Menlo Security Cloud Security Platform receives FedRAMP® Authorization
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Eric Schwake | Jan 04, 2022
Share this article
Zero-day exploits have been all over the news in recent years, and several foreign governments have been accused of enabling attacks on vulnerable network infrastructure in the U.S. and the European Union. Most recently, a critical Internet zero-day was discovered in Log4j, a Java library for logging error messages in applications. Given the library is developed by the open-source Apache Software Foundation, this is a ubiquitous piece of software, meaning the flaw likely impacts millions of computers.
But what exactly is a zero-day exploit, how does it work, and should you be concerned? It’s time to answer those questions and share what you can do to protect your organization from these types of web threats.
A zero-day exploit is the result of a threat actor taking advantage of a previously unknown vulnerability in software, firmware, an operating system, a web application, a website, or a Software as a Service (SaaS) platform. The end goal is to download malware onto a device that can then deliver ransomware, crash the hard drive, or spread across the network in search of other vulnerable targets.
Let’s use the SolarWinds breach as an example. This major cybersecurity attack, believed to have been conducted by Russian nation-state threat actors, used a zero-day exploit to gain access to corporate and government systems and data in the U.S. and the European Union. The attack used a backdoor in a SolarWinds library to insert malicious code into legitimate software updates for the company’s Orion solution. This enabled the attackers to forge new tokens that gave them trusted and highly privileged access to networks. High-profile victims included Microsoft, cybersecurity vendor FireEye, and the U.S. government. In addition to the theft of data, the attack forced more than 30,000 SolarWinds customers to check to see whether they had been breached, requiring them to take systems offline and undergo months-long remediation procedures as a precaution.
Attackers spend an enormous amount of resources to reverse engineer popular technology products so they can identify and exploit vulnerabilities in the code. Many of these hacker groups are sponsored by foreign governments that provide protection and, in some cases, financial support. A particularly effective target is networking software that provides remote administrative access to critical infrastructure.
By definition, zero-day exploits are difficult to detect. If they were identified, then the vendor would simply patch the flaw. These exploits are unknown until they are known. Most vendors rely on white hat hackers to identify vulnerabilities in their software, tell them about it, and give them a chance to fix it. Black hat hackers don’t operate under the same code of ethics. If they find some code they can exploit, they’re likely to keep it a secret until they can benefit by either utilizing the vulnerability or selling it on the black market. Because of this, legacy detect-and-respond cybersecurity solutions that are based on known intelligence are ill-suited for this type of attack. You can’t detect something you have no knowledge of.
Honestly, not much. It certainly helps to do business only with vendors you trust are keeping their solutions secure. But even the most hardened code has its vulnerabilities. The best thing you can do is simply make it impossible for threat actors to gain access to your users’ devices. As the workforce continues to decentralize, it’s more critical than ever to protect your highly distributed infrastructure through a Secure Web Gateway (SWG) with web isolation technology.
A Secure Web Gateway, or SWG, powered by isolation technology has the standard controls for web traffic, such as blocking known bad sites and providing acceptable use policies. When coupled with isolation technology, this SWG creates an abstracted layer in the cloud between your users and the Internet. Code on websites, web apps, SaaS platforms, and other web content is fetched and executed in a remote browser in the cloud rather than on end devices. Without access to the web browser, threat actors have no avenue for uploading malicious content to users’ devices – even if a vulnerability exists. This shuts out malware and ransomware without blocking legitimate web content or impacting user productivity.
Posted by Eric Schwake on Jan 04, 2022
Tagged with iSOC, Solarwinds, Vulnerabilities, Zero-Day
Threat Trends & Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.