Network

It’s that time of year when people in many parts of the world are look forward to spending time with family, friends, and taking a bit of a break.  However, it’s also when bad actors, and adversaries switch into high gear, looking to take advantage of the fact that many networks are less utilized and less scrutinized over the holiday period. Ransomware attacks, to give just one example, typically increase at this time of year.

With that in mind, here are some quick and easy best practices to better protect your network while you take some well-deserved time out.

1. Shut down unneeded systems

This is especially important for any systems that offer RDP access as it is often used by adversaries as an entry point or tool to move laterally within a network. The same advice applies to IoT devices.  If they aren’t needed, shut them down for the holidays. If you really need to have some systems with RDP access enabled, double-check and then triple-check the security.

If you haven’t already, consider ZTNA to secure access to your RDP systems and other applications.  In fact, the holidays maybe the ideal time to start a Sophos ZTNA free trial for you and your team. At the very least, make sure any RDP solutions are protected with multi-factor authentication to prevent brute-forced or stolen credentials from being a point of compromise.

2. Update firewall and network infrastructure firmware

If you have a Sophos Firewall, we recently released v19.5 which includes a number of security enhancements, performance improvements, and new features such as:

• Xstream FastPath TLS encrypted traffic inspection
• SD-WAN load balancing
• VPN performance improvements
• High Availability enhancements
• New Azure AD integration for secure login
• And much more!

Regardless of your preferred vendor, make sure your firewall and other network infrastructure such as VPN concentrators, switches, and other devices are all running the latest release as they often contain important fixes for known vulnerabilities.

3. Call on Sophos Rapid Response if you experience an attack

If you experience an emergency incident over the holidays (or anytime), you can engage our fixed-fee Sophos Rapid Response service. Our team of expert incident responders will help you triage, contain, and eliminate active threats, and remove all traces of the attackers from your network. Whether it is an infection, compromise, or unauthorized access attempting to circumvent your security controls, we have seen and stopped it all. Sophos Rapid Response is available 24/7/365, including over the holiday period.

The pandemic created a tectonic shift in the way most organizations operate, with many employees forced to work from home.

This revealed many benefits for both parties that have turned remote working and hybrid workplaces into a productive and sustainable way of operating.

This new normal, with a multitude of branch offices of one person, has also created some additional challenges and exposed many issues with remote access VPN.

The time is right for ZTNA

Fortunately, zero-trust network access – or ZTNA – has emerged as the perfect solution, at the perfect time.

ZTNA enables remote workers to seamlessly and transparently access the applications, data, and systems they need to be productive, while simultaneously solving all the major issues with VPN: scalability, management, performance, and most importantly, security.

Security first

Data security and privacy are critically important and justifiably regulated across most jurisdictions: GDPR in Europe, the Data Protection Act in the UK, CCPA in the USA, PIPEDA in Canada, and the Privacy Act in Australia, to name just a few.

Some jurisdictions, like Germany’s Federal Office for Information Security (BSI) and the United States Federal Government, have taken data protection a step further by mandating state-of-the-art cybersecurity standards using technologies like zero trust.

ZTNA versus VPN

Naturally, no organization can afford a data breach, but many are at a loss as to how best to protect against them. Where remote workers are involved, ZTNA is an essential first step as it offers many benefits over VPN:

Unlike VPN, ZTNA doesn’t offer implicit trust and broad access to internal networks. In fact, it works the opposite way, where users are ONLY allowed access to very specific resources while everything else is blocked. The remote device is not “on the network,” which means lateral movement is effectively gone.
ZTNA can work clientless or integrated with an endpoint protection agent to offer better end-user security and eliminate any potential vulnerabilities in old VPN client software.

ZTNA makes your hosted networked applications completely invisible to the outside world, dramatically reducing your surface area of attack.
ZTNA eliminates credential theft as a potential point of entry as multi-factor authentication is an integral part of the solution.

And the best part is, ZTNA is much easier to scale and manage than remote-access VPN solutions.