Menlo Security Cloud Security Platform is FedRAMP® Authorized
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Oct 02, 2019
Share this article
The Internet keeps getting weirder, and users are getting harder to protect. Yet Menlo Security continues to keep users safe.
Consider a new threat that just popped up on our radar—it hijacks users’ devices to surreptitiously mine cryptocurrency. We first observed the threat at the beginning of August 2019. Over the next 30 days, 64 users visited compromised sites that eventually redirected them to a cryptomining site. Thankfully, in every single instance, the malicious code was either isolated in a disposable container in the Menlo Security Cloud Security Platform or was blocked outright (Figure 1). Not a single device was successfully hijacked.
Figure 1: All 64 instances of the cryptomining attack were either isolated or blocked by Menlo Security.
Figure 2: The malicious link from Google search results. The website that the user visited is highlighted in red. The brown text shows the compromised directory on the website. The blue text is the search term typed in by the user.
Figure 4: An iframe is injected on the site, redirecting the user to swiftmining.win
This innovative method prevents cybersecurity solutions such as legacy secure web gateways (SWGs) or anti-malware filters from identifying the attacks before they are successful. Only the symptoms of a successful breach—such as sapped bandwidth and poor performance—tip off the user, who has to take the extra step to get IT involved. Even then, only a careful analysis of event logs will reveal the initial breach—and by then it’s too late.
While cryptomining attacks are considered relatively victimless (most are designed to not cause a perceptible performance hit so they don’t tip off the user or IT about the attack), a successful breach is an indication of larger cybersecurity issues. If an attacker is able to commandeer a user’s device, they can certainly download other malicious code that tracks keystrokes, leaks passwords, or opens up a connection to more sensitive business systems on the corporate network.
The bottom line: Any cybersecurity solution that relies on a detect-and-respond method is doomed to failure. In fact, failure is baked right into the architecture. Attacks that are identified days, hours, or even minutes after the initial breach can compromise security and put the organization at risk. Only a cybersecurity approach that provides 100 percent malware-free email and web browsing can keep users and the organization safe. There’s nothing weird about that.
Check out the recommended strategy for Secure Web Access from Gartner and Magic Quadrant for Secure Web Gateway to see why Menlo continues to be the answer to security concerns.
Posted by Menlo Security on Oct 02, 2019
Tagged with Cloud Security, SWG
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.