Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Jun 18, 2019
Share this article
Last month, Microsoft issued 79 patches and among these patches was one for an old Windows XP operating system, which was officially abandoned by Microsoft 5 years ago. The last time Microsoft released an update like this was months before the WannaCry ransomware attacks of 2017 wreaked havoc. Even Microsoft warned of the similarities with Simon Pope, director of incident response for the Microsoft Security Response Center writing, “Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
Windows users who have updated to Windows 8 will not be affected, but there are many who have not installed the patch. In fact, there are still nearly a million Windows XP users who are at risk. While the obvious explanation is to patch the vulnerability or update their systems, many of these users are not going to go the extra lengths to seek out the patch and install it on an old computer. Enterprises are especially a cause for concern. For many of the businesses running Windows XP, these patches and updates aren’t considered a priority, or due to operational obstacles, the patch is not always easy, and can sometimes interrupt critical processes.
Without the patch however, attackers have many ways in which they could exploit the vulnerability: malware and phishing included. Instead, users can protect themselves from ever downloading any malware in the first place by adopting a Zero Trust Internet. This can be achieved with Internet isolation, which removes the browsing process from the desktop and moves it to the cloud, effectively creating an “air gap” between the Internet and enterprise networks. Internet isolation separates an enterprise network from the Internet so that attackers can never gain a foothold and therefore, malware is kept off of end points. Additionally, Internet isolation never disrupts the user experience and web pages look identical to how they would normally only there is zero risk of malware exploiting vulnerabilities. All email and web traffic goes through this isolation layer where the content is visible but never actually downloaded to the endpoint. This new way of thinking about security, gives organizations the freedom to patch when it is convenient for them and not have to worry about the severe consequences.
To learn more about how cybercriminals are exploiting traditional measures of trust on the web, please download our State of the Web First Half 2018 report and for more information on Menlo Security’s Isolation Platform and to better understand the business case for web isolation, please download our Business Case Web Isolation white paper.
Posted by Menlo Security on Jun 18, 2019
Tagged with Email Isolation, Isolation, Ransomware
Threat Trends & Research
To talk to a Menlo Security expert, please complete the form.