Nimble but Smaller FSIs Adapt to Change Quickly, but Have Fewer Resources
Not every financial service institution (FSI) is the size of a global bank with hundreds of thousands of workers. Frequently, boutique investment firms, insurance providers, and regional or local banks have only a fraction of the workers of their larger counterparts.
Read More
Tags:
financial services,
remote access,
VPN,
split tunneling,
FSI
FSIs Are Under Siege
Large financial services institutions (FSIs) supporting thousands of workers have had to accelerate their plans for remote working since March 2020.
In our conversations with FSIs during that period, various themes have emerged that tell a story of an industry at war on multiple fronts and why their security strategies against cyberthreats might not be enough.
Read More
Tags:
banking,
financial services,
deployment,
speed,
fast
Targeting People, Not the Infrastructure
Historically, many cyberattacks tended to be technology-focused and required specialized knowledge to expertly fool a network into believing the attacker was an authorized user. Spoofing, man-in-the-middle (LAN or Wi-Fi), DNS, and other attacks require actual skill (and a bit of malice) to properly execute.
Read More
Tags:
phishing,
isolation,
email isolation,
link isolation,
link wrapping
Isolation for Zero Trust Phishing Protection
Phishing sites frequently evade web and email filters because of the inability of secure gateways to detect new phishing websites or categorize them properly. According to Menlo Labs, web and email gateways wrongly categorize 10-15 percent of malicious websites as safe.
Read More
Tags:
phishing,
isolation,
URL,
email filtering,
zero trust
Large Groups of Isolated Users Shrink Your Exposure Surface
Enterprises frequently acquire an isolation solution (with Menlo for remote browser isolation) for groups of users, such as VIPs, rather than their entire workforce. While this strategy insulates VIPs from malware attacks, it assumes that only VIPs have access to potentially crippling information.
Read More
Tags:
phishing,
isolation,
Incident Response,
API,
logging
Inadequate Security Policies with Uncategorized Sites
The challenge most email gateways face is how to protect against URL-based threats that exist within a “danger zone”— the period when phishing sites are allowed to sneak into the network as uncategorized sites.
Read More
Tags:
phishing,
email isolation,
uncategorized sites,
URL,
email filtering,
danger
The Still-Active Zero-Day Exploit Threatens the Frequently Vulnerable JavaScript Engine
Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380.
Read More
Tags:
malware,
isolaton,
Internet Isolation,
Active-Threat,
CVE-2020-1380,
Zero-Day Attack,
Internet Explorer,
IE
Manage Shadow IT and Stop Data Loss Through Cloud Apps
Cloud Apps Are a Point of Attack
Protecting workers is a challenging task—for example, 29 percent of all attacks leverage legitimate cloud services to launch an attack. Once an attacker is inside the network, they can use the same cloud app to siphon or exfiltrate valuable information out of the organization.
Read More
Tags:
Cloud DLP,
Application Control,
app security,
cloud app,
cloud applications,
Cloud App Isolation,
CASB,
Cloud Access Security Broker,
cloud application security,
casb isolation,
Isolation, Cloud-based Isolation,
cloud security,
DLP
Introducing cloud-based data loss prevention with Menlo Security
Safeguarding Internet access is a significant problem for most businesses. In a recent Verizon Study, 6.2 percent of all data breaches result from browser-based attacks. These attacks, including watering-hole and drive-by downloads, can be costly and might lead to massive damage to an organization’s reputation.
Read More
Tags:
web isolation,
Cloud Proxy,
SaaS Cloud Security,
Endpoint Access
Bad actors never rest
Creating legitimate-looking fake communications from Google or Microsoft is easy and inexpensive. Novice attackers with little or no coding experience can purchase phishing packs on the dark web that they can customize and then send emails to specific targets based on social engineering intelligence. Free and compromised accounts can also be used as an attack vector , hosting documents that contain malware or links to fake web forms or other malicious sites.
Read More
Tags:
email attachments,
email threats,
malicious links,
Isolation Core