Menlo Security Cloud Security Platform is FedRAMP® Authorized
Most Searched
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Video
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
eBook
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Buyer's Guide
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Nov 08, 2019
Share this article
Another day, another validation that Internet isolation really is the best cybersecurity protection out there.
Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a memory corruption bug that uses a use-after-free vulnerability in audio that allows a threat actor to access memory after it has been freed. This allows anyone to cause a program to crash, execute arbitrary code, or even enable full remote code execution scenarios. Pretty serious stuff that should worry even the most secure enterprises.
Everyone, that is, except enterprises protected by the Menlo Cloud Security Platform powered by Internet isolation. You see, even though the exploit was only recently discovered and patched by Google, organizations that isolate web traffic in our Cloud Security Platform have always been protected, simply by our isolate-or block-approach.
The flaw requires calling an audio-related API from JavaScript, but when the JavaScript is executed in an isolated browser in the cloud, it is unable to call the API on the client side.
But wait, isn’t Menlo’s isolated browser Chromium based? And doesn’t that mean the audio API is vulnerable in Menlo’s isolated browser as well?
Yes, but the Menlo Cloud Security Platform runs on Linux, so the second step in the in-the-wild exploit chain is not applicable. Without another vulnerability that allows the JavaScript to escape the sandbox, CVE-2019-13720 has no ability to reach users’ devices. Even so, we have already released an update to our cloud platform.
Enterprises that continue to rely solely on a detect-and-respond approach to cybersecurity are pressing their luck. In the time it took Google to identify and patch the vulnerability, threat actors could have penetrated their defenses and done real damage. Why wait for exploits to be found and patched? Why not simply assume that all web content is risky and isolate it in the cloud far from your users’ devices?
Why take the risk? Especially when there’s already a solution that protects enterprises from unknown vulnerabilities—the Menlo Cloud Security Platform.
Posted by Menlo Security on Nov 08, 2019
Tagged with Cloud Security, Isolation, Web Security
Protecting the Remote Workforce
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.