April 13th, 2022
Challenges and solutions for securing distributed, remote, and hybrid workforces
Christopher Luft
The world has changed. The COVID-19 pandemic has dramatically increased the number of teams that are working with a remote and distributed model. This change is a welcome acceleration of what many feel would have been the eventual outcome of our digital future. With this new model comes a new and changing set of security challenges.
LimaCharlie’s Security Infrastructure as a Service (SIaaS) approach allows security professionals to build and consume dynamically in order to adapt to any changes the future holds. Using security fundamentals and our scalable infrastructure, teams can reliably build solutions for the type of convoluted attack surface that modern organizations foster as a by-product of staying competitive in a rapidly changing world.
The following outlines some of the new challenges that security teams have come up against in the last few years and how LimaCharlie provides easy solutions.
Life in the Cloud
Organizations are undergoing a one-way migration of their infrastructure and internal process to the cloud: racking and stacking servers is quickly going the way of the dinosaur. For long-established cybersecurity companies (“the big ones”) cloud was an afterthought. The foundations they had built their businesses upon had to integrate and adapt after the fact in order to stay relevant and able to offer services in the cloud.
LimaCharlie was born in the cloud and we are building towards the future. We offer unparalleled detection coverage in the cloud through several technologies. The LimaCharlie Adapter, available as an open-source project, comes ready to run detections in real-time against logs and telemetry for all of the following:
1Password Event Logs
1Password API
AWS S3
AWS Cloud Trail Logs
Azure Event Hubs
CarbonBlack EDR
Google Cloud Pub/Sub
Google Cloud Platform audit logs
Native Windows Event Logs
Office 365 API
STDIN
Syslog
Text/JSON logs
And because it is an open-source project with solid documentation and a thriving community, you can literally build this capability for any technology platform.
One of the other benefits of building with LimaCharlie is that users retain total control over their data. If there are compliance requirements, for which our 1-year full and searchable telemetry storage is not enough, you can send your data wherever you want. This freedom allows organizations to easily send all security-related telemetry into long-term storage to fulfill compliance obligations. It also means that you can save huge amounts of money by only forwarding relevant types of telemetry into cost-intensive services like Splunk, while saving the bulk in cheap cold storage.
BYOD
This will not be news to anybody that works in a larger organization: a tight labor market combined with the move to working from home is making it harder to enforce the use of corporate hardware. Employees want to use their own devices on their own terms. They have their favorite operating systems and workflows that they have developed over their careers. Trying to enforce centralized IT policies will inevitably push employees towards shadow IT. Instead of engaging in a never-ending battle, wouldn’t it make much more sense to provide a low-friction security solution that allows employees to work with whatever tools they want?
The approach taken needs to be measured against the threat but LimaCharlie puts all options on the table with the highest EDR platform support industry-wide: all versions of Windows back to XP SP II, all versions of Linux, and Intel & ARM macOS. The EDR can also be deployed as a Docker image or as a privileged container in Kubernetes.
The LimaCharlie EDR agent is written in C and then compiled for each of the platforms on which it runs. Because it is the same agent running on every platform there is a common data format and feature parity (with a few exceptions for platform-specific functions) making it possible to deploy a common set of detection and response rules across all devices. Protect your organization against internal and external threats. Take action directly on any device: access the file system, run an executable or isolate the host from the network (while maintaining a line of control). All actions can be performed programmatically as part of a response action or manually by an operator via the web application.
Workers on the move
Most people don’t like working at a desk for most of the day every day of their lives. With remote work becoming the norm, organizations are starting to see large portions of their employees taking advantage of co-working spaces, coffee shops, and other public spaces to keep their days stimulating. These insecure internet access points pose a real threat. Bad actors can hijack DNS, sidejack applications, capture logs of user activity, and perform Man-in-the-Middle attacks. Security teams that want to build defenses against insecure internet access points can deploy LimaCharlie’s Secure Access Service Edge (SASE). This software-defined networking technology allows defenders to create secure connections to internal resources based on the identity of the device regardless of client location. It is a microsegmentable virtual private network that allows your team to work from anywhere without compromising security.
Parting words
LimaCharlie is an approach to cybersecurity built for an industry that is growing up. An industry for which magic black-box solutions just don’t cut it anymore. By making a small investment and learning this platform you can ensure that you will be able to achieve a solution for whatever security problem you are trying to solve, now and in the future.
If you have any questions, please reach out and say hello. We love talking to people and are always happy to do a technical demo. If meat-space is not your thing you can always go kick the tires with our full-featured free tier of two sensors.
You can book a technical demo here: Book a demo
Or sign up and get started here: Sign up