The ABCs of proper network security start with A, of course. A is for Access, and it’s the basic idea that lies at the heart of any secure organization. Employees connecting to essential corporate resources shouldn’t have the same access policies, or else they all represent an equal threat to the organization’s data, and present a wide attack surface to hackers.
Just as you wouldn’t give every employee the same access privileges, configuring their security software the same way is also something to avoid. No two employees connect in the exact same way, and designing security as if they do is a mistake. That’s why we’ve recently released the newest of many layers in our multi-layer network security platform: User Configuration Profiles.
Scalable Security Starts with Configuration
Some of the most dangerous security blunders involve mismanaged software configurations, and according to a recent Threat Stack survey, over 73% of companies were able to identify at least one serious misconfiguration happening in their own networks. One wrongly-toggled setting can create wide gaps in security that aren’t easily identified, because they may not happen to every user, and because misconfiguration is a problem that doesn’t call a lot of attention to itself – unlike breaches like DDoS attacks which occur overtly.
To combat configuration mishaps, it’s important to configure each employee’s security software in a way that complements their unique situation. Legacy solutions don’t provide this capability, forcing companies to use the same configuration for all users, or they force IT teams to work manually and configure each employee on a case-by-case basis.
When creating a User Configuration Profile, you can define how the Perimeter 81 agent or web platform is configured – down to the granular details – and then assign it to a relevant user or group of users in your network. Profiles allow you to differentiate configurations for users with different roles, devices, locations, operating systems, and more, and save and reprioritize them so they can quickly be assigned to new users.
How Does It Work?
Account managers and admins can find the User Configuration Profiles tool under Settings, after logging in to the Perimeter 81 web platform. After clicking on User Configuration Profiles under Settings, you’ll see the menu where your previously-created profiles live. There will already be one Default Profile here, which includes all your users.
Clicking on the Add Profile button brings up the screen where you’ll name the profile and assign it to a predefined group of users: these are the only two fields required for your profile to be listed on the previous screen.
Below the fold, you’ll be able to tweak this profile’s configuration options for both the Perimeter 81 web platform and the agent. Specifically, configuration options include General Settings, Network Settings, and OS-Level Settings.
General Settings: Available for both the web platform and the agent. General settings include the ability to automatically log users out after a certain period of time, to connect users to a specific public gateway, to connect on launch, to enforce automatic upgrades and other basic options.
Network Settings: Only available for the agent, network settings let admins determine how and when traffic through these users’ devices is encrypted. Options like our patented Automatic Wi-Fi protection automatically activate a VPN connection on unsecured networks, while Always-On VPN cuts the internet if encryption falters, even momentarily. Other options include a VPN kill switch and the ability to specify Trusted Wi-Fi networks.
OS-Specific Settings: Another agent-only configuration option, OS-specific settings determine how users on different operating systems can connect. The central utility here is that the profile’s users are protected with a VPN encryption protocol chosen specifically for their OS, for example you can enable IPSec encryption for Mac users and WireGuard for Windows users, or any combination in-between.
Perimeter 81 customers will notice that multiple users can be assigned to one configuration profile, but also that a single user might be a part of multiple configuration profiles. With the additional ability to swap the priority of active configuration profiles, customers will enjoy newfound customization and granular control over an often underestimated element of network security.
We look forward to adding new security and networking features that further strengthen our customers against data theft. For now, we recommend you get acquainted with User Configuration Profiles, and the best place to get started is our helpful knowledge base article.