We’re in a moment of rapid change for our IT environments. As companies shift from working in an office within their controlled network to working from home, many are finding that the architectures they have in place aren’t ready for the scalability and security challenges of a decentralized workforce. There are three prominent scenarios created by this shift that have an impact on security posture:
- Unprotected devices are being used for work. Some of you may be asking your employees to use their personal laptops for work at home. Others are issuing new managed laptops that need to ramp up with existing endpoint security.
- The internet is accessed directly, without a VPN. Most VPN deployments aren’t ready to scale to an entire workforce routing traffic through them. Slowdowns and outages can cause users to turn off their VPN. Some may not be licensed for the entire workforce. In each scenario, devices will access the internet directly without the defense in depth of your managed network.
- Data going to cloud services no longer routes through the network. There has been a massive increase in the use of cloud-based tools to support meetings and collaboration for decentralized teams. With direct internet accesses, data sent to the cloud falls out of your visibility and becomes vulnerable. Sharing within the cloud and to external parties also falls outside of your visibility and control.
For many, existing security investments can be slightly augmented or scaled to cover these use cases. Others may need to quickly add capabilities. Let’s discuss how:
Unprotected personal devices
If you are asking employees to work from their personally owned laptops and mobile devices, please contact your McAfee Account Manager or email firstname.lastname@example.org for licenses to our home use security for endpoint devices. This will provide comprehensive device protection including anti-malware. Employees can download this software on unlimited devices in their household to help prevent lateral movement of attacks within their home network.
Unprotected managed devices
If you are issuing new managed devices to employees so they can work from home, we have a few options to help you easily deploy McAfee Endpoint Protection to them. First, if you have an existing per-user subscription, you are entitled to deploy McAfee Endpoint Protection to 5 devices per user at any time. If you need to add users, take a look at our getting started guide here.
Direct internet access
To protect your home-based users accessing the internet directly without a VPN, you can connect them to our cloud-based Secure Web Gateway, which is part of MVISION Unified Cloud Edge. This adds security without backhauling traffic over a VPN and can either replace or augment your on-premises secure web gateways. Existing McAfee Web Gateway customers can reuse their policy in a simple push to the cloud.
For anyone new, Unified Cloud Edge adds immediate policy control, zero-day malware prevention, and data loss prevention (DLP) for web traffic. You also gain advanced cloud application intelligence, with sophisticated usage and risk reporting for Shadow IT based on your user’s browsing habits.
Data in Cloud Services
To protect your data going into, shared within, and attempting to leave cloud services like Microsoft OneDrive, SharePoint, Exchange Teams, Box, Google Apps, Salesforce and others, your most effective control point is a direct API-based connection to the service itself, through a Cloud Access Security Broker (CASB).
The duration of this shift is uncertain. We have professional services available to help you scale out as fast as possible now. We understand the difficulty and urgency you are facing. Please take advantage of our products and offers to transition smoothly to a secure, work–from–home IT environment.
Scale Security to Employees Working From Home
McAfee has products for Endpoint Protection, Unified Cloud Edge, and CASB to help you address the security challenges created by a surge of employees working from home
For more, our Advanced Threat Research team is following attack trends targeting remote workers and has excellent information in their blog post here.
* Use of consumer products is subject to the Consumer License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Not all features may be available on all devices. See System Requirements for additional information.
About the Author