Secure Remote Worker Use Case 3:
URL Filtering, SaaS Access Control, and Visibility
A cloud-based secure web gateway (SWG) gives cybersecurity teams complete visibility and control over traffic that bypasses the VPN. Consider these two use cases.
Use Case One:
User 1, an accountant in the finance department, works from a cubicle in the corporate headquarters. Most of her day is spent crunching numbers using the company’s on-premises SAP accounting solution, but occasionally she needs to pull customer information from Salesforce.com. SAP traffic remains inside the corporate firewall, sealed off and protected from malicious actors. Based in the cloud, Salesforce requires a persistent connection to User 1’s laptop, and as traffic flows through the firewall, security policies such as anti-malware monitoring, URL filtering, data loss protection (DLP), acceptable use policies (AUPs), and other security controls are applied.
Use Case Two:
User 2, also an accountant in the finance department, works remotely from home, thousands of miles from the company’s headquarters. He spends his day in much the same way, analyzing data in the SAP solution and occasionally accessing Salesforce.com to check customer status. SAP data is routed through a VPN, applying the appropriate security policies that detect and eliminate malicious content. However, routing Internet traffic through the VPN is not sustainable. The persistent connection to Salesforce coupled with routine web browsing, video conferencing, and personal webmail overwhelms the VPN, dramatically slowing performance and User 2’s productivity. To get around that, the security team could either build a local Internet breakout for the user or simply let all Internet traffic (including Salesforce) bypass the VPN. Unfortunately, building a local Internet breakout for every remote user is economically unfeasible, and the security provided by the breakout wouldn’t follow users whenever they travel away from their branch or home office where the breakout was set up. Unprotected web and SaaS traffic gives malicious actors an opening to target User 2 through a spear phishing campaign powered by social engineering to trick him into clicking on a link in a fake email, downloading malware, or unwillingly giving up his credentials.
Learn more about how the new normal is overwhelming VPN traffic.
Given a choice, most cybersecurity teams would prefer that all users were protected like User 1—behind a robust firewall that gives them the visibility and control into all data center and Internet traffic. But that’s just not realistic given today’s always-on, 24/7 world. The new normal is that an increasing proportion of users will continue to work from home or in branch offices, and organizations need to make sure everyone is protected from malicious threats such as spear phishing, ransomware, drive-bys, and zero-day attacks.
As you can see in these two use cases, consistency is the key. It doesn’t matter if User 1 is completely protected, because User 2 presents a risk. All it takes is one click in a malicious email or one compromised website, and the entire organization can be compromised. Cybersecurity is an all-or-nothing discipline. No one is protected as long as one person is vulnerable.
Menlo Security gives cybersecurity teams visibility and control over traffic that bypasses the VPN—allowing them to apply security policies reliably and consistently whether users log in from headquarters, home, a branch office, or public Wi-Fi. Menlo does this by delivering security services through the cloud. A cloud-based secure web gateway (SWG) acts as the central security control point for all traffic, providing a separate security layer through which all web traffic flows and where security policies can be applied.
Applying corporate security policies to all traffic also extends access control to Internet traffic and SaaS platforms. Security teams are able to monitor users’ web behavior and control their access to certain websites and cloud-based apps via URL filtering. Organizations may have acceptable use policies that prevent users from accessing social media during work hours, known pornography hubs, or other inappropriate content. Security teams may also want to limit unauthorized app use, such as cloud storage or file transfer sites, to boost insider threat prevention programs.
Cloud-delivered security powered by Menlo ensures consistent access policies for all users—whether they’re in the office or working remotely.
Read our new ebook, Securing the Future of Work, to learn how you and your organization can intelligently transition to this new normal.
Please do not hesitate to contact us with any questions.