Is it Time to Give Your Corporate VPN an Upgrade?

Views, News & more

You probably have a VPN that allows your staff to access work-related resources from home.

However, changes in the security landscape mean it may now be time to upgrade your VPN to something more secure.

Hybrid Working Increases Your Attack Footprint

Hybrid working has become the norm. More staff are being allowed to access their organisations' networks remotely, more often, for longer, sometimes from poorly-patched or poorly-protected devices.

This increases the chances that a member of staff will have their device compromised, giving attackers access to their employer's network.

Once in, attackers can scan for vulnerable systems, steal data and potentially hit the organisation with a ransomware attack.

Upgrading your VPN to a more modern version can help reduce these new risks.

Ways to Improve Your VPN's Security

Network-based web filtering

Reduces the likelihood of employee devices getting infected by drive-by malware. Can block some - but not all - phishing sites.

Client-side malware scanning

This helps block malicious software from running.

Cloud-based malware scanning

This checks whether links are suspicious – without putting end-user devices at risk.

Integration with Identity and Access Management systems

The VPN asks a definitive source of information to find out who is allowed to do what. Some IAM offerings use multi-factor authentication, so stolen/guessed credentials are insufficient to gain access to the VPN.

Removable media restrictions

End-point protection can make it harder for malicious insiders to exfiltrate confidential data without prior authorisation.

Software inventory checks

End-point protection software checks whether the device’s software is sufficiently up-to-date. If not, the user can be denied access to the VPN.

Zero Trust Network Access

Devices and users get no access to the network by default. Additional access is granted in accordance with policies that specify what the user/device needs to do their job. Most network access is made conditional on user authentication. Users/devices directly connected to the office LAN can be treated differently. Authentication is specific to individual network resources/apps.

It's Not Just VPNs That Need A Security Upgrade

The traditional perimeter approach to security - where users and devices in the organisation's office(s) are trusted, is past its sell-by date.  

It lets office-based users and VPN users connect to hostnames and ports they have no need to access. It gives IT teams almost no visibility over what's happening on their network after users and devices connect.

It assumes anything connected to the office LAN or VPN is malware free. It assumes that no departing employee would join a rival firm and try to take data with them.

In a small organisation, with a handful of trustworthy employees and well-secured devices, this traditional approach may work fine. In medium-sized organisations, it's a disaster waiting to happen.

So technology suppliers are now trying to nudge their customers towards something more secure.

You'll Be Hearing A Lot About Zero Trust Over The Next Few Years

Tech vendors seem to have settled on 'Zero Trust' as the poster child for this new approach to security.

You don't need  Zero Trust Network Access (ZTNA) to roll out end-point anti-malware scanning, end-point removable media control, cloud-based malware checking, or many of the other VPN improvements we've mentioned above. However, it's common for Zero Trust / ZTNA to be used as a convenient shorthand for a modern approach to security that often include such measures.

ZTNA is really about granting granular network access permissions to users/devices based on what they need to do their job, then limiting network access based on that.

However, most ZTNA solutions include end-point functionality, because it's not sufficient to trust a user's good intentions. You have to guard against users being tricked by phishing emails and having their access misused by malware.

ZTNA Can Help You Avoid Advanced Persistent Threats

One of the reasons for restricting network access is that hackers often compromise a single end-point, then use that as an entry point from which to traverse the network, leaving behind malware on dumber networked devices such as printers and IP phones, which aren't patched often, aren't scanned for malware and aren't checked for suspicious log entries.

These devices can phone home, allowing an attacker to reinfect a network, even if the network manager has neutralised the original compromised end-point.

ZTNA Protects Even If Your Anti-Malware Scanning Isn't Foolproof

Your users' end-point anti-malware scanning will probably catch MOST malware your users encounter. Unfortunately, it may not catch every last attack.

By restricting what users can do once connected to your network to closely match each user's needs, ZTNA attempts to limit the damage a compromised device or user-account can cause.

Find Out More About ZTNA

Our Zero Trust Network Access service can replace your basic VPN with a modern secure remote access solution with end-point protection.

Get in touch

 020 7847 4510

 info@hso.co.uk

We may process your personal information in order to send you information you request, measure and improve our marketing campaigns, and further our legitimate interests. For further details, see our privacy policy.

Contact us

hSo ISO 9001 Seal
hSo ISO 14001 Seal
hSo ISO 20000 Seal
hSo ISO 27001 Seal
Cyber Essentials logo
Internet Service Providers Association logo
Internet Telephony Service Providers Association logo
LINX logo
RIPE logo
AWS Partner Network logo
Microsoft Partner logo
Crown Commercial Service supplier logo