When
it comes to the workplace, we are office-bound no more. While it still may seem
counterintuitive, most work today actually gets done (at least some of the
time) from remote locations, not company offices. Whether from home, a
co-working space, or an airport, subway, hotel, or Starbucks, employees and
contractors alike can be found working virtually for a good chunk—or all—of
their workday from public settings. 

How
does this reality affect enterprise security? Traditionally, the enterprise approach
for working beyond the perimeter has relied on a virtual private network, or
VPN. Yet while VPNs are the most common solution for enabling remote workers to
access the corporate network and the data that resides on it, the shifts
mentioned above have rendered them outdated when it comes to security. That’s
because the idea was based on the assumption that users on a local network could
be “trusted,” which resulted in a sizable attack surface being left vulnerable
to potential attackers. 

Undefended

One
type of well-known security threat in the enterprise environment that VPNs are
ill-equipped to defend against are called Man in the Middle (MITM) attacks. In
this worrisome security breach, a cybercrook positions himself or herself in a dialogue
between an application and a user. Yet despite the perpetrator’s malintent—which
is usually either to listen in on a conversation or pretend to be one of the
people in the exchange—it looks to the user as though everything is perfectly normal. 

As
explained in International Journal of Data and Network Science, the purpose of a MITM
attack might be to “take individual information, for example, login
certifications, account points of interest and charge card numbers. Targets are
normally the clients of financial
applications, SaaS businesses, web-based business locales and other sites where
logging in is required. Information obtained during an attack could be utilized
for many purposes, including fraud, unapproved support exchanges or an unlawful
watchword exchange.”

Network-based Man in the
Middle attacks result from weaknesses in the network communication framework,
where network traffic is intercepted by the hacker instead of the assigned
router. At this point, the hacker transmits spoofed Address Resolution Protocol
Messages to any open LAN, oftentimes in airports, coffee shops or hotel lobbies.
These altered transmissions are designed to persuade network administrators to upgrade
routing data, enabling the MITM attacker to falsly notify users that the correct
MAC address for the location’s IP address will be located on the hacker’s computer. 

VPN vs. SDP Against
MITM

Conventional
VPN solutions can defend against MITM attacks on the public wifi; they can send
network traffic via an encrypted tunnel as protection. But VPNs often use a
split tunnel to save money and reduce latency. They send private data-center
traffic over the VPN, while sending web traffic out directly and leaving
endpoints vulnerable. Another problem with VPNs is that they are generally not
used all the time; users activate them when they need access to the enterprise
network, but the rest of the time they use the internet without the VPN,
significantly increasing the risk of a breach. Finally, VPNs do not offer
zero-trust security, therefore, potential attackers have broad access to
network resources.

A
more effective solution to better defend against MITM attacks is a software-defined
perimeter (SDP) that includes “always on” security, which secures both network access and web traffic. Such SDPs
offer a dependable security framework by encrypting all traffic from the user
device, whether it’s going to the data center, the cloud, or the web. By micro-segmenting
enterprise network access, SDP solutions reduce the attack
surface compared to VPNs.

Advanced,
cloud-native SDPs are built around a zero-trust architecture that provides each
user with a unique, fixed identity for one-to-one network connections. These are
dynamically created on demand between the user and the specific resources that
he/she needs to access. No access is possible unless it is explicitly granted
and any access that is granted is continually verified at the packet level.
Once data centers, clouds, and branches are onboarded to the SDP, policies
define what is visible to authenticated users.

In
contrast to the old “trust but verify” approach, the new way of thinking is
based on never trust, continually verify, as well as minimizing access to a
company’s resources with dynamic micro-segmentation. Given the growth in the
sophistication and impact of MITM security attacks, IT organizations must move
quickly to adopt this new security model. Many will find that the optimum place
to start is where the current security model has the greatest weaknesses –
remote access – and look into replacing VPNs with a zero-trust Software-Defined
Perimeter.

With VPNs less able to protect IT resources and applications
migrating to the cloud, SDPs are emerging as the superior alternative to
traditional VPNs in helping to prevent MITM attacks. By allowing organizations
to standardize remote access security for all users while reducing the risk of potential
attacks, zero-trust
SDPs offer a compelling new paradigm for remote access.