Network usage has shifted dramatically since mid-March, when the COVID-19 pandemic began having significant impacts in the U.S. As enterprises and government agencies cope with the impacts of abrupt shifts to large-scale telework, the use of business applications and video conferencing has skyrocketed. VPN traffic has surged. And in the meantime, cybercriminals are testing the security of remote enterprise work arrangements, in some cases by using social engineering tactics that include sending phishing emails that appear to be from corporate IT departments enabling telework.
Hardik Modi, AVP of engineering, threat and mitigation Products at NETSCOUT Systems, said that security has been the top concern that his company is hearing from customers in recent works.
“In the real world, we’re all kind of working through the new realities … that came with the wholesale switch to people working from home,” Modi said. He said that NETSCOUT has seen a ramp-up in infrastructure provisioning, particularly for remote access, such as virtual private network concentrators and the like.
“Everybody that we’re working with has been trying to strengthen their VPN infrastructure, but also further upstream are the service providers and service provisioning that they’ve had to go through quite rapidly, to accommodate new traffic,” he said. That means service providers seeing an increase in video up-links for video conferencing services, for example, or large amounts of VPN traffic.
Security concerns are high, Modi said: companies are wondering if they have sufficient provisioning, not only in terms of VPNs but in terms of resiliency and redundancy, so that infrastructure can not only provide the level of performance that remote workers need, but be able to handle potential dedicated denial of service attacks.
“There is a significant difference between having like 10% of your employees coming in over the VPN versus say, 90%,” Modi pointed out, and added that the threats that enterprise networks typically face (ransomware, theft of corporate information, and so on) have not gone away. But now security is being tested through the lens of widespread remote access.
“I still believe in user education,” Modi said. “A lot of people are shaken up by … what is happening around them. It’s definitely important that enterprises are communicating with their employees about acceptable use policies: things that they want them to do, things that they don’t want them doing on corporate equipment and, certainly, going over corporate networks.” Some of his advice on best practices involves network-level actions — such as looking into direct peering with local or regional broadband providers — and some is simple, such as not using “VPN” in host names of VPN infrastructure, to make it that much harder to target.