The recent pandemic has created a new work-day scenario for wide swaths of workers. Working from home is now the new normal, and this new paradigm has sprouted increased security concerns. Every security professional needs to take a step back and re-evaluate the security they have put in place for remote workers and those that work from home. So, if you’ve been thinking it is time to look at your security stance again, it is. It is never a bad time to evaluate your security stance and evaluate whether you can do better.
If you are an organization with remote workers, you have probably already put in place security measures for remote workers. Now is the time to look at and consider updating that security. As a reminder, here’s some best practices for setting up remote access. Companies should have a VPN set up to access corporate resources, and web filtering to prevent users from going to dangerous websites, and anti-malware software on the users’ systems to prevent them from getting compromised. You may even consider having some sort of device management, including the ability to wipe systems remotely and the ability to encrypt laptops. Organizations should also have training programs to help employees recognize phishing and scam attempts in addition to the security systems that recognize and block those attempts.
Those security measures cover the user’s system and behavior. There’s also a need for security for the applications and secure access to these applications. Best practices means protecting internet facing applications with a traditional network perimeter security device like a Web Application Firewall (WAF), and protecting the application itself with a runtime security solution. Applications need security to protect against common attacks like those outlined in the OWASP Top 10, and for protection against new sophisticated zero-day attacks.
During this time, we may also see additional cyber attacks as the cyber criminals are also self-isolating, and will probably have not much better things to do with their time than to devise new ways to attack your infrastructure and applications.
K2’s Next Generation Application Workload Protection Platform addresses application security needs in an easy to use, easy to deploy solution. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates no false alerts, eliminates breaches due to zero-day attacks and dramatically reduces security cost. K2 Platform can be deployed in multi-cloud or on premise and protects all applications, container workloads and Kubernetes.