Back to Blog

Everyone Is Now Remote,
NDR is No Longer Relevant

By
John O Callaghan
|
May 25, 2022

Remote working has definitively changed the world of doing business. Of course, like everything in life, some people love it and some people don’t. Every individual’s personal situation is unique and can determine whether remote working suits their lifestyle or rather impinges on it.

Remote working in the old world vs today.

Every Remote IP is a Potential Risk

To a hacker, however, a remote IP is just another window or door that they can leverage to access an enterprise. I don’t think they really care where the individuals are located as they can continue to use their dirty tools and techniques to do reconnaissance, identify weak links, gain user credentials, and move laterally across an organization’s network to disrupt business, ransom a company, steal their data, or do some espionage.

When I started to work remotely, I was delighted that the company delivered the application servers and storage devices to my home so I could access all the business apps and data I need to do my job. Ah, the joy of it! The downside, of course, is that I can barely afford living in my own house anymore due to the multimillion Euro electricity bill to keep all the servers and storage running.

Luckily, that was all a bad dream, and I can still access the applications and data either directly on the web or, for some applications, via a VPN tunnel. The VPN vendors are all driving the expensive cars these days. As the old saying goes: “One person’s problem is another’s profit.”

So, in a nutshell, the second I connect to my company’s VPN or to a SaaS application, I become a risk. One hasty, unconsidered, bad click could let the bad guys in. 

How Organizations Can Fight Millions of Weak Links

So, what do organizations need to do to combat this extended threat, where potentially many millions if not billions of weak links have been created? Remember, the pandemic forced companies to change essentially overnight, so the answer to this question is extremely relevant:

“Are you 100% confident that you have deployed remote working solutions with the required elements and levels of security to protect your end-user and your company’s applications and data?”

If you answer “hmmmmm,” then it might be time to have the good old “cyber-security gap analysis” conversation …

Here are some other twists to the story:

“Have you banned your remote users from coming into the office (when approved) and connecting to the network?”

“Have you installed x-ray machines at the door to check for USB devices containing malware in their pockets or laptop bags as they enter?”

You probably have not, so the hybrid model of working means we are bringing infected laptops or files into our corporate networks and uploading them to our file shares. A hacker’s dream!

So, now that everyone is remote, NDR is no longer relevant, right? I don’t think so.

Network

  • Networks today are more complex and more distributed than ever before, and there is exponential growth in the number of doors and windows a hacker can try to open.

 

Detection      

  • Early and speedy detection of unusual network behavior and anomalies is critical to identifying the threat and saying “gotcha” to the hacker.

 

Response

  • Fast and automated response is needed to slam that door or window shut. Hopefully on the fingers of the hacker to cause them some virtual pain by return post.

Of course, you will also require a robust endpoint detection and response (EDR) solution to take care of your users’ devices and the hosts in your network and cloud environments.

Because the weakest link is usually a human being, it is imperative that you continuously educate your employees on how to recognize a potential “dodgy” email or link. Spread the news to one and all:

“Think through before you click.”

Want to learn more?

Vectra® is a leading provider of “seriously intelligent” network detection and response solutions for hybrid and multicloud environments. Vectra does this across the on-prem networks and cloud (IaaS, SaaS, and PaaS), leveraging purpose-built, patented machine learning and AI that covers 97% of the MITRE ATT@CK network-based techniques.

 If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.