ALL ATTENTION TO PROTECTION OF NETWORKS

Global changes in employer policies last year, especially the need to transfer workers to a remote working regime, created the need for new levels of flexibility in the information infrastructure and implementation of information security requirements for remote workplaces. Especially important were methods of authentication and protection of communication channels. All of this was done in an emergency timeframe and as a result companies of all sizes faced a whole range of problems.

Business was forced either to develop from scratch or quickly and considerably change approaches to the integration of such workplaces, enforce authentication methods and protection of communication channels. This was often being done as an emergency resulting in a whole range of issues for businesses of all sizes:

• the work environment is poorly organized, employees are uncomfortable to execute their duties, which results in a productivity decrease;
• users got access to internal systems from corporate devices with all required settings, as well as from their personal devices non-compliant with corporate IT and IS policies;
• lack of full control over user connections and their devices.

As a result, IT and IS departments do not have a full picture of what is happening, which poses a serious threat to the sensitive business data and may lead to reputational and financial losses. 2020 saw an unprecedented number of attacks targeting medium and large businesses. The key factors attracting the attention of hackers to user devices were operating system, applications, and network traffic. As a rule, the major threats are malware, phishing, application vulnerabilities, Man-in-the-Middle attacks, exploits for operating systems, and ineffective profiles of user device settings.

Businesses need to leverage comprehensive mobile security to prevent advanced cyberattacks leading to the loss of sensitivity. Access to the corporate network must be ensured only from trusted secure devices. The challenge can be coped with in several ways.

One is using Cisco Duo, an adaptive user and multifaceted device authentication solution. Authentication is performed before granting access to various corporate and cloud applications. Two-factor authentication of all users helps to determine and confirm their authentic identity, and equips the employer with an opportunity to impose the most granular policy regarding data for each employee. Another feature of Duo is checking user devices for out-of-date software versions and missing security protocols.

Another option to ensure secure access to the corporate network from user devices is VMware Workspace ONE, a digital workspace analytics platform for easy and secure delivery and administration of any applications across all devices. The platform combines application and end device access control and management capabilities running under various operating systems, and can be used as a cloud service or on-premise solution. Workspace One provides users with simplified remote access to corporate resources and equips IT/IS professionals with a more integrated management of IT infrastructure due to the combined administration complex of devices for administration, authentication and secure storage of the business applications.

When ensuring control over the devices used for remote access to the corporate network, it is necessary to remember the wireless WiFi networks, which have become the main data transmission channel. To prevent and minimize these threats, regular security audits of WiFi networks are required, along with the use of modern protection tools and methods including IPS (Intrusion Prevention System), which can significantly increase the level of security while reducing the risks of compromising user devices.

CTI experts draw attention that currently the most frequent attacks targeting networks and WiFi are the attacks on the devices themselves (such as brute force, attacks on firmware, etc.), attacks on authorization (brute force, DDoS, etc.), attacks on the user (data interception, phishing, etc.), as well as user devices (the downloaded files substituted with viruses, compromise of devices, etc.).

Anton Afanasyev, Head of Information Security at CTI, recommends ensuring regular monitoring of device settings: provide firmware updates, check passwords, update network access rights and connections with the corporate network elements, control user authorization rules when connecting to WiFi. The regular audit of WiFi (including the use of specialized WIDS/WIPS), and moving to modern methods of authentication, including certificates, becomes very important.

CTI experts recommend setting up integration with monitoring and information security tools, conducting regular training of employees on secure use of WiFi and regular radio reconnaissance in order to identify blind spots, check quality systems for access point settings and highly sensitive technology to redistribute traffic from congested areas without losing quality of connection.

If an organization has a branch network, the deployment of distributed corporate networks based on Cisco SD-WAN technology may become a good solution for arranging centralized management and automation of the distributed corporate network.

Vladimir Yaroslavsky, Business Development Manager at Cisco , notes that this technology is specific in its separation of the transport and control levels, allowing remote branches to centrally manage transport networks. The key characteristic of Cisco SD-WAN is the highest level of protection against cyber threats, enabled by built-in segmentation, encryption, support of logical topologies, service points, and external information security tools.

The benefits of SD-WAN implementation can be summarized as follows:

• ensuring security;
• the use of all available communication channels;
• saving the bandwidth of communication channels;
• accelerated connection of new points;;
• automated routine and error reduction.

The network infrastructure is a fundamental element of any business, regardless of its size or industry. Being competitive is essential, as well as business scalability and, by all means, invulnerability from external impact on the functional and technical level of the corporate network. A business faced with increased requirements to the quality and reliability of the network infrastructure has complex information systems at its disposal that provide data collection, their analysis, transmission and security. The only thing left is to correctly prioritize and implement the right solutions to ensure the required level of the network security.