NEW Phishing Attack hits Indeed.com
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Stuart Pickard | Apr 04, 2023
Share this article
The Biden administration announced a new national cybersecurity strategy earlier this month. As digital transformation continues to radically change how the country lives, works, communicates and plays, the new federal cybersecurity strategy seeks to make the digital ecosystem more defensible, resilient and better aligned to the country’s values.
This digital ecosystem is largely accessed through the browser. According to Google, 75% of today’s workday takes place inside the browser while the Verizon 2022 Data Breach Investigation Report shows that it’s also where 90% of breaches now occur.
The combination of the increased reliance on the browser and its vulnerability requires a rebalance of cybersecurity strategies. It’s no longer enough to build up a robust perimeter defense and monitor for abnormal activity in hopes of catching malicious actors in the act. Not when today’s attackers are leveraging evasive web threats, such as Highly Evasive Adaptive Threats (HEAT), that are designed to bypass traditional security tools completely undetected. Once they’ve made that initial breach on an endpoint through the browser, they are able to laterally spread, virtually unimpeached, through the network in search of more valuable targets.
While change is clearly needed and called for in the new national cybersecurity strategy, federal agencies just can’t rip out and replace their existing security stack. That would leave users vulnerable to HEAT attacks while security strategies were being realigned. Instead, agencies should add a protective layer on top of their existing security stack, providing cover without disrupting IT operations or impacting user productivity. One technology many organizations in both the public and private sector are considering is Remote Browser Isolation (RBI).
The Department of Defense (DoD) has been exemplary in leveraging RBI technology to add a protective security layer on top of traditional solutions to better head off malicious actors and protect users. The department’s cloud-based Internet isolation (CBII) solution moves the browsing process off desktops and to the cloud, allowing defense officials deployed around the world to safely and securely access the Internet without falling prey to web-based threats such as phishing, drive-by exploits, and zero-day attacks.
Here are the five pillars outlined in the new national cybersecurity strategy and how RBI puts federal agencies on the right path toward implementing these recommendations:
The president wants to make sure critical infrastructure that keeps the economy humming is protected from cybercriminals and rogue nation-states. The Colonial Pipeline breach last year was just the latest example of how malicious actors are using vulnerabilities in the browser to evade content inspection. RBI solutions ensure malicious actors do not have direct access to the end device through the browser. This prevents the initial breach and the subsequent lateral spread–keeping infrastructure up and running.
Understanding the MITRE ATT&CK Framework is a great way to stop ransomware, credential theft, and other malware–and it’s the first step, initial access, that is the key. Traditional detect-and-respond solutions require an allow or block decision at the point of click–putting a lot of pressure on threat identification while potentially blocking legitimate content. Prevention technologies such as anti-phishing and RBI avoid this allow or deny decision and simply isolate everything–whether it is a known threat or not. This cuts back on false positives, prevents the initial access and makes it almost impossible for threats to deliver their payload.
The current security landscape puts a lot of pressure on individual users to identify and stop HEAT attacks. And, while the market hasn’t caught up to this shift, you’d better believe that malicious actors have taken notice–developing highly evasive techniques that prey on users’ lack of knowledge, training and awareness to gain initial access to their end devices. More focus needs to be put on preventative security solutions that protect the user from these attacks. RBI works because it runs in the background without disrupting user workflows or changing the native browsing experience. This seamless transparency makes it less likely users will find a workaround that bypasses protective measures–ultimately making the agency more secure. RBI also takes pressure off Security Operations Center (SOC) teams by automating protection from these types of attacks on users, allowing them to focus on more strategic tasks such as proactively going after threats.
The new national cybersecurity strategy operates under the understanding that work has moved to the cloud. Agencies are making big investments in Microsoft 365 and other cloud-based productivity tools, making it essential that federal security teams make sure these expanding threat surfaces are protected without impacting productivity. RBI operates in the cloud, extending security protection wherever users log in today or in the future–whether that’s from a home office, a field office, or an overseas embassy.
And finally, the new national cybersecurity strategy encourages cooperation with the private sector, allies overseas, and other friendly organizations. Make sure your security partner understands the importance of collaboration and actively participates in sharing threat intelligence. Visibility into current threats is critical to gathering this intelligence and provides valuable context for security teams, giving them a head start on protecting federal networks. For example, a vendor could identify a threat emerging from Eastern Europe and inform customers in the U.S. before users start turning on their devices in the morning. Shared appropriately and transparently, this information can help stop attacks before they spread across the globe.
The new national cybersecurity strategy announced earlier this month is a great step in the right direction for federal agencies looking to protect American assets and interests in the U.S. and around the world. It’s going to take a radical rethink of traditional security approaches to meet the framework’s vision. Leveraging RBI technology can be a key ingredient to making this transition–proactively protecting users through the browser while agencies make critical architectural and philosophical changes to the way they enable and empower the federal workforce.
Posted by Stuart Pickard on Apr 04, 2023
Tagged with Awareness, Blog, Federal Government, HEAT, RBI
Protecting the Remote Workforce
To talk to a Menlo Security expert, please complete the form.