Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with U.S. and international partners, published a joint report, Modern Approaches to Network Access Security, that urges organizations to move toward more robust security solutions such as Secure Service Edge (SSE) and Secure Access Service Edge (SASE) that provide greater visibility of network activity. While this report does not cover the planning, architecture, or adaption needs for shifting to these solutions, it does call for organizations to shift away from traditional broad remote access deployments and provides best practices to help transition to modern solutions, such as SSE and SASE. Organizations are encouraged to carefully assess their security posture and perform a risk analysis before implementing any/all solutions to determine if these approaches fit their organization. Both information technology (IT) and operational technology (OT) network protections are provided in this report that covers a spectrum of network sensitivities and worst-case consequences of compromise. This report will help organizations better understand the vulnerabilities, threats, and practices associated with traditional remote access and VPN deployment, along with the inherent business risk posed to an organization’s network by remote access misconfiguration. Aligned with CISA’s cross-sector cybersecurity performance goals (CPGs), the best practices in this report will also help guide leaders with prioritizing the protection of their remote computing environment security while operating under the fundamental principles of least privilege.

See Original Post