments, as well as ensuring that we have the capacity to store the additional raw data.
Finally, it is essential that you have an efficient SOC to actively monitor and respond to an increase in alerts.
Published: 8th July