The phish are biting.
As we noted in a recent post, phishing attack complaints have soared since people began working remotely in mass numbers. That was not entirely unexpected — the pandemic-triggered shift forced many organizations to make some hasty decisions about how to provide secure network access to remote employees.
A third of IT security professionals say they were unprepared for the sudden transition, according to a recent study. With only a few days to put a plan in place, IT teams often scrambled to deploy multiple off-the-shelf solutions for secure remote access.
While functional, those solutions don’t deliver the same level of protection that organizations have come to expect from their on-premises security measures. With remote work likely to remain a standard option for the foreseeable future, organizations must reconsider what they are doing to minimize vulnerabilities.
Using a combination of Cisco Umbrella and Duo Security is a great way to meet today’s security challenges. Umbrella provides a first line of defense by blocking malicious and unwanted domains, IP addresses and cloud applications before a connection is ever established. Duo adds multifactor authentication (MFA) to verify users’ identities before granting access to corporate applications.
In tandem, Umbrella and Duo enable remote workers to securely access business-critical data and applications from any location using a variety of company-issued and personal devices. Best of all, these cloud-based solutions can be implemented in minutes, providing almost immediate protection against phishing, ransomware and other malicious attacks.
Protecting the DNS Layer
Umbrella is a secure Internet gateway that delivers DNS-layer protection at all ports and protocols, as well as direct-to-IP connections. Anytime a user clicks a link or types a URL, it launches a DNS request to connect the IP address with the requested domain. If the domain or IP address is known to be associated with malicious activity, Umbrella safely routes users to a block page instead.
Rather than proxying all traffic, which can impact performance, Umbrella routes requests to potentially dangerous sites for deeper inspection. Even if a device is somehow compromised, Umbrella prevents connections with an attacker’s command-and-control servers so that malware can’t be executed and data can’t be exfiltrated.
Umbrella integrates a secure web gateway, cloud-delivered firewall and cloud access security broker (CASB) for additional protection. It also features machine-learning models to uncover new attacks and provide real-time context on malware, phishing, botnets and other threats.
Going Beyond the Password
Duo can eliminate many threats that result from weak, default or stolen passwords, which play a role in up to 80 percent of all data breaches. Duo provides stronger authentication by generating a second authentication factor, typically delivered by phone, email or text.
Duo also can be used to establish a zero-trust access model that limits data and application access to only those users who require it. A zero-trust model assumes that everyone and everything accessing network resources is a threat until their identity has been verified and validated. Duo allows you to set up and manage detailed access policies in minutes via a simple, intuitive administrator dashboard.
Training Users Is Essential
While the Umbrella-Duo combination will dramatically improve security for the remote workforce, it can’t fix everything. Effective security will always be heavily dependent upon employee awareness. With hackers actively working to exploit people instead of software flaws, establishing a “human firewall” through ongoing training and education is just as important as investing in technology solutions.
Give us a call to learn more about Cisco Umbrella and Duo, and how to augment them with RMM’s employee education programs that show remote workers how to recognize and avoid common threats.