Using AI/ML to Secure the Hybrid Workforce

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid setup—working a couple of days a week onsite and the rest of the time remotely. This is great for employees who want or need that flexibility, but it has created new challenges for security teams.

“The fundamental problem of hybrid or pure work-from-home organizations is that many aspects of perimeter defense and network security aren’t available,” explained John Bambenek, principal threat hunter at Netenrich. “The user is the true endpoint and people, being creatures of habit, do the same things with technology regardless of where they are.”

Noise Over Signal

For an organization adopting a hybrid workforce, there is an increase in ‘noise over signal’ when trying to detect potential threat events, said Nathan Demuth, vice president of cloud services at Coalfire. Demuth added that there are two main factors contributing to this.

“Architecturally, a hybrid workforce translates to an increase in potential devices/endpoints accessing enterprise systems, i.e., workers now logging in via BYOD or work-issued laptops which didn’t previously exist; especially for firms that are maintaining those same employees’ workstations at the office in parallel,” Demuth explained.

Second, remote work means changes in traffic patterns. This includes situations like workers logging in from remote IPs—not just from home but at coffee shops or hotels or their neighborhood park. Also, workers are logging in and performing activities during new time windows outside of their formerly regular work hours.

“Together, this creates a higher volume of more diverse data which security teams must first parse to even detect a potential security event and minimize the percentage of false positives (noise) that distracts teams from true security events (signals),” said Demuth.

AI and ML Solutions for the Hybrid Workforce

AI and ML already play important roles in detecting and prioritizing security in both office and home environments, Bud Broomhead, CEO at Viakoo, pointed out. Organizations are using the technology with systems that perform anomaly detection, video analytics for gun detection and facial recognition for intruder alerts, among many other examples, he said. Extending that use into hybrid work environments not only makes sense because it can address some of the unique security challenges of hybrid work environments; there are additional benefits, as well.

“In a hybrid work environment AI and ML can provide additional benefits in keeping business and personal systems separate from each other,” explained Broomhead. “For example, business devices can only connect to business-approved subnets on your home network. AI can examine connections all across your network.” In other words, your smart refrigerator or your home security system shouldn’t be downloading work files and forwarding them to unknown email addresses.

The weakest link in hybrid workplaces is individual workers’ home security setup. Organizations need to shore up the weak security area and reinforce it using the stronger enterprise-based security posture. More advanced AI/ML security solutions already used in the enterprise can help quickly close any security gaps when deployed in home environments.

Protecting Endpoints With Behavior-Based AI/ML

In a hybrid work environment where traditional perimeter and network defenses have all but disappeared, behavioral analytics are more important than ever. Your security team needs to model behaviors based on known good or bad patterns to spot malicious use, whether it is an insider threat or stolen credentials, said Bambenek. Fast anomaly detection—and taking quick, AI/ML-driven action on them—can significantly improve security for hybrid workers.

For example, said Broomhead, most home users do not regularly check for open ports on their systems or how those ports are being used. “With work-from-home blurring the lines between a person being compromised versus a business being compromised, the same protections that exist in the enterprise—like automated AI/ML solutions—should be used with home networks, including use of a port scanning tool to check for open ports,” Broomhead added. And should the worst-case scenario happen and threat actors breach a vulnerable device, AI/ML can help to prevent lateral movement into the business network or other parts of the home network.

Global workforces will likely never return to the practice of spending 40+ hours a week at the worksite. Remote work was on the rise before the pandemic and now employees insist on the flexibility of at least a hybrid work setup. Threat actors know this, and they are coming up with ways to reach the weakest links in the security chain. Having

AI/ML monitoring behavioral analytics and offering other security detection capabilities decreases the risks involved with having endpoints that, at least for part of the week, are outside the enterprise firewall.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This … Read More