Since the beginning of the global COVID-19 pandemic, the cyberattack field has greatly expanded at the edge. One of the key factors in this increase was the large number of companies that had to quickly build network capacity to cater to increasing volumes of remote worker data traffic. And with that rise came many more insecure access points at the edge, such as “bring your own device” home computers, laptops or other mobile devices that were not sanitized for corporate use. Most breaches tend to originate with employees inadvertently making their corporate passwords accessible. In addition, remote workers accessing corporate systems via the public internet or legacy VPNs not reinforced for high volumes of traffic, made it harder for businesses to lock things down from threats.
Another common attack ploy during the pandemic has been phishing schemes. For example, researchers from the Cisco Umbrella team checked into the increase in malicious domains that bad actors used to carry out cyberattacks at the beginning of the pandemic. The researchers’ results showed that between March 19, 2020 and May 19, 2020, the number of domains enterprise customers accessed that contained “covid” or “corona” in the name rose from 47,059 to 71,286. In March 2020, 4% of those domains were blocked as “malicious,” however, by May that number had increased to 34%.
Distributed Security Blueprint
To secure the digital edge, you need to be prepared for multicloud application and data flows, servicing people, employees and partners across multiple networks.Learn More
In March 2020, 4% of those domains [containing ‘covid’ or ‘corona’] were blocked as ‘malicious,’ however, by May that number had increased to 34%.
More access points at the edge are increasing the security attack field
Prior to the pandemic, digital businesses had already opened up the number of access points largely with devices from the Internet of Things (IoT), connected vehicles/smart transportation (CVST), and a multitude of personal devices that people are using today for monitoring their health and overall well-being. And now with a large majority of people working remotely, there are more vectors of attack opening up. For example, many remote workers are accessing collaboration applications such as Cisco Webex, Microsoft Teams or Zoom via the public internet. This requires more secure collaboration channels such as virtual private networks (VPNs) and security controls in front of clouds, such as firewalls deploy by Network Edge services from leading providers Check Point or Fortinet.
New types of attacks require new security profiles and controls
Security, identity management, and access policies and controls need to be deployed both on users computers at the edge and within corporate systems to accommodate the increase in remote user and device traffic. Security strategies that businesses can deploy in this new distributed world include the following:
- Zero trust security is grounded on the concept that organizations should not automatically trust anything inside or outside its security perimeters and should validate everyone and everything trying to gain access. In particular, zero trust supports a micro-segmentation strategy and more granular perimeter policy controls based on identity (i.e., users), locations and other data to determine whether to trust a user, server or application seeking access to a particular part of the enterprise.
- Secure access service edge (SASE) solutions provide comprehensive global network access with built-in network security. It combines SD-WAN and network security services, such as secure web gateways (SWG), cloud access security brokers (CASB), firewalls as a service (FWaaS) and others, and delivers it as a cloud service. Rather than sending traffic back to corporate headquarters security systems, SASE provides security services and policy enforcements to the source (users, appls, devices, etc.) on demand. Each person or device, be it someone on a mobile phone or an IoT-enabled appliance, is automatically validated upon entry to the network using zero-trust policies.
- Multi-factor authentication (MFA) should be involved in overall privileged authentication for user accounts that hold sensitive information. For example, bank, credit card or investment accounts or medical information (i.e., patient portal logins) should all support MFA so users can doubly protect their personal information as they accessed these accounts over the public internet. In addition, identity management solutions, such as key management services (KMS) that keep users private data separate from any access keys to that data, should be used by IT organizations for both on-premises and cloud services.
- Artificial intelligence and machine learning (AI/ML) solutions can log and analyze volumes of data from multiple access points to identify anomalies in data traffic patterns and enact controls in near real-time. These technologies immediately identify threats effectively since they can learn new models and patterns of behaviors very quickly, such as looking at the flows of remote worker traffic. Software-defined network controllers are also increasingly managing enterprise-bound traffic coming in from various sources by inspecting and removing rogue traffic.
Reducing the attack surface area with private interconnection
Many IT organizations are using direct and secure private interconnection between users’ data traffic and these types of securities services on Platform Equinix® via Equinix Fabric™. One such use case is Link11 and its customer, an international IT service provider. Leveraging direct and secure interconnection on Platform Equinix via Equinix Fabric, Link11’s Cloud Security Platform provides world-class protection against DDoS and other cyberattacks through fully automated, real-time, predictive AI mitigation services.
Rather than sending traffic back to corporate headquarters security systems, SASE provides security services and policy enforcements to the source on demand.
Link11’s customer supports enterprises’ digital transformation, developing innovative IT solutions that bring its clients into the cloud, integrate digital processes, and operate and support IT systems. Given the increase in volume and complexity of DDoS attacks, the company needed to scale the mitigation capacity of its data center and security architecture. Harnessing Link11’s cloud-native DDoS protection service on Platform Equinix ensured that only “clean traffic” reached its customers’ networks. By transmitting 90% of its IP traffic through the Link11 Cloud Security Platform via Equinix Fabric, the IT service provider’s traffic was checked and purified using AI filters and mechanisms. That made it possible for the company to offer DDoS protection in the cloud for all its clients, making DDoS-related system failures a thing of the past.
In addition, with a large majority of internet traffic going through Equinix data centers, Equinix Connect and Equinix Internet Exchange provide direct and secure interconnection and point-to-point peering, to enable safe and controlled access to corporate systems and services from the public internet.
Learn more about how you can deploy tighter security controls at the edge for your distributed workforce by reading the Distributed Security Blueprint.
[i] Cisco, “Defending Against Critical Threats, A 12 Month Roundup,” January 2021.
Leveraging direct and secure interconnection on Platform Equinix via Equinix Fabric, Link11’s Cloud Security Platform provides world-class protection against DDoS and other cyberattacks.