Page 39 - Cyber Defense eMagazine February 2024
P. 39

For example, the Cloudbrink service uses transient points of presence (PoPs) called FAST edges, which
            are spun up on demand and spun down at the end of a session. Unlike ZTNA services that rely on
            dedicated physical PoPs, this means there are no permanent IP addresses to attack.

            Cloudbrink further shrinks the attack surface by sending traffic over multiple routes. Users of the service
            are connected to three FAST edges and the routes taken by traffic change each time they use that
            application. With no fixed route and no fixed network provider, potential attackers will struggle to find a
            target.

            The  third  element  in  the  defensive  armory  is  short-life  security  certificates.  Administering  security
            certificates is an operational headache – one reason why many vendors leave them in place for anything
            from six months to 10 years. Cloudbrink implements  mutual Transport Layer Security (TLS) 1.3 with
            certificates that are refreshed after only eight hours. In the unlikely event an attacker gains access to the
            user’s account or device, it means they only have a brief window of opportunity to make mischief.

            Lastly, while everyone is focused on remote users, perhaps the most important (and most ignored) aspect
            of hybrid work is that the same users will be in the office two to three days a week.


            If a user was on a compromised network when they were traveling, you now have that user/device on
            your network. Now multiply that problem by tens of thousands of users and devices.

            Just because an employee carries a badge, it doesn’t mean you should give them unaudited access to
            your internal network.

            So, hybrid work is going to require a change of mindset that not only affects the view of external networks
            but internal ones too. You might think of the in-office network as a giant coffee shop network which
            delivers the same levels of security control as if the user were accessing your systems from an external
            network.

            What else needs to change?

            We believe that as more users become hybrid workers, it will no longer be acceptable to offer a different
            in-office and work-from-anywhere experience. Security will always be a top priority, but CIOs will not
            accept it as a valid excuse for suboptimal user experience. They won’t settle for security at the expense
            of performance. They will demand both.



















            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          39
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   34   35   36   37   38   39   40   41   42   43   44