For any company, the ability to securely connect to the Internet and corporate networks is an essential part of everyday business. Security is even more critical, and often much harder, when a company’s business is transacted through hundreds or thousands of branch offices or remote locations.
To protect the entire enterprise, management must make sure that their branch office staff members, as well as their customers, do nothing that might compromise overall security.
Cradlepoint recently announced the immediate availability of Zscaler Internet Security to provide distributed enterprises with an integrated, comprehensive way to implement content filtering, application control, and web security—all in an easy to use, easy to deploy solution. Our new solution works on all Cradlepoint devices, and can be setup in minutes from the cloud.
To make it very clear how our first-to-market security solution works, my team and I will be writing a series of blog posts that explore: 1. Why branch offices/distributed locations are particularly vulnerable to security threats. 2. What specific threats branch offices/remote locations face. 3. How the Cradlepoint/Zscaler solution acts to defeat those threats. 4. How Cradlepoint can now offer customers comprehensive security protection via best-in-breed applications like Unified Threat Management.
Part One: Why are the Branch Offices so Vulnerable?
In terms of security, 2014 was a notable year. The data breaches, particularly in retail, started during the 2013 holiday season when hackers accessed Target’s HVAC system and pivoted to its Point-of-Sales systems. By the time they were done, the hackers stole an estimated 70 million plus credit cards. This was followed by a PoS hack at Home Depot. Then came a breach at Neiman Marcus. Others followed, until the mother of all hacks took place in mid-November when, authorities believe, the nation of North Korea attacked Sony Entertainment.
Enterprise IT departments have quickly discovered just how difficult it can be to keep everyone from “hacktivists” to cyber criminals to nation-states out of their networks.
If you run a distributed enterprise, the news gets even worse. Gartner Research estimates that by 2016 more than 30% of advanced targeted threats will target the branch office/Network’s Edge as the vulnerability entry point. There are a number of factors that make branch office/Network’s Edge the weak link in the corporate security chain:
Easy Accessibility: Unlike a corporate headquarters, these entry points open doors wide to all visitors. This makes it very difficult for branch staff to tell if someone is looking for a good deal—or for a way to break into the branch network and pivot to the corporate system.
Mobile/BYOD/WiFi: The proliferation of mobile and Bring Your Own Devices (among both customers and employees) makes it hard to lock down a branch’s network security. Combine that with the growth of guest WiFi networks, and you’ve got an environment ripe for breaches.
The Internet of Things (IoT): More connected devices means more network on-ramps, more vendors, more access to third-party systems… and more potential holes in the fence. Cradlepoint is successful selling parallel networks (air gapping) in many of these situations, but some companies invite trouble by continuing to run non-critical and vendor applications over their branches’ primary connections, creating vulnerabilities.
The Speed of the Hack: Now add to these vulnerabilities the fact that most branches have no onsite IT support and you get an even scarier dilemma: intrusions at the branch-office level tend to happen extremely quickly, then can take weeks or even months to discover.
Branch offices are increasingly attractive targets for bad actors. But just what kinds of attacks will be taking place at the edge? Stay tuned for Part 2: Specific Threats.