Another day, another validation that Internet isolation really is the best cybersecurity protection out there.
Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a memory corruption bug that uses a use-after-free vulnerability in audio that allows a threat actor to access memory after it has been freed. This allows anyone to cause a program to crash, execute arbitrary code, or even enable full remote code execution scenarios. Pretty serious stuff that should worry even the most secure enterprises.
Everyone, that is, except enterprises protected by the Menlo Cloud Security Platform powered by Internet isolation. You see, even though the exploit was only recently discovered and patched by Google, organizations that isolate web traffic in our Cloud Security Platform have always been protected, simply by our isolate-or block-approach.
But wait, isn’t Menlo’s isolated browser Chromium based? And doesn’t that mean the audio API is vulnerable in Menlo’s isolated browser as well?
Enterprises that continue to rely solely on a detect-and-respond approach to cybersecurity are pressing their luck. In the time it took Google to identify and patch the vulnerability, threat actors could have penetrated their defenses and done real damage. Why wait for exploits to be found and patched? Why not simply assume that all web content is risky and isolate it in the cloud far from your users’ devices?
Why take the risk? Especially when there's already a solution that protects enterprises from unknown vulnerabilities—the Menlo Cloud Security Platform.