Note: Ericom Application Isolator is now available as ZTEdge Simplified Remote Application Access. Read more about it here.
VPNs are all the rage again. That’s not really surprising: Faced with pressure to quickly enable productive remote work during Covid-19 related closures, IT teams turned to – and in many cases, vastly extended — familiar remote access solutions that were often already in place – VPNs. Now, even though offices worldwide have started to reopen, IT organizations are accepting that elevated levels of remote work has become something of a new normal. Every week, I see more headlines like this one from Walmart, which says that thousands of workers will be permitted, and in some cases directed, to work remotely from home offices.
This new remote work reality has some IT and security professionals reassessing the security of the “temporary” solution they spun up in the rush to cover an anticipated few-month spike in remote work for their organizations. More specifically, they are concerned whether the VPN solutions they depend on give them the security they need going forward. This issue has become even more pressing with the discovery that hackers have increased their efforts dramatically in the last few months, with many attacks specifically targeting work-from-home users. For example, Google reported that they have seen an over 350% increase in the number of phishing websites during the pandemic.
While VPN technology has improved over the 20+ years since it was introduced into the IT landscape, it still seems to make the news every few months when some sort of glitch or newly discovered vulnerability exposes organizations to cyberattacks. This is one reason why the Cybersecurity Infrastructure Security Agency (CISA) encourages IT security teams to consider several cybersecurity recommendations to secure enterprise VPNs. While strategies like these have met with some success in securing VPNs and networks, they still leave networks exposed if a hacker somehow manages to penetrate security infrastructure and make their way onto the corporate network.
Understanding VPN and Network Security Vulnerabilities
Susceptibility to attacks is built into the very nature of VPN architecture, which requires corporate networks to be discoverable on the public internet. As a result, any malicious agent can “come knocking” on an organization’s VPN gateway, the virtual front door of its “house.” Once inside, they can move laterally within the enterprise network and see every “room” in that house — corporate applications and IT resources such as databases. Using brute-force attacks, vulnerability scanners and/or harvested credentials, they can then hack into those resources and applications without breaking a sweat.
For the countless enterprises that depend on VPNs, the challenge lies in securing the entry points to their applications and resources. Or, better yet, in keeping them from being discoverable at all.
Securing VPNs by Isolating Applications — Zero Trust Network Access
Let’s take the house analogy a bit further. What if you could turn off all the lights inside your house so unwelcome guests — attackers who manage to break into the network — can’t see what’s inside? Vastly reducing visibility inside house would prevent even the most sophisticated hacker from launching attacks on applications and databases simply because they don’t know they exist. This is how isolating applications complements VPNs and helps protect corporate resources.
Authenticated users who have access to thenetwork through VPNs are able to “see” only the specific applications, data and resources they are authorized to use. That means that one legitimate user might see three applications, while another sees seven. And the hacker? None. Application isolation is also an effective way to limit overly broad access for users logging into the network from corporate or branch offices.
Isolating applications is a simple and effective way to bring Zero Trust Network Access (ZTNA) controls — a key part of Gartner’s SASE framework — to your existing VPN and network. Ericom Application Isolator, a solution we recently introduced, is a simple, yet powerful, way to add these capabilities to your network infrastructure. Give it a try, and you will see how quickly you can give your network a Zero Trust Security boost…and turn out the lights on hackers.