An extra layer of security is needed during lockdown
There are many situations that mandate the use of a virtual private network (VPN), as these tools are a way of extending the corporate network into the home office or a roaming situation.
VPNs enable users to send and receive data securely, as if they are sitting in the office.
"While using the VPN, you are secured through the organisation's controls," says Greg Griessel, technical solutions architect for cyber security, at Cisco. "The challenge, however, is that users are not always using one.”
He says there might be a situation where a user has just started up his or her machine, and is browsing through a few websites or checking emails, and hasn't yet managed to connect to the organisation with the VPN toolset.
“Users are vulnerable at that point in time because then they are 100% reliant on the controls that exist on the device that they are using,” he explains.
“Under a normal corporate situation, this might well be acceptable because the corporate policy has mandated that certain tools are installed on a user's machine that control security for them and prevent them from becoming infected.”
Users need to have a protection mechanism in place that covers situations when they are not on a VPNGreg Griessel, Cisco
However, this discounts user behaviour, Griessel explains. As people are currently driven to seek out news about the COVID-19 pandemic and are looking for updates on the number of new cases, for example, they can quite easily be tricked into clicking on links that they usually wouldn't click on.
This is why users need to have a protection mechanism in place that covers situations when they are not on a VPN, he says.
“Solutions such as Cisco Umbrella are key, as they protect users wherever they may be. It's a type of ‘follow me’ security protocol that lives on the endpoints that allows Cisco to hook into all the transactions that are happening from a Web and traffic point of view, and control those.”
In this way, if a user inadvertently clicks on a link, Cisco will reference that link against the umbrella cloud system and check whether or not it is a valid Web site or perhaps a malicious Web site that is hosting malware, he explains.
In a situation where companies are experiencing tremendous volumes of data on VPN systems, they employ a technology called split tunnelling. In essence, split tunnelling enables the user to route some of their device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. This can pose a security risk because not all data traffic is going through the VPN tunnel, and therefore isn’t directed through a secure gateway. "To secure this, Cisco Umbrella acts as a gateway or an overarching service to prevent threats from reaching our customers.”
The final layer of security, he says, is threat intelligence. The threat intelligence behind Cisco products comes from Talos, a multi-national team that contributes information on new threats to the Cisco Collective Security Intelligence (CSI) ecosystem.
"This information is shared with multiple security solutions and vendors, providing a unified source of threat intelligence data that enables Cisco to protect at a moment’s notice."