As companies enter the fourth week of the global work from home experiment due to the COVID-19 pandemic, many IT managers and corporate leaders have naturally been concerned about the challenges of securing employee’s access to the corporate network.
Virtual Private Networks (VPNs) have been touted by some as a solution to this challenge. VPNs encrypt a user’s web traffic and send it through a private connection to the corporate network, allowing employees to access corporate data and applications with some measure of security and privacy.
Today, however, due to the proliferation of cloud-based applications like Office 365, SFDC, Google Drive, and others, it is uncommon for organizations to rely solely on VPN-based access to corporate resources. Instead, VPN is usually used to access just a small subset of internal corporate platforms, leaving remote users unprotected when accessing these cloud-based applications, and exposed to threats on the internet.
Furthermore, VPNs may not provide the level of security that’s necessary in today’s threat environment. According to a recent alert issued by the US Cybersecurity and Infrastructure Agency (CISA), malicious cyber actors are finding and targeting vulnerabilities in VPNs as employees increasingly use them for telework amid the pandemic. And since VPNs are considered 24/7 infrastructure—that is they are always on to facilitate secure connection to the enterprise network—organizations are less likely to keep them updated with the latest patches. Finally, since many VPN providers charge by the user, many organizations may have a limited number of VPN connections available, meaning that any additional employees can no longer telework or securely access corporate data.
In this environment, one of the best and most cost-effective ways enterprises can secure such a large-scale tele-workforce is by using DNS as a first line of defense. Every connection to the internet goes through DNS—those working from home are typically using either public DNS or DNS provided by their internet service provider, both of which seldom do security enforcement on DNS. Companies are increasingly interested in implementing secure DNS services that can quickly start protecting their remote workforce per a recent CSO article.
Infoblox recommends using secure DNS services, like BloxOne™ Threat Defense, that can extend enterprise-level security to teleworking employees, their devices, and corporate networks, no matter where they are located.
BloxOne Threat Defense:
- Uses DNS as the first line of defense to detect and block phishing, exploits, ransomware and other modern malware by preventing teleworking employees from accessing malicious websites;
- Blocks access to objectionable content restricted by policy;
- Uses unique patented technology to prevent data from being exfiltrated using DNS and keep sensitive data secure; and
- Monitors for advanced threats, including the rise of lookalike domains.
BloxOne Threat Defense can be deployed on teleworking users’ devices from the cloud, and is easy to manage. It securely redirects users’ DNS to the Infoblox cloud for anytime, anywhere protection and monitoring.