Businesses went completely remote to keep their operations running during the COVID-19 Pandemic. Organizations are asking their employees to come back to work as the Pandemic is easing. Many workers are choosing a hybrid setup in which they work a couple of days a week on site and the rest of the time on the phone. It is great for employees who need flexibility, but it has created new challenges for security teams.

Many aspects of perimeter defense and network security aren’t available in hybrid or pure work from home organizations. People, being creatures of habit, do the same things with technology regardless of where they are, and the user is the true endpoint.

DevOps Connect:DevSecOps @ RSAC 2022

Noise Over Signal

Nathan Demuth, vice president of cloud services at Coalfire, said there was an increase in noise over signal when trying to detect potential threat events. There are two factors that are contributing to this.

An increase in potential devices/endpoints accessing enterprise systems, i.e., workers now logging in via BYOD or work-issued laptops which didn’t previously exist, is especially for firms that are maintaining those same employees’ workstations at the office

Changes in traffic patterns can be a result of remote work. Workers logging in from remote areas, not just from home but also at coffee shops, hotels and their neighborhood park are included. Workers are logging in and performing activities during new time windows outside of their regular hours.

This creates a higher volume of more diverse data which security teams must first parse to detect a potential security event and minimize the percentage of false positives that distracts teams from true security events

AI and ML Solutions for the Hybrid Workforce

Bud Broomhead, CEO at Viakoo, pointed out that artificial intelligence and machine learning already play important roles in detecting and prioritizing security in both home and office environments. He said that organizations are using the technology with systems that perform anomalies, video analytic for gun detection, and facial recognition for alert purposes. Extending that use into hybrid work environments makes sense because it can address some of the unique security challenges of hybrid work environments, as well as other benefits.

Keeping business and personal systems separate from each other is one of the benefits of using artificial intelligence and machine learning. Business devices can’t connect to your home network if they’re not business-approved. All of your network can be looked at. Work files should not be forwarded to unknown email addresses by your smart refrigerator or home security system.

Individual workers home security setup is the weakest link in hybrid workplace. The weak security area needs to be shored up and reinforced using stronger enterprise-based security posture. It is possible to quickly close any security gaps when using more advanced security solutions in home environments.

Protecting Endpoints With Behavior-Based AI/ML

Behavioral analysis is more important than ever in a hybrid work environment where traditional perimeter and network defenses have all but disappeared. Your security team needs to model behaviors based on known good or bad patterns to spot malicious use, whether it is an insider threat or a stolen credentials. Taking quick action on anomalies can greatly improve security for hybrid workers.

Broomhead said that most home users don’t check for open ports on their systems. The same protections that exist in the enterprise should be used with home networks, including use of a port scanning tool to check for open ports. Should the worst-case scenario happen, artificial intelligence and machine learning can help to prevent the movement of people into the business network or other parts of the home network.

The practice of spending more than 40 hours a week at the workplace is likely to never return. Employees insist on the flexibility of at least a hybrid work setup because of the rise of remote work before the Pandemic. Threat actors are coming up with ways to get to the weakest links in the security chain. It is having.

Endpoints that are outside of the enterprise firewalls can be monitored with the help of Artificial Intelligence and Machine Learning.