Even before COVID-19, remote work was becoming more commonplace around the world as companies and employees discovered the many benefits of teleworking. The Global Workplace Analytics Cost & Benefits survey found that teleworkers in several large companies were between 35-40% more productive than their office counterparts. Similarly, a study by Gallup found that remote workers were substantially more engaged in their jobs than their counterparts in the office.
However, remote work introduces new security challenges for IT security teams that have traditionally focused on managing risk within the confines of a traditional office environment. In the perimeter-less workplace, the focus shifts to data and users’ interactions with the data as the new perimeter. Unfortunately, many traditional rules-based security solutions are not inherently designed to protect data nor users. Rules are based on what (little) we know about the data. Since humans can’t predict what future cyber-attacks will look like, we can’t write rules for these scenarios.
Adapting to the New Perimeter-less Workplace
In the traditional workplace, visibility is often limited to company-owned devices, networks, and employees’ behaviors at the office. By contrast, the perimeter-less workplace requires IT to monitor
personal devices and employee behavior outside of the confines of the corporate facility. A perimeter-less workplace also requires IT to adapt traditional risk management approaches and augment existing security technologies with intelligent security analytics solutions.
Security Analytics Designed for Remote Workers
Gurucul’s Unified Security Analytics applies identity-centric, model-driven data science, machine learning, anomaly detection and, predictive risk-scoring algorithms to identify abnormal behaviors and activities indicative of security threats. It generates a unified, dynamic risk score for every user and entity. Using Gurucul’s Unified Security Analytics, security teams can establish baselines for remote workers that understand how remote users interact with data and identify aberrant behavior outside the workplace.
Remote employee habits are different from their peers sitting in the office. For example, without a long commute to the office, instead of logging into the corporate network and starting their workday at 9 a.m., some are online at 7 a.m. A recent survey found that while most remote workers work at home, 37% also work at coffee shops and cafes. Also, the same survey found that 44% of remote workers travel.
Gurucul’s Unified Security Analytics Platform understands how remote workers behave. For example, the Platform can build and track a remote user’s session state, even when the user navigates across heterogeneous resources or applications using different accounts and devices at different times and from different locations. Leveraging machine learning, the Platform dynamically builds session correlation attributes used to build session context and links subsequent activities based on a confidence factor. This enables the identification of valid IP switching due to transitions between wired and wireless networks, a workstation and a handheld/mobile device, or accessing enterprise resources from various onsite locations or remotely over VPN. The Platform’s ability to track the user’s sessions across these various parameters ensures a significant reduction in false positives while simultaneously delivering greater visibility into the sequence of events. It also provides the capability to drill down to specific activities performed by a user or entity while performing an investigation.
Gurucul Advantages Over Traditional Rules-Based Solutions
Unlike traditional rules-based security solutions that rely on humans to write the rules to detect potential threats, Gurucul’s security analytics and machine learning can find data anomalies by leveraging predictive cues that are too complex for humans to detect. For example, Remote Access Trojans (RAT) generate anomalous data from several system resources which would be difficult for humans to identify. Machine learning algorithms would detect this activity as atypical since they represent system services or resources that aren’t ‘normally’ running.
Gurucul’s User and Entity Behavior Analytics (UEBA) which is a part of the Platform doesn’t track security events or monitor devices, instead, it tracks users and entities. UEBA focuses on employees who may have been compromised or gone rogue as well as cyber criminals who may have already breached your network. As we noted in an earlier blog, given the increase in COVID-19 related malware, there’s a higher likelihood that employees will unintentionally click on malicious links and may have their login credentials stolen. As it’s difficult for cybercriminals to mimic the behavior of compromised employees, UEBA has the benefit of being able to easily detect these deviations in the compromised employees’ behaviors.