Security comes in layers. That first layer of requiring a VPN can stop many types of attacks from happening.
Next layer is requiring MFA for VPN access. Then for admin access, require MFA only from approved devices on the domain.
Large banks and the DoD have been doing this for years.
The "fail often and fail fast" crew are always reinventing the wheel after bad experiences. I honestly feel sorry for them.
Security comes in layers. That first layer of requiring a VPN can stop many types of attacks from happening.
Next layer is requiring MFA for VPN access. Then for admin access, require MFA only from approved devices on the domain.
Large banks and the DoD have been doing this for years.
The "fail often and fail fast" crew are always reinventing the wheel after bad experiences. I honestly feel sorry for them.