Reopening the Office? Don’t Forget to “Quarantine” Infected Devices

Problems with endpoint security predate the pandemic. Even before the COVID-19 crisis, IT teams faced the challenge of securing the network from outside the office for a certain portion of the workforce. But now, endpoints exist everywhere. Ori Bach, CEO of TrapX Security says as offices reopen gradually, IT teams should consider introducing “virtual quarantines” for devices to protect from any security threats that may have entered over the past months via unsecured home networks.  

As states begin to ease their lockdown measures, people across the country are beginning their return to the office. In preparation for this, many workplaces have issued new health guidelines to keep returning workers safe, whether it be requiring masks or intensifying cleaning routines. 

But many businesses are struggling to address the health of their corporate networks and what contaminants they could potentially introduce as people – and their devices – re-enter the office. 

When the COVID-19 pandemic first hit, most businesses were unprepared for the sudden switch to remote work – especially from a security standpoint. Unless a company could quickly issue a VPN to all of its employees, workers have probably connected laptops and other work-specific devices to unsecured home networks.

Learn More: How Endpoint Security Can Help Enterprises Tackle IT Strain

The Risks of Remote Work

Home networks are notoriously less secure than those found in an office. Most are flat and not segmented, with little security other than a home router with a small amount of DDoS protection. Given that most employees are likely using the same home network that someone else in their home is also using to surf the web, access their own employer’s data, play video games or power their smart TV, there is a lot of potential activity that could infect the home network and quickly spread to work devices. 

Even if a company does require employees to use a VPN to access certain files or network applications, there’s no way to guarantee that they are never accessing the Internet on their device without the VPN. What does all of this mean? That there is no real way for a company to guarantee devices are secure outside the office unless they have rigorous security standards and protocols in place. 

When these devices are brought back to the office and connected to your corporate network, they give the attackers easy passage to escalate privileges and move laterally, undetected and infiltrate more sensitive data and equipment. 

Learn More: Is Behavioral Biometrics the Answer for Digital Identity Crisis?

The Unbalanced Economics of Cybersecurity

Despite advances in endpoint and perimeter security, accessing the corporate network is still a numbers game that favors the attacker. The defender has to be right 100% of the time, while the attacker only has to be right once. Cybersecurity leaders should expect the deck to be stacked heavily against them when their remote employees return to work with their weaponized laptops. This is where the economics of cybersecurity tilt dramatically and unreasonably towards the attacker. 

Once beyond the perimeter, attackers are greeted with a relatively open environment of real assets from which they can learn. They use legitimate credentials and specialized techniques to move about and plan their attack silently. This puts enormous pressure on companies to invest heavily in big data applications that collect all the data about every user interaction to sort out good behavior from bad and detect nefarious actors. 

The result is complex systems and overwhelming data that requires elite talent to analyze and respond to. In short, attacking is efficient, fast, low risk and profitable – defending is complicated, slow, and expensive.

Learn More: Secure the Weak Points in Critical Infrastructure Environments Before It’s Too Late

Introducing “Virtual Quarantines”

Reopening starts with coming to grips with the fact that attackers will access the network, regardless of what perimeter security is in place. With remote working flexibility anticipated to become more common across businesses, companies should assume that their laptops and other employee-issued devices are already contaminated rather than waste prevention efforts. They need to accept that they will never know which devices are infected and what types of malware. Instead, the priority should rest on mitigating the problem. 

Pre-pandemic, many companies already employed a tactic to mitigate the threat of infected devices re-entering the “isolation VLANs” network. These are zones with a network intrusion detection system (IDS) and endpoint monitoring solutions that can detect malware; however, they also have flaws that create additional vulnerabilities. The main issue is these VLANs have a large alert volume, something that will only be exasperated as employees return en masse to the office. The problem with a high alert volume is that it can easily overwhelm response teams that need to triage and neutralize potential threats before a device can re-enter the regular network. The result is that many employees can’t return to normal productivity at a reasonable rate. 

This is why a new method of re-entry must be used – “virtual quarantines.” Instead of isolating devices into VLANs, a company can instead deceive attackers by routing them to a shadow network of fake assets invisible to legitimate users but looking authentic to the attacker. The attacker can then be baited toward them because they appear valuable by the company – but it is just a trap. 

When the attacker interacts with fake assets, they are given false data to expose their techniques and activities to security analysts who can control the attack.  Virtual quarantines effectively let security teams manage risk proactively, so business returns to normal while mitigating all the risks resulting from the remote working period. 

Ultimately, as businesses prepare to welcome their employees back into the office, they need to make sure they have a plan to safely reopen not just from a health perspective, but from a cybersecurity one as well. The switch to remote working virtually overnight was unprecedented for many organizations, which means they’ll also need to adopt new and creative security approaches to return to normal successfully. Virtual quarantines certainly fit the bill. 

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!