Deploy Zero Trust to reduce attack surface
Jul 07, 2021
It’s an inconvenient truth: VPNs extend the attack surface. Many of your remote employees connect to the corporate network using VPNs. But have you reviewed all of your current users’ VPN software? Have you stayed current with your VPN-software patching strategy? Are your remote employees using up-to-date software? Cybercriminals hope they aren’t.
Every user VPN connection and every VPN appliance in your corporate security stack must be maintained, updated, and upgraded each time a new security patch becomes available. As your corporate VPN footprint grows, so does your VPN overhead (and your VPN attack surface). Extending VPN access to every single remote user creates yet a new vulnerable spoke in an outdated legacy network, and another “branch office of one” around which to extend your security perimeter. Is there a way to avoid this headache? Yes, and it’s Zero Trust.
A Zero Trust architecture removes VPN service exposure to the open internet by securing the connection between the user and the application:
- Users go directly to applications wherever they are (in the cloud, on-premise).
- Applications or gateways are completely dark to any non-valid sessions.
“Going dark” brings improved security and risk management. Don’t expose the front door of your network with outdated VPN software!