Named a Visionary in Gartner Magic Quadrant for Secure Web Gateways (SWG)
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Share this article
Not all vulnerabilities are created equal. It’s true. In a perfect world, organizations should be able to patch every vulnerability on every client immediately. But we don’t live in a perfect world. Some vulnerabilities pose a much greater risk to the organization than others and should be prioritized.
Zero-day browser vulnerabilities are one of those critical threats that should be fixed as soon as possible. Given the pace of today’s cloud transformation and the changing nature of work, browsers are the most used application in the modern enterprise. According to Microsoft, Office 365 is now used by one in five corporate employees worldwide.
So when Microsoft and Firefox both recently issued alerts about new vulnerabilities in their respective browsers, enterprises should have paid attention and done everything they could to patch any affected systems throughout the organization.
Microsoft’s advisory alerted Internet Explorer users to a known vulnerability in the browser’s scripting engine and admitted that a patch was unlikely before next month’s Patch Tuesday release. Perhaps ironically, the announcement came just days after the company ended support for Windows 7. In the meantime, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned users that attacks targeting the vulnerability have been detected in the wild.
Since these alerts, Menlo Security has seen more than 7.7 million browser sessions using vulnerable versions of Firefox—the majority of which are in Asia, followed by the Americas and Europe. Thankfully, all 7.7 million of those browsing sessions run through the Menlo platform resulted in zero breaches—regardless of whether the browsers had been patched or not. The same is true of Internet Explorer users. No browsing sessions run through the Menlo platform have resulted in a breach.
This level of protection is by design. The Menlo Security Secure Internet is built on an Isolation Core™ and employs a Zero Trust Internet strategy that assumes that all web traffic is risky. The global web proxy blocks known malicious sites and isolates everything else in a remote browser in the cloud. It doesn’t matter if there’s a known or unknown vulnerability. No content—whether it is malicious or not—is executed on an endpoint browser, where it could potentially do serious damage.
Why would you ever bet your organization’s security on the ability of software vendors to detect and inform you of vulnerabilities, and your IT security team’s ability to quickly identify and patch affected systems? Wouldn’t you rather just know that you were protected at all times—regardless of vulnerabilities and patch state? Seems like an easy decision.
Contact Menlo Security today to learn how we enable a Zero Trust Internet strategy that provides 100 percent protection from all known and unknown vulnerabilities.
Vinay Pidathala on Jan 27, 2020
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.