With more than two million and more coronavirus cases, the pandemic does not seem to be slowing down anytime soon. Businesses have no choice but to continue using the homeworking model, and while some employees may be happy with it, businesses have reason to be concerned as hackers work overtime.
According to the data, soon after activating remote work, around 40% of companies noticed an increase in cyberattacks on their network. Many of these attacks involve DDoSing, which forces offline business networks, causing significant financial damage due to too long downtime.
At the same time, cybercriminals have also stepped up phishing attacks. Since January, around 4,000 domains related to coronavirus have been registered worldwide. Among them, 5% are suspicious and 5% are malicious, which represents a 50% higher risk than your standard website.
Coronavirus websites pose 1.5 times malware risk
Coronavirus-themed Phishing and Phishing Tackles Everyone's Hunger for Covid-19 News, Causing Employees to Interact with Questionable Websites, Download Malware Infected Files or even share sensitive corporate data. The number of people affected by these scams is also increasing because employees do not take the same safeguards as those provided to them in an office.
Instead of work computers connected to a corporate network, many work from their own devices connected to their home Internet. Blurring the lines between professional and comfortable, it is much easier for employees to let their guard down and be distracted, seeing them unknowingly answering a phone call from an unknown number, thinking it is from a colleague who is not listed in their contacts, or click on an unverified email claiming to offer details about the “newly developed Covid-19 vaccine”.
If something like this happens, the results are obvious – employee devices will be infected with malware (especially ransomware), which in turn will infect your entire network, and scammers will easily get their hands on all your precious data.
Add to this the financial constraints that your business is already facing (remote configurations, additional bandwidth, paying rent for a workspace that you no longer use), and your business will be powered up even before the end of the quarantine.
This is where an SDP comes in.
What is an SDP?
SDP stands for Software Defined Perimeter. Without getting too technical, it is a security solution that bases the perimeter of your network on software rather than on hardware. It establishes a virtual limit at the network layer instead of the application layer and authenticates devices and user identities before granting them access to your servers.
To provide complete protection against network attacks, the SDP architecture uses five layers of security:
- SPA – Single packet authentication
- mTLS – Mutual security of the transport layer
- DV – Device validation
- Dynamic firewalls
- AppB – Application link
How do SDP connections work?
Although terms may vary from service to service, an SDP uses three elements to operate:
- The SDP client – Usually in the form of an application.
- The SDP controller – It is the trusted broker between the employee / device and the company network.
- The SDP gateway – Also called access node, it grants the user access to the requested network.
Since all of this seems a bit complex and vague, here is a basic diagram of how an SDP works:
- Employees use a dedicated application, run it, and go through the authentication process. Once successful, the client will whitelist them and establish a new connection to the controller.
- The SDP controller establishes trust between the client and the backend resources (basically, it negotiates an encrypted connection).
- The gateway grants the user access to the resources they need. Instead of connecting to a large network, however, the SDP will establish a dedicated network connection for them that no one else can access.
In simple terms, when you use an SDP, it's like using a web server with an Internet connection but absolutely no open connection with any device, making your company's servers virtually invisible.
How can a SDP protect corporate data during the Covid-19 pandemic?
This explanation probably gave you a basic idea of what an SDP can do for your business, but some of you may still not be using one. Here are the advantages of securing your network with an SDP during this pandemic and beyond:
Secure your network against malware
The goal of any phishing attack is usually to infect a device. If a hacker takes control of an employee's device with malware, it quickly spreads it to your network when it connects to it.
Even if this happens, an SDP can protect your servers. Basically, if a user with an infected device were to request access to the network, the SDP will scan their device for malware (in addition to other security inspections). If it detects malicious activity, it will block (and sometimes even blacklist) the device.
In addition, SDPs integrate seamlessly with any IdP (Identity Provider) solution, which means you can implement multi-factor authentication (MFA). It's a great defense against hackers who secretly steal employee login credentials. They will not be able to connect to your network with them because they will not have the necessary MFA codes.
But while an SDP can protect your network from this, that doesn't mean you shouldn't take extra steps to secure your employees' devices from Coronavirus-themed phishing.
It is best to offer them training on how to detect and protect themselves from phishing. That's some useful advice from EFF. In addition, perhaps ask your employees to use:
Avoid costly downtime by preventing DDoS attacks
DDoS attacks generally require IP addresses to operate. This is how hackers target the network with unwanted traffic and requests.
An SDP helps with this by using SPA, which obscures the client's IP address. It's not just a matter of replacing the original address with a new one. Instead, an SDP makes it completely invisible. In addition, it can even delete all DNS information from the application infrastructure to further mask the network and ensure that there are no open ports.
In addition, even if an attacker were to acquire internal knowledge of the SPA security layer in one way or another, he would still not be able to DDoS your network. The server will simply reject any DDoS attempts before initiating the mTLS contact.
More MITM risks
Your network security may be tight, but your employees' home networks likely have certain vulnerabilities. And that's exactly what an experienced hacker would need to launch a middle man attack (MITM) to spy on their traffic or infiltrate your network.
An SDP relies on a rigorous user and device authentication process to prevent this from happening. Not only does it verify the identity of users and their device, but it also verifies their location, their project and their time. Then, it evaluates this data against predefined conditions before granting access.
In addition, bidirectional cryptographic authentication verifies that the device requesting access has the necessary private key. And yes, the SDP checks if the key is not revoked or expired.
In addition, an SDP dynamically creates and lifts firewall rules, ensuring that each user has access only to the resources they need. In addition, users do not share the same network because they all use a private network, much like a VPN.
Twingate – Simple to use and high-end security
Many companies fear that it will be too difficult for employees to adjust to the use of a PLS. This is why we recommend Twingate.
The use of Twingate does not require any technical know-how from your employees. All they need to do is download and install the client (via the App Store, an installation package or MDM), authenticate with your existing IdP, and they're ready to go.
The controller will do the rest, pushing signed permissions and rules to clients, as well as negotiating encrypted connections between clients and resources. Once everything is confirmed, the nodes route users to the appropriate resources.
Twingate features we love:
- It has one click and one-click employee / third party boarding.
- No hardware or application changes are required to deploy the nodes.
- The controller is scalable with more than 580 access points worldwide.
- Twingate integrates seamlessly with RBAC and ABAC policies + your existing stack.
- The service offers full audits of employee actions.
Overall, Twingate offers true ZKA (Zero Knowledge Architecture) and frictionless deployment.
Doesn't a corporate VPN work as well as an SDP?
Not really. Although a VPN offers end-to-end encryption for remote connections, it does not have a strong authentication process in place. If an employee's VPN account or device is compromised, a hacker could breach your network.
In fact, an SDP is superior to a VPN in almost every respect:
- VPNs can offer DDoS protection, but your network can be compromised in the event of a leak. With an SDP, even if a hacker somehow manages to find your IP addresses, it cannot flood your network because there are no open ports.
- SDPs are much better for managing multiple levels of network access. Unlike VPNs, you don't need to set up multiple accounts for all services, because SDP creates a separate network for each user. In addition, since employees only use the resources they need, you could save on bandwidth costs.
- With an SDP, you can actually get VPN connectivity. Many SDPs integrate VPNs into their architecture to provide secure network connections. On the other hand, you don't get SDP functionality with a VPN.
Still, if you're a freelancer or running a very small business and don't think you need an SDP, a corporate VPN can be a good, cost-effective alternative. Here's a guide to the best VPNs for small businesses on the market.
The pandemic is not improving anytime soon, so remote work is here to stay. Unfortunately, hackers take advantage of this through MITM, DDoS and phishing attacks.
Corporate VPNs may seem like a good way to protect your network, but SDPs offer much better security because they authenticate both user identity and device integrity. In addition, they fully protect against DDoS attacks by effectively making your corporate network invisible.
If you have questions about the SDP or would like to add more information to this discussion, please share your thoughts in the comments below.