As the world undertakes what has been called the “world’s largest work-from-home experiment” and with over 10 million workers in the US – including government workers – now scrambling to connect to their workplace servers and infrastructure from their bedrooms, kitchen counters, and living room couches, VPN security has never been more important.
“We are all in uncharted territory at the moment,” Darren Anstee, CTO at NETSCOUT, said in a recent webinar. That’s because a large percentage of the federal workforce needs remote access to company resources, and they all needed it at once as agencies scrambled to institute work from home policies under the threat of pandemic.
And it’s a problem that extends beyond the federal workforce into the private sector, healthcare and academia. As Anstee elaborated. “It’s a big change [in the workplace]…but it’s also a big change in education,” he said, meaning that the problem goes even beyond our workplaces and into our children’s classrooms and institutions of higher learning.
All of which create a profound opportunity for malicious actors seeking to carry out DDoS attacks.
And, although DDoS attacks are nothing new, this is a new attack vector compared to what would typically need to be defended against in a pre-COVID-19 world.
Whereas DDoS attack vectors typically focus on customer-facing disruptions – denying access to public-facing websites, attempting to overpower firewalls or making application layer attacks – a DDoS attack in this environment against a VPN or virtual desktop access point effectively cuts employees off from the very applications that they need in order to work.
According to Anstee, the disruption of a usual DDoS attack is costly but ultimately does not bring business to a standstill. However, an attack against VPN or virtual desktop infrastructure at this current point in time could keep many – if not all workers – from accomplishing mission critical work. An attack like that would have truly crippling potential.
This means that agencies need to reassess organizational security assets in order to ensure business continuity, in spite of the new risks.
“We already know how to do this,” Anstee reassures us. By using existing tools – defending VPN endpoints with the same defenses and best practices that are used on the customer-facing side of a network – some of this risk is mitigated.
Anstee also made the case for how new capabilities, like NETSCOUT’s Arbor Edge Defense (AED), which slot into a DDoS defense between a VPN gateway and network’s firewall and an internet service provider router, may also be options worth considering.
So while the sudden changes in what many of us demand from the network has brought to the fore new DDoS threats, the right planning and the right capabilities exist to make sure that business – even if it’s conducted from your workers’ back patios – continues on.
To learn more about the DDoS threat to VPNs – and the specific measures that can be taken against it – click HERE to listen to a recording of the webinar. Or fill out the form below to download a complimentary copy of the NETSCOUT Threat Intelligence Report.
