Remote workforce vulnerability management

Vulnerability management for remote workforce

by Paresh Borkar

Businesses always have had some remote workforce, but the current pandemic has resulted in an increased remote workforce. For most organizations nearly 90-100% workforce is now operating remotely (mostly work from home [WFH] cases). Functioning of this remote workforce is critical for business continuity.

This has resulted in many sudden adjustments for IT and Security teams alike. For example – IT teams have scaled up VPN infrastructure to cater to increased remote connectivity. Also in some cases, IT teams have had to provide laptops to employees or ship office desktops to employee residences as well. Security teams had to deal with relocation of infrastructure which was earlier in the office network perimeter and has now moved outside. Security teams are providing assistance and guidance to ensure home networks are secure. Vulnerability management programs by security teams have been rendered ineffective since traditional tools that these programs relied upon are not equipped to handle this transition.

From a security perspective we can bucket the endpoints as follows:
  1. Production systems and services at the core of the company’s IT environment
  2. End user devices
  3. Cloud-based services

For #1 i.e. on-premise systems, things are relatively simpler since these devices still reside in the company’s network and  are sitting behind existing firewalls. With the pandemic #2 has somewhat moved outside the scope of the company’s security team. #2 presents a seemingly unsurmountable challenge to most security teams (due to traditional vulnerability management tools being used). Without visibility into vulnerabilities housed in #2 i.e. end user devices, security teams are left blind-sided.

Let us look at a diagrammatic view of the current scenario:
Remote Workforce Vulnerability
Some observations from the above diagram:
  • Circle #1 has shrunk since most of the devices have gone completely remote i.e. moved to circle #2
  • Devices in circle #2 have moved outside the perimeter of control.
  • The intersection of circle #1 and circle #2 can be thought of as the end user devices which are connected to the corporate VPN at any given point.

If you are wondering why traditional vulnerability solutions cannot step up for remote workforce vulnerability management. As Sherlock Holmes would say “Elementary my dear Watson” – traditional solutions perform vulnerability scanning over the network and expect the device to be on the network, but now these devices have gone remote. Basically these end user devices are now not present on the corporate network and no longer accessible. These devices may occasionally connect to the corporate VPN, but there are no fixed timings nor can one scan over the VPN for vulnerabilities. Also, network disruptions for remote devices can interfere with the scanning and render it useless. Another challenge is that these remote devices are most likely sitting behind a home router firewall.

Another dimension is that of personal devices being used to connect to corporate network. Many organizations have allowed their employees to use personal devices, but these devices are different from corporate issued ones and IT & Security teams can exercise minimal control on these.

Without visibility into vulnerabilities in these remote devices, there is no way to appropriately patch these devices to safeguard against ransomware and other malware. Note these devices still hold corporate data and IP. Organizations have realized that this shift is not temporary and that they need to adapt from a long term angle.

Organizations need a Next Generation solution to meet their Remote Workforce Vulnerability Management needs. It needs to be a cloud-based service which can provide continuous visibility into vulnerabilities on the remote devices without need for any network scans.

ThreatWatch is a cloud-based vulnerability management solution which is delivered in a SaaS subscription model. Organizations can easily and quickly discover/ingest their devices (aka assets) into ThreatWatch and track these for vulnerabilities without any scans. Understanding the changing asset composition of these remote devices is more important than ever and ThreatWatch is geared towards it by leveraging twigs and taking a cloud based off-network detection.

In a subsequent blog article, I will share more details on how ThreatWatch is equipped to handle remote workforce vulnerability management.

For more details, please write to us at info@threatwatch.io

Leave a Reply

Your email address will not be published. Required fields are marked *