Article originally published in TechRepublic by Scott Matteson
As a system administrator, I had quite a tech support ordeal the other day in which I found myself unable to access my company portal via the VPN connection from my home office. It took some time to get sorted out, during which the analyst I worked with apologized profusely, explaining they had had to implement some extremely rigorous security mechanisms to protect the company as nearly all of our employees work remotely.
That’s a common theme now as the pandemic continues to rage on, and entire disciplines are being implemented to address these security concerns yet also allow workers to remain productive.
I spoke to Augusto Barros, VP of solutions for Securonix, a security analytics and operations provider, to find out more about the available solutions to this worldwide challenge.
Scott Matteson: What are the challenges in dealing with prevalent threats to virtual workforces?
Augusto Barros: Security teams are no strangers to an ever-changing threat landscape. However, like the rest of the world, they were unprepared for the overwhelming onslaught of new challenges that resulted from the COVID-19 pandemic.
The SOC triad, i.e., the combination of network detection response (NDR), security information and event management (SIEM), and endpoint detection and response (EDR), traditionally enabled security teams to gain insight into threats against their on-prem environments.
However, at the beginning of the COVID-19 pandemic, companies rushed to rapidly deploy solutions to enable remote work, significantly compromising SOC teams’ visibility and access to telemetry across data sources. Not only did this render teams blind to many new and emerging threats that have resulted from this scenario, but it also hindered their ability to determine a baseline for normal user behavior.
This new reality has also challenged traditional on-premises SIEM tools, which are struggling to collect the logs from all the newly deployed solutions. This immense amount of data requires many collection changes and updated content to address an emerging and unique group of threats.