Branch Office Security—Securing Your Weakest Link
Branch office security is often an afterthought as companies grow, spin out new sales offices or acquire companies in remote locations.
With the increasing incidence of malware, botnets and other malicious attacks, remote and branch offices can be attractive and opportune targets for cyber criminals looking to breach your corporate defenses.
In general, there is less physical security at branch offices because they aren’t deemed to have “important” data. But these systems, especially laptops, smart phones, and tablet personal computing devices, represent a larger threat than corporate servers on the corporate network.
Do You Know Where Your Users Have Been?
It can be near impossible for corporate IT managers to track where those remote users have been, what kind of software they’ve downloaded, where they’ve uploaded corporate data or what type of threat they may be bringing into the corporate network.
IT departments need to control where those users go within the enterprise and should create a sort of DMZ (demilitarized zone) to contain these potential threats.
At a bare minimum, branch offices should have entry-level threat management firewall devices (UTM) in place with encrypted tunneling between those branches and the main office(s). Today many breaches occur on users’ desktop or laptop computers as they browse the Internet. Even if there are no servers at a branch office, security is still an issue because those branch office PCs have access to corporate servers.
PCs and tablets should have firewall software enabled and the proper anti-virus software installed with a regularly scheduled program for updating the software.
At the next level of security, corporate IT can deploy log monitoring software also known as SIEM (System Information and Event Management), which enables the collection, storage, analysis and reporting on critical assets at all branch and remote locations. While a SIEM can detect breaches as they happen, it can’t stop the break in, but it can at least show which assets are compromised.
Ensure Security Policy Compliance
Another option is end point security and network monitoring, which requires every network device, from PC to smartphone, to comply with certain security policies and procedures before being granted access to corporate computing assets. This ensures that a minimum security level, as defined by the company, has been met before the device can gain access to company assets.
In my opinion, you should never let remote users access the corporate network without the implementation of network monitoring tools such as IPS/IDS(Intrusion Prevention System /Intrusion Detection System) for packet level inspection. These systems not only detect but actively stop break-ins.
Companies that are widely distributed have opted for a managed security service that augments existing security point solutions with 24/7 threat monitoring and analysis of all packets traversing the corporate network. The more sophisticated MSSPs (Managed Security Service Providers), the better able they are to integrate all of the data collected from point solutions, store it, analyze it and observe patterns of malicious activity emerging. An MSSP gives equal weight to all access points and all devices on the network.
"As the saying goes, you’re only as secure as your weakest link. Don’t let it be your branch office be that point of greatest vulnerability."
Learn more about enterprise security and advanced analytics at our upcoming webinar. Register here.