With over two million Coronavirus cases and counting, the pandemic doesn’t seem to be slowing down anytime soon. Businesses have no choice but to continue using the work-from-home model and while some employees might be happy about it, companies have plenty to worry about as hackers are working overtime.
Business-related cyberattacks are getting worse
According to data, shortly after enabling remote working, around 40% of businesses saw an increase in cyberattacks on their network. Many of those attacks involve DDoSing, which forces business networks offline, causing significant financial damage due to too much downtime.
Alongside that, cybercriminals have also ramped up phishing attacks. Since January, around 4,000 Coronavirus-related domains were registered around the world. Out of them, 5% are suspicious and 5% are malicious, which is 50% higher risk than your standard website.
Coronavirus-themed phishing and vishing preys upon everyone’s hunger for Covid-19-related news, tricking employees into interacting with dodgy websites, downloading malware-infected files, or even sharing sensitive corporate data. The amount of people falling victim to these scams is also increasing because employees don’t take the same safeguarding measures provided to them in an office.
Instead of work computers hooked up to a corporate network, many are working from their own devices connected to their home internet. Blurring the lines between professional and comfortable, it’s much easier for employees to let their guard down and get distracted, seeing them unwittingly answer a phone call from an unknown number believing it to be a colleague that’s not listed in their contacts, or click on an unverified email that claims to offer details on the "newly developed Covid-19 vaccine.”
If anything like that happens, the results are obvious - employee devices will get infected with malware (especially ransomware), which will in turn infect your whole network, and scammers will easily get their hands on all your valuable data.
Add that to the financial strain your business is already dealing with (remote setups, extra bandwidth, paying rent for a workspace you’re no longer using), and your company will go under before the quarantine even ends.
This is where an SDP comes into play.
What is an SDP?
SDP stands for Software Defined Perimeter. Without getting too technical, it’s a security solution that bases your network’s perimeter on software instead of hardware. It establishes a virtual boundary at the network layer instead of the application layer and authenticates user devices and identities before granting them access to your servers.
To offer complete protection from network attacks, SDP architecture uses five layers of security:
- SPA – Single Packet Authentication
- mTLS – mutual Transport Layer Security
- DV – Device Validation
- Dynamic firewalls
- AppB – Application Binding
How SDP Connections Work?
While the terms might vary from service to service, an SDP uses three things to function:
- The SDP client – Usually in the form of an app.
- The SDP controller – This is the trust broker between the employee/device and the company network.
- The SDP gateway – Also called an access node, it grants the user access to the requested network.
Since that all sounds a bit complex and vague, here’s a basic sketch of how an SDP would work:
- Employees use a dedicated app, run it, and go through the authentication process. Once they pass, the client will whitelist them, and will set up a new connection to the controller.
- The SDP controller establishes trust between the client and the backend resources (basically, it negotiates an encrypted connection).
- The gateway grants the user access to the resources they need. Instead of getting logged into a large network, however, the SDP will set up a dedicated network connection for them which nobody else can access.
Simply put, when you use an SDP, it’s like you’re using a web server with an Internet connection but absolutely no open connections with any device, rendering your company servers pretty much invisible.
How can an SDP protect company data during the Covid-19 pandemic?
That explanation probably gave you a basic idea of what an SDP can do for your company, but some of you might still be on the fence about using one. So, here are the perks of securing your network with an SDP during this pandemic and beyond:
Secure Your Network against Malware
The goal of any phishing attack is usually to infect a device. If a hacker takes over an employees’ device with malware, they’ll quickly spread it to your network when they connect to it.
Even if that happens, an SDP can protect your servers. Basically, if a user with an infected device were to ask for access to the network, the SDP will analyze their device for any traces of malware (alongside other security inspections). If it detects any malicious activity, it will block (and sometimes even blacklist) the device.
Also, SDPs seamlessly integrate with any IdP (Identity Provider) solution, meaning you can implement multi-factor authentication (MFA). That’s an excellent defense against hackers who secretly steal employee login credentials. They won’t be able to connect to your network with them because they won’t have the necessary MFA codes.
But while an SDP can protect your network from that, it doesn’t mean you shouldn’t take extra measures to secure your employees’ devices against Coronavirus-themed phishing.
It's best to offer them some training on how to spot and protect themselves from phishing. Here are some useful tips from the EFF. Additionally, maybe ask your employees to use:
Avoid Costly Downtime by Preventing DDoS Attacks
DDoS attacks usually need IP addresses to work. It’s how hackers target the network with unwanted traffic and requests.
An SDP helps with that by using SPA, which obfuscates the IP address of the client. This isn’t just a matter of replacing the original address with a new one. Instead, an SDP completely makes it invisible. What’s more, it can even strip all DNS information from the application infrastructure to further hide the network, and makes sure there are no open ports.
Also, even if a hacker were to gain inside knowledge about the SPA security layer somehow, they still wouldn’t be able to DDoS your network. The server will simply discard any DDoS attempt before initiating the mTLS handshake.
Check out our "what is a DDoS attack" guide for more information on this topic.
No More MITM Risks
Your network security might be strict, but your employees’ home networks probably have some vulnerabilities. And that’s just what a skilled hacker would need to initiate a man-in-the-middle (MITM) attack to spy on their traffic or infiltrate your network.
An SDP relies on a rigorous user and device authentication process to prevent that from happening. Not only does it verify user identity and their device, but it also checks their location, project, and time. Next, it evaluates that data against pre-defined conditions before granting access.
Also, the two-way cryptographic authentication checks that the device requesting access has the necessary private key. And yes, the SDP verifies if the key isn’t revoked or expired.
Plus, an SDP dynamically creates and lifts firewall rules, making sure each user only has access to the resources they need. Furthermore, users don’t share the same network, as they all use a private one, much like a VPN.
Twingate – Simple to Use & High-End Security
A lot of businesses worry that it’ll be too hard for employees to adapt to using an SDP. That’s why we recommend Twingate.
Using Twingate requires no technical know-how on your employees’ end. They just need to download and install the client (through the app store, an install package, or MDM), authenticate with your existing IdP, and they’re good to go.
The controller will handle the rest, pushing signed permissions and rules to the clients, as well as negotiating encrypted connections between clients and resources. Once everything is confirmed, the nodes will route users to the appropriate resources.
Twingate features that we love:
- It has single-click employee/third-party onboarding and offboarding.
- No hardware and application changes are necessary to deploy nodes.
- The controller is scalable with 580+ points of access worldwide.
- Twingate seamlessly integrates with RBAC and ABAC policies + your existing stack.
- The service offers comprehensive audits of employee actions.
Twingate is also a great alternative to a VPN, providing improved levels of security when accessing service like AWS, Azure and GCP.
Overall, Twingate offers real ZKA (Zero Knowledge Architecture) and zero-friction deployment.
Doesn’t an Enterprise VPN Work Just as Well as an SDP?
Not really. While a VPN offers end-to-end encryption for remote connections, it doesn’t have any rigorous authentication process in place. If an employee’s VPN account or device gets compromised, a hacker could breach your network.
In fact, an SDP is superior to a VPN in just about every way:
- VPNs can offer DDoS protection, but your network can be compromised if they suffer leaks. With an SDP, even if a hacker somehow manages to find your IP addresses, they can’t flood your network since there are no open ports.
- SDPs are much better at handling multiple levels of network access. Unlike VPNs, you don’t need to set up multiple accounts for all departments since the SDP creates a separate network for each user. Plus, since employees only use the resources they need, you might save on bandwidth costs.
- With an SDP, you can actually get VPN connectivity. Many SDPs incorporate VPNs into their architecture to provide secure network connections. On the other hand, you don’t get SDP functionality with a VPN.
Still, if you’re a freelancer or run a very small business and don’t think you need an SDP, an enterprise VPN can be a good, cost-effective alternative. Here is a guide to the best VPNs for small businesses on the market.
The pandemic isn’t getting better any time soon, so remote working is here to stay. Unfortunately, hackers are taking advantage of that through MITM, DDoS, and phishing attacks.
Enterprise VPNs might seem like a good way to protect your network, but SDPs offer much better security since they authenticate both user identity and device integrity. Also, they fully protect against DDoS attacks by effectively making your company network invisible.
If you have any questions about SDPs or have more information you’d like to add to this discussion, please share your thoughts in the comments below.