blog

From a bad actor perspective, phishing is the cheapest and easiest way to infiltrate organizations and personal information
to make a profit. By nature, humans are curious and are oft en overconfident when it comes to security. Phishing is an even greater threat for mobile users, too. Without key visual cues, like the ability to hover over a link to determine its destination, it is much easier for a user to make the simple mistake of clicking a bad link and falling victim to a phishing attempt. The popularity of social media has also made it much easier for hackers to find valid email addresses and research users’
life activities to create sophisticated, tailored phishing attacks.  From a security perspective, there are typically three approaches to solving the phishing problem – email security gateways, web proxies and security training awareness – but each has its own limitations.

Tags: phishing, email attachments, anti-phishing, phishing prevention, Google Docs email scam, email threats

Cyber threat actors have gotten smarter--or lazier--depending on your perspective. It used to be fairly
common for attackers to spend days or even weeks probing targeted networks for vulnerabilities to
exploit. Once identified, they would break down traditional cybersecurity defenses around the network
perimeter and steal as much information as they could, or cause as much chaos as possible, before the
hole was patched and they were shut out.

Today, threat actors are much more subtle. Instead of trying to break down the castle walls, they simply
steal the keys and stroll through the front door. By tricking users into willfully giving up their credentials
through spear phishing, threat actors can simply remain undetected for days, weeks or even months until
the time is right to execute their mission-- to extricate data, hold systems hostage, spy on users or all of
the above.

Is this lazy or creative? Depends on who you ask, maybe it’s a generational thing.

Tags: email threats, security breach, ZeroTrust Internet, Secure Web Access

 On the Serengeti, wildebeest have survived for millennia by using a simple strategy: safety in numbers. It’s great for the species, but each animal can only hope that another one will take one for the team.  

 

Tags: browser-based attacks, remote browsers, cyberattacks, isolation platform, trust, "risky web", safe web

Half of the web is vulnerable to malware, as we measured recently in our State of the Web research report, making it clear that merely visiting a legitimate web site is risky.

Tags: malware, cybersecurity, phishing, isolation, security, ransomware, credential theft, malware vulnerabilities, cyber theft, security strategy, anti-phishing, cyber threats, Google Chrome, bitcoins

Users must recognize that they are taking a significant risk when connecting directly to the Internet. The new Menlo Security State of The Web report reveals that nearly half (46%) of the Internet’s top 1 million web sites, as ranked by Alexa, are risky.  

Tags: malware, cybersecurity, blog, isolation, malware vulnerabilities, cyber theft, security strategy, anti-phishing, state of the web

I was in Singapore last week attending GovWare, speaking at the event and also meeting a number of customers and partners. Land of eternal summer, I think the lows were in the high 70's which made my morning runs, huh, interesting. Isolation is not a new concept here in Singapore, as the government pulled out 100,000 computers (de-linked) from the Internet to avoid any malware contamination. The government personnel are given dedicated kiosks (black computers) from which they can access the Internet, but that's about it. This is an extreme form of Isolation, while 100% safe, is also at cross-roads with user experience. But this has been the history of Isolation though. We've always been forced to trade off between security and user experience. Security by shackles.

Tags: phishing, ransomware, singapore, govware

I was in New York last week at an all-day event co-hosted with Skyport Systems at the Microsoft Briefing Center in Times Square. The day was filled with analyst briefings, a panel on “Is Active Directory a blindspot for CISO’s” followed by my talk on ‘Eliminating Ransomware with Isolation’ to the OWASP New York chapter. During the course of the day, I heard Isolation being mentioned so many times in different contexts. The gist of it is most people innately understand what Isolation is and how it can really improve the security posture of organizations. The real challenge (which we've solved) is can we do Isolation without affecting user experience?.

Tags: security, enterprise, risk, productivity

As part of our continued global expansion, I spent a week down-under visiting customers and partners hopping between Sydney and Melbourne. As soon as I got to the hotel, I stepped out for a fantastic run (of course!) along the Sydney-Harbor bridge and Opera House, followed by climbing several flights of stairs to kill the jet lag. Joy of being an ultra runner! Anyways, It was fantastic to meet customers to talk to them about the benefits of Menlo Security Isolation Platform. The story is much like everywhere else. People are tired of layers and layers of security products that ultimately act like a sieve letting malware through. Spear-phishing and Ransomware are major current threats that enterprises just can't stop.

Tags: malware, cybersecurity, australia, secure web gateways

If you are not familiar with March Madness, it's the single-elimination basketball tournament played each spring in the United States, currently featuring 68 college teams. It's one of THE most famous sporting events in the United States. As we head into the Sweet Sixteen bracket, we thought it might be prudent to analyze the Top 10 sports sites in the U.S. based on the Alexa ranking. These sites are the most visited around this time with sports fan checking out the bracket to see if their favorite team is advancing to the next stage. The real question is, can these sites be a prime target for malware and ransomware?

Tags: malware, vulnerability, top-sites

 

It's that time of the year when those of us in the security industry look into the crystal ball to figure out what the year ahead looks like. Before I take a crack at what's going to happen in 2016, I thought it might be useful to reflect on my last year's predictions and see where they stand. Back in January this year, I had three things that I was predicting, two of which have come true. Hey, that's a pretty good hit rate in fortune telling.

• Increased Malware Attacks over SSL
• Malware Infiltrates the IoT
• Increased Scrutiny on Securing Containers

Tags: ssl, cybersecurity, predictions, fitbit