Your VPN is Only as Strong as Its Least Secure Endpoint


If you are like most companies, your corporate VPN is a critical part of your infrastructure—and it’s getting a heck of a workout. Thirty-seven percent of all workers in the U.S. now telecommute. Even if your workers are in a more traditional office, many of your employees will be traveling at any given moment. You might even have remote offices in other countries. With so many remote workers taking up bandwidth on your VPN, how do you audit their devices?

The concept of BYOD is busily colliding with the concept of VPN. Seventy-four percent of companies now incorporate BYOD policies—and yes, BYOD absolutely makes VPNs less secure. Sure, you have trust in your VPN and some level of safety in knowing only those set-up to use your VPN are actually connecting. As for the devices that your users are using to connect, however, it’s impossible to know if their configuration makes them insecure.

Download: The 802.1x Sting Whitepaper Now!

Let’s face it—once a corporate or BYOD endpoint leaves the security and control of your network, it is no longer available for you to scan, health check, validate or update. You don’t know where it has been, who it’s been with and most importantly how it might have changed. Yet, you welcome it to rejoin your company network at any time from anywhere via your VPN—after all, you trust the user and they have the authorization to use the company VPN, what could go wrong?

A Compromised VPN Could Be a Ticket to Your Worst Nightmare

Here’s a doomsday scenario: you could lose millions of dollars. Not from customer lawsuits (as in the case of most data breaches), or in reputational damage. You could have money stolen from you directly. This was the case when hackers used malware known as the Carberp Trojan to steal over a billion dollars from various banks over a three-year period.

Essentially, the attackers were able to use their malware in order to compromise the computers of trusted bank clerks. This malicious software allowed the attackers to remotely control computers in a manner similar to helpdesk software such as Teamviewer or LogMeIn. Because the clerks’ computers were already logged into the bank’s trusted network, the attackers had no difficulty rooting around and transferring billions of dollars into their own accounts.

You Can’t Trust Users with the Security of Their Own Devices

Did the Carberp attackers have much difficulty compromising administrators at those big banks? They did not—they used simple phishing attacks, which one in every three users will fall for, according to the 2016 Verizon DBIR. Even if you’re relatively confident that your users won’t be fooled, Murphy’s Law will go after you in any way it can.

Maybe your users disabled their firewalls. Maybe while traveling the anti-virus has not been updated. Maybe device encryption was disabled. Any number of things could change at a device level that would make the device a risk to your company. Any of these vulnerabilities leave the endpoint vulnerable to takeover, and could allow attackers to spread malware or intercept communications over your private network.

Choose an Intelligent Gatekeeper for Your VPN

Portnox CLEAR picks up when a device is no longer in the grasp and control of your company network and tools. An easy-to-deploy cloud solution, Portnox CLEAR maintains continuous real-time awareness of a device whether it’s on or off your network. CLEAR is always aware of the current risk posture of a device, and keeps constant tabs on the firewall, antivirus, patch level, and more.

Most importantly, CLEAR is not just aware—it’s active. VPN access is only permitted to devices who have a sufficiently low risk profile, based on the monitoring above. It’s no longer okay for any device that has VPN access to connect—with CLEAR you now have the added security knowing the device connecting is still in compliance. What’s more, CLEAR can prevent lost or stolen devices from accessing the private network by implementing two-factor authentication for VPN connections at no additional cost.

With CLEAR, you can let your devices travel, let them work from home, visit Starbucks, and attend seminars—and let them connect back via your VPN with the security, trust, and awareness Portnox CLEAR provides.

Start your CLEAR Free Trial Now!

Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!