SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Malware
#
Data Protection
#
Ransomware

Video: 10 Minute IT Jams - The growing complexity of cybersecurity in 2020

Fri, 2nd Oct 2020
FYI, this story is more than a year old
Author image
By Nick Forrester, Senior News Editor

Remote working has changed the face of cybersecurity.

As businesses worldwide adapted to the challenges of the Covid-19 pandemic, the security of endpoints - devices that access company networks - was thrust into the spotlight. Sir Chandran, Director of Product Management for global cybersecurity company SonicWall, joined us to discuss how organisations have navigated these complexities and what steps they are taking to protect themselves in a new era of digital threats.

With the onset of lockdowns and the sudden shift to remote work, many organisations found themselves ill-prepared to provide dedicated corporate devices to employees. This led to a rapid rise in BYOD - bring your own device - policies, where staff used their personal computers and laptops to access sensitive company systems.

Chandran observed, "There's been a significant challenge this year. Not every business could afford to just send devices out to their employees, or to be able to prepare for what they needed to do to protect themselves as well."

What began as an improvised solution quickly revealed new risk factors. Personal devices used for work often double as family computers, especially with children engaged in online schooling. This mix raises alarming questions for security teams: What sites are being visited? Are the apps downloaded onto these machines safe? Chandran warned, "That in itself represents an unknown quantity for most corporate networks because they don't really know who's using the device. The biggest change is with the children going online for their schooling as well… it becomes sort of a shared machine."

Few home users have the luxury or inclination to purchase up-to-date security infrastructure, such as premium antivirus programmes or home firewalls. Most rely on default internet service provider routers. By the time an employee connects their personal device to a corporate network, it could already be compromised, but "as an IT admin or as a security admin you have no idea what this device is or whether it's something that's already going to be able to compromise your network or your data," Chandran explained.

So, what can businesses do in the face of such ambiguity? According to Chandran, the first step is a drastic shift in mindset. "I like to quote X-Files on this: trust no one. That's really what the new mantra is - zero trust." This approach requires constant verification that users, and the devices they employ, are trustworthy each time they connect to company systems.

Implementing 'zero trust' means enterprises must find ways to guarantee that devices are protected "wherever they are." That can mean issuing and managing laptops remotely or taking control of employees' own devices by requiring them to install endpoint security solutions. Chandran highlighted widespread moves towards processes like "mandating that whatever device you're using… is protected and is secure or at least needs some basic security parameters."

Even when using popular business platforms, the trade-off between convenience and control is evident. Chandran gave the example of signing up to a cloud-based productivity service. "The first thing they ask you is, are you okay with your organisation taking control of your device? Because that's really important."

Modern endpoint security solutions are designed to guard against the full spectrum of online threats, including malware, ransomware, and advanced attacks. But protection must go beyond traditional antivirus. "Can we reduce the probability of being compromised?" Chandran asked. Effective solutions now need to manage vulnerabilities, restrict which websites can be accessed, and control which external devices such as USB sticks can be used - a particular weak spot, he noted, as "malware tends to stem from there."

When it comes to deploying security, one size does not fit all. Each organisation faces different challenges, from budget constraints to regulatory requirements specific to their industry. "Some would say, hey, we don't have the budget to pay for security and so we'll just go with the cheapest thing out there. I think that's probably not the wisest decision to make," Chandran said. While financial pressures are real, he stressed the importance of adopting technologies that use "modern capabilities… things that are more focused on behavioural and machine learning type technologies."

Flexibility is just as important as strength. Some businesses may need to allow mobile devices, while others may want to ban them outright. As Chandran explained, "You want the ability to have granular policies, the ability to be able to pick what features you want to choose, and decide whether you want to use a baseline policy that's recommended or do you want to customise it in whatever way you want."

For organisations relying on managed service providers or operating with multiple divisions, being able to set those individual policies and scale them to hundreds or even thousands of endpoints becomes paramount. Chandran described the need for "a console that is able to give you all of that at scale."

He concluded that although the landscape is complex, recent advances in endpoint technology now allow for a combination of strong protection and bespoke configuration. "We're very lucky, I think. Our customers are definitely very lucky… We bring the best in class next-gen anti-virus technology to our customers but we've also added our own sort of flavours to it. Combine that with a cloud-based management console which brings all that flexibility, we think our customers have a win-win situation."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Panaseer launches tool to automate enterprise compliance tasks
Innovation forges a secure & sustainable technology future
Ransomware attacks expose urgent risks for critical utilities
Outpost24 expands platform for data & social threat defense
Fortinet first quarter revenue surges to USD $1.54 billion
Top stories
Fortinet launches FortiGate 700G with AI & quantum protection
DXC launches solution with SAP & Microsoft to boost AI use
Barracuda boosts threat detection with multimodal AI upgrade
BlueVoyant launches tailored Microsoft Security optimisation service
Mid-market APAC firms boost cybersecurity but lag in AI use