Posted on Mar 24th, 2020 by Eitan Satmary

The Covid-19 pandemic is an international tragedy. This virus has challenged our way of doing business, altered the way we work, changed our interactions with friends and communities, and disrupted economic patterns, priorities and focus. The unprecedented shift to distance working, possibly long-term, represents a rapid and dramatic change in how and where personnel perform their daily work.  Security managers such as myself are being required to quickly enable our organizations to adapt.  We must ensure the availability and security of our rapidly changing infrastructure and business services. As the CISO of a company with over 500 people, my team and I have experienced a new level of cybersecurity challenges that I imagine are magnified at larger organizations.  While the risks are not new, they have become more meaningful.

Strained Availability

Technology and market trends already underway have been accelerated overnight.   Increased demand for remote connectivity, technology and resources strained the availability and reliability of the infrastructure, threatening access to critical services needed to maintain operations and serve our customers. We  had to expand capacity quickly to ensure critical systems can withstand increases in demand and avoid interruptions in service – for example, we needed to beef up our WAN lines, expand our VPN licenses, and run a company-wide remote connectivity test all within 48 hours. Luckily, almost all of our employees had laptops and could work from home on day 1.   

Increased Attack Surface

Suddenly, we found ourselves needing to secure a different infrastructure: following our directive to work from home, we had to open and allow more outside VPN connections to our network than ever before. With more people connecting and using more applications, a remote workforce could introduce potential security vulnerabilities, in particular with respect to network access. As employees started connecting to the network from a wide array of home environments, through secured or unsecured Wi-Fi networks, our attack surface massively expanded. If the network was not correctly segmented and we had a security risk, one person working from home could introduce a potentially exploitable vulnerability. This risk was now multiplied as everyone started working from home. Any existing security vulnerability is magnified.   

Segmentation Complexity

Also, we saw a significant increase in the number of network change requests. As the number of use cases and remote workers has exploded, we had to make many network changes. For example, one day a developer was working remotely on a component of our software in a development environment. The next day she needed to work on code in a different application, which resides in a different environment – requiring new connections. We have a hybrid network environment and have needed to keep up with constantly changing connections between cloud and our on-prem environment. Increasing segmentation within our environment, which is important for security, also introduced the need for more network configuration changes as we shifted to work-from-home. We are finding that we are now constantly changing the segmentation, and then needing to make changes in the firewalls to enable connectivity. 

Take-aways

Although Tufin has more than 500 people, we are much smaller than many of the customers who benefit from our automated network policy management solution. Over the last two weeks, due to the changing circumstances, I’ve experienced some of the challenges they must face on a regular basis. On top of testing the robustness of our continuity plan, we have also had to expand capacity, review all rules and connections, improve segmentation, reconfigure access and enhance monitoring. IT departments large and small now have the responsibility to keep business running and manage risks in the process. We must balance productivity, agility and security as best we can.  Manual network security efforts are no longer practical or in many cases even possible.  Automated visibility and control of network security policies and segmentation have consistently benefitted our customers, and now I am able to appreciate these same benefits as well.  

Hopefully this unprecedented crisis will be over soon, and we can all get back to normal.

Stay safe and healthy!

Eitan Satmary

Tufin CISO