How Next-Generation Endpoint Security Can Protect Remote Workers

The Security Threat from Remote Work

Government users who are working remotely pose a significant security risk for agencies. They increase the threat surface via the endpoints they use and how they use them.

First, users could be working on personal laptops or smartphones, which are not known for having the security controls that come with government-issued equipment, says Alan Shark, executive director of the Public Technology Institute (and one of StateTech’s 30 State and Local Government IT Influencers Worth a Follow). Users might also be conducting potentially confidential or sensitive work on unsecured home networks while using those devices. Those devices may also be shared by other members of the user’s household, which brings its own set of risks since that behavior cannot always be controlled.

“It’s like the coronavirus,” Shark says. “It may not be you. You may have good digital hygiene, but somebody else in your family may not.”

Users may also be more susceptible to social engineering or phishing attacks when they are at home. “You have people that transit between personal information and personal emails and work emails, and I think they become a little more lax and they don’t maintain that sense of discipline that they might have in an office, which is always a challenge anyway,” Shark says.

Malicious actors are also sending out more COVID-19-related emails that may look both urgent and official.

Some of these threats can be countered by having users log into government networks via a VPN, or using virtual desktop infrastructure to give workers secure access to the applications and data on a desktop from any approved endpoint with a network connection. VDI is especially beneficial if users have a strong broadband connection, Shark says, but a slow connection can lead to a degradation in service.

Mobile hotspots running on a cellular connection can allow users to connect to the internet more securely, according to Shark. Multifactor authentication is also a tool that agencies should employ to enhance endpoint security, he adds.

Finally, agencies should engage in aggressive patch management and ensure that users are actually applying software patches on their endpoints. “There needs to be a set of checks and verifications to make sure that the machines are not just eligible for these updates but that they are actually being done,” he says.

How Next-Generation Endpoint Protection Tools Can Help

Next-generation endpoint protection solutions are designed to help address some of the security challenges that have come to light with the shift to remote work. Such solutions still use reliable signature detection technology but now supplement it with newer techniques, including behavioral analysis, sandboxing, predictive analytics and threat intelligence.

Such tools are especially useful in countering the newest kinds of cyberattacks. Next-generation endpoint security is designed to reduce the time needed to detect an attack. The tools also feature endpoint detection and response technology, which moves beyond simple detection of a security compromise and manages an active response that contains the damage, isolates affected systems and recovers normal operations as quickly as possible.

Other elements of next-generation endpoint protection include centralized management, which enables administrators to control the configuration of security deployments, push security policies to endpoints and receive alerts generated from agents that reside on endpoints around the world.

Device control lets administrators modify the security configuration of endpoint operating systems and hardware, and application control enables techniques such as blacklisting and whitelisting apps.

Vulnerability protection proactively identifies missing patches, misconfigurations and other issues on Windows, Mac and Linux endpoints that attackers might exploit.

Next-generation endpoint platforms with access to real-time threat intelligence can analyze this information and deploy immediate updates to a vendor’s client base, allowing organizations to block IP addresses, update malware signatures and identify new adversary tactics quickly, providing rapid detection of evolving threats.

Such platforms are not inexpensive and do require an investment from government agencies, and they have a real cost, especially if they come in the form of a subscription that needs to be renewed annually or at a regular interval. Such costs may be more difficult to bear for state and local agencies facing budget cuts right now, but Shark says he thinks the cost is worth it.

Part of the reason is that, with remote workforces becoming a more fixed part of the government landscape, agencies will save money on overhead and building costs long term. Another reason is that insurance companies that provide cybersecurity insurance may start insisting agencies deploy next-generation endpoint security protections as the criteria for getting the best policy rate.

“It’s about risk and what you are willing to risk,” Shark says. “If you have more people in the field, and we understand that because they are in the field there are extended vulnerabilities for the reasons that we state, then it makes absolute sense to employ known technologies to mitigate that risk.”

Shark says government agencies need to be more vigilant about security than even the private sector because they need to maintain citizens’ trust, which he noted is a “rare commodity these days.” That’s why he thinks investing in next-generation endpoint security is worth the cost.

“The general public, when something happens to a company like a Target or a Home Depot, they can go to another store,” he says. “You can’t go to another government. To me, doing everything that is known that is possible is critically important to ensure the protection of the system that ultimately ensures public trust.”

MORE FROM STATETECH: Find out how states can best quantify cybersecurity risks.