When the COVID-19 crisis forced many federal employees to start working from home, agency IT leaders found themselves in a new environment — employee living rooms. They quickly realized that while their business continuity plans address key issues around connectivity, security at this scale has proven to be something of an afterthought.
What are the critical security concerns that agencies need to incorporate into their business continuity plans going forward? To answer that question, GovLoop spoke with Chris Usserman, Principal Security Architect at Infoblox Federal, a provider of on-premise and cloud-managed network/security services.
Not part of the plan
What’s often missing is a security strategy that provides holistic visibility of what’s happening at the endpoint. Agencies often have that capability within the network perimeter, but “they never planned for everyone’s home router to take the place of the hundreds of thousands of dollars they’ve invested in perimeter defenses in their brick-and-mortar shop,” Usserman said.
Most agencies provide employees with connectivity through virtual private networks (VPNs), but that can create a false sense of security. People often assume that if they are accessing agency resources through a VPN, then security controls are in place. But a VPN only secures the transport layer, not the information being transmitted within. Malware can communicate through, and in spite of, a VPN since it can affect systems at the kernel layer of the operating system. Malware doesn’t have to follow normal software cooperation rules like “don’t communicate directly to the internet when the VPN is active.” Malware writes its own rules.
And consider this: When an employee connects a work laptop to the home network, it likely shares that network with everything from gaming systems, smart televisions and countless peripherals. To what extent does the agency have visibility into that environment and the vulnerabilities and threats that are already present?
Continuous monitoring revisited
Over the years, the Continuous Diagnostic and Mitigation (CDM) program has helped agencies to understand the importance of having visibility into everything happening on the network.
This is challenging enough when agencies are focused on devices and traffic within the network perimeter. What happens when the workforce is off premises for weeks or months at a time? Agencies need to ensure that they can maintain visibility in this distributed work environment – and have the ability to respond to threats in a timely manner.
With that in mind, Infoblox provides agencies with the following capabilities:
- Fortifying cloud access to extend headquarters protection to workers at home, including automatically detecting and blocking malware
- Protecting agency data by automatically blocking data exfiltration attempts and by detecting the security state of all connected devices
- Keeping employees safe from bad destinations and restricting access to web content not in compliance with agency policy
- Using early detection and threat intelligence to detect security threats quickly and to identify which threats require immediate attention
Network and threat intelligence is key to holistic visibility. The security operations center will detect countless threats each day. How do they determine which ones to make a priority? “It is essential to have tools that provide you with the right contextual visibility in a timely manner so that you can take action,” Usserman said.