The Covid-19 pandemic is now into its ninth month in Australia and yet many organisations are still rolling the dice and allowing remote workers to access corporate networks from unmanaged personal devices.
These devices can include mobile phones, laptops, tablets, desktops, USBs and some employees are also using personal WiFi internet connections to access the corporate network.
The rise in unmanaged network-connected devices increases the attack surface of the enterprise and allows cybercriminals to capitalise on the weakest link - the user endpoint - to gain a foothold into the network.
If compromised devices on the network go undetected, they can be used as launch pads to target higher-value assets, gain access to sensitive information, and cause significant business impact.
The biggest security risks associated with unmanaged devices are
The outcome of these two risks is an increased likelihood of a cyber security incident which could involve lockdown or loss of corporate data, resulting in significant financial and reputational loss.
Even remote workers with corporate devices, behave in ways that threaten the security of the network including
Ultimately the challenge is to bring a level of visibility and control to unmanaged devices, and safely enable their use.
To achieve this, a process is needed to find devices that are not secured, appropriately control their connections,
monitor their traffic and behavior, and block any malicious behavior.
All of this needs to be done in the context of how a device is used so that only the actions and privileges that are required to support the business are sanctioned.
For corporate-owned devices, the simplest way to address the issue could be to apply the combination of a Unified Endpoint Management (UEM) agent to the endpoint; and a Mobile Threat Defence solution across the endpoint, application management and the network.
However, for personally-owned devices, it is unlikely that end users will agree to, or reliably enable, the installation of an endpoint agent. So what to do? Here are the four steps to navigate:
Establishing visibility is a critical first step. You can't manage what you can't see. Having a complete asset inventory of all devices on the network is a critical foundation for an effective security solution. Given that unmanaged devices can be transient, such as a device introduced by an employee or contractor, it is important that the device discovery process is both continuous and automated.
Once a device is visible, the next step is to understand what it is doing and whether the actions are acceptable. This means observing device behaviour over time to establish baselines, and comparing observed behaviour to other devices of a similar type or functional role. This profiling should include an understanding of common network connections, protocols in use and other typical behaviors. This phase is also critical for understanding how a device is used in the enterprise, so that we can establish appropriate policies that truly enable the device and the business.
Next, is to proactively control the attack surface presented by unmanaged devices. This will require the organisation to establish sanctioned behaviours based on the type of device and its role. At a high level, this means setting what is allowed, and denying the rest.
Having identified and enforced approved behaviour, the next step is to identify malicious behaviour. As well as identifying the signs of malicious tools and techniques, it is also necessary to monitor for signs that a device may be compromised. Once a threat is identified, there needs to be in place the ability to block the threat automatically. If a device is acting as an exfiltration channel of the network, we obviously need to stop the flow of data automatically in order to mitigate damage.
MobileCorp is an Australian ICT services company who assists enterprise and business to solve mobility issues. We recommend Wandera as an excellent product to manage the unmanaged devices on your network.
Wandera delivers unified cloud-based endpoint, application and network security for enterprises including private network access and mobile threat defence.
The company, which has an Australian office, has been highlighted in two Gartner Market Guides in 2020 for zero trust network access and for mobile threat defence.
Two key features of Wandera are:
MobileCorp is an enterprise ICT solutions company with a mission to deliver our customers a communications technology edge. We provide Managed Mobility Services, Enterprise Mobility Management, Complex Data and IP Networks, and Unified Communication solutions. We have a proven track record providing managed services for Australian enterprise and business, and we are a Telstra Platinum Partner.