What visibility does IT have into remote endpoint traffic while users are sheltering in place and working from their private home networks? In most cases, the answer is none. “You can’t take it with you” when it comes to your trusted NAC provider. Without our campus network and its on-premises security stack, we’re shooting in the dark when it comes to securing remote workers.
In Illumio’s survey Security Risks 2021: Ransomware and the Return to the Office, nearly half of organizations stated they are limited to visibility from VPN, which can’t see local home network traffic. In fact, it grants total access to your corporate network with very limited security controls. Using a VPN alone can leave businesses even more exposed to the risk of malware or ransomware, like Ryuk propagating to other corporate endpoints or to business-critical “crown jewel” applications in the data center and cloud.
It’s the perfect storm for ransomware – and attackers haven’t missed the opportunity. What’s the risk?
- As we’ve seen from the multiple ransomware “snow days” that hit unsuspecting targets in 2020, mass endpoint infections can take your business back to pencil and paper overnight – and sometimes in a matter of seconds.
- Data exfiltration from Ransomware-as-a-Service, like Maze, is a more wide-ranging threat that could have your company in the headlines for the wrong reasons. And backups will not prevent your (or your clients’) data from being leaked to the dark web for direct extortion.
- A lurking “living off the land” threat can even follow endpoints back to the office once employees return, bringing new “friends” home to the campus network with them.
- Your new remote workforce is your weakest (clicked) link to a phishing attack.
Now, consider the fact that millions presently working off corporate laptops at home had no experience with remote work before 2020. Neither did their family members who work, online learn, and play on the same ungoverned private network. And this is all while your security team is shooting in the dark on remote endpoints.
The good news is that granular visibility – and control – is at your fingertips with Illumio Edge. Here’s a run-through of how it works in practice.
Identify Anomalies in Network Activity
With Illumio Edge, you can grab and group endpoints to quickly visualize flows from a particular department or function and then observe whether they’re behaving as expected. In Explorer mode, you can easily trace traffic visually by IP and ports, even to assess unexpected activity, like port scans that might be hitting your environment. Check out this quick video to see how Illumio Edge quickly visualizes your endpoint traffic and helps you analyze activity.
Assessing Threat Impact
New malware on Hacker News? Quickly check the relevant protocol or port to confirm whether it is or is not a problem. Then get on with your day. Here, you use Illumio Edge to view an endpoint trying to connect to other endpoints via RDP, a common protocol for propagating malware. This video shows how quickly you can gain insights with a few clicks.
Want to learn more?
- See more visibility in action and hear about a real-life Illumio Edge deployment to secure remote endpoints for shelter-in-place in our recent webinar, Zero Trust for the Endpoint: Control the Conversation.
- For quick information on Zero Trust with Illumio Edge, view a full demo here.
- If you’re a CrowdStrike customer, you can purchase Illumio Edge through the CrowdStrike store and leverage your existing Falcon agent for deployment. Learn more in our solution brief on Illumio Edge for CrowdStrike.