As the number of mobile and remote workers has exploded over the past few years, so too have the security risks they pose. With the rise in new and blended threats that use multiple vectors of attack, these workers are increasingly vulnerable. They also pose a growing threat to the corporate network when hackers use vulnerabilities on these machines as conduits to the corporate network once these workers re-connect. Over the years, numerous technologies have been developed to address these security issues. But as the number, complexity, and severity of threats has grown, these point solutions are no longer adequate. Today, industry experts agree that the best method for securing mobile and remote machines, and the corporate networks they access via a virtual private network (VPN) or within the perimeter firewall, is an integrated, multi-level approach. This white paper describe best practices for securing mobile and remote machines and how BeyondTrust’s Retina® Endpoint Intrusion Prevention and Retina® Scan on Connect Solutions enable organizations to secure mobile and remote machines—and the broader corporate network—from today’s most sophisticated and blended threats.
Over the past few years, the number of remote and mobile workers has grown dramatically. Forrester Research reports that roughly 82 percent of large companies now have VPNs in place, up sharply from 55 percent in 2003. InStat/MDR predicts that the number of mobile workers in the U.S. will reach 103 million by 2008, while by 2009 the number of mobile workers worldwide will reach 878 million. By the year 2010, the Gartner Group predicts that 80 percent of key business processes will involve the exchange of real-time information involving mobile workers. Yet at the same time, remote and mobile machines are posing greater risks.
Organizations often assume that remote users are secure because they access the corporate network through a virtual private network (VPN). Yet while VPNs provide a tunneled connection that allows only authenticated users to access the corporate Intranet, they are not a complete, end-to-end solution. VPNs do not ensure that remote and mobile devices are free from software and configuration vulnerabilities, which could be used to propagate viruses or worms. These examples of malware are easily introduced via standard DSL or cable connections and as a result, remote machines can expose critical network assets to these vulnerabilities.
Likewise, mobile employees take their laptops home and on the road, then work from their new location in much the same way they would in the office— however now, they are without the protection of the corporate firewall. This leaves their systems exposed to viruses, worms, and other types of malware, increasing the risk that these machines will later be used by attackers to access the network illegally.
These machines eventually return to the corporate network, literally walking past the network firewall and are allowed to connect as trusted devices. If infected, a machine can easily become a conduit for introducing malicious code into the corporate environment.