Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Jul 21, 2020
Share this article
A cloud-based secure web gateway (SWG) gives cybersecurity teams complete visibility and control over traffic that bypasses the VPN. Consider these two use cases.
User 1, an accountant in the finance department, works from a cubicle in the corporate headquarters. Most of her day is spent crunching numbers using the company’s on-premises SAP accounting solution, but occasionally she needs to pull customer information from Salesforce.com. SAP traffic remains inside the corporate firewall, sealed off and protected from malicious actors. Based in the cloud, Salesforce requires a persistent connection to User 1’s laptop, and as traffic flows through the firewall, security policies such as anti-malware monitoring, URL filtering, data loss protection (DLP), acceptable use policies (AUPs), and other security controls are applied.
User 2, also an accountant in the finance department, works remotely from home, thousands of miles from the company’s headquarters. He spends his day in much the same way, analyzing data in the SAP solution and occasionally accessing Salesforce.com to check customer status. SAP data is routed through a VPN, applying the appropriate security policies that detect and eliminate malicious content. However, routing Internet traffic through the VPN is not sustainable. The persistent connection to Salesforce coupled with routine web browsing, video conferencing, and personal webmail overwhelms the VPN, dramatically slowing performance and User 2’s productivity. To get around that, the security team could either build a local Internet breakout for the user or simply let all Internet traffic (including Salesforce) bypass the VPN. Unfortunately, building a local Internet breakout for every remote user is economically unfeasible, and the security provided by the breakout wouldn’t follow users whenever they travel away from their branch or home office where the breakout was set up. Unprotected web and SaaS traffic gives malicious actors an opening to target User 2 through a spear phishing campaign powered by social engineering to trick him into clicking on a link in a fake email, downloading malware, or unwillingly giving up his credentials.
Learn more about how the new normal is overwhelming VPN traffic.
Given a choice, most cybersecurity teams would prefer that all users were protected like User 1—behind a robust firewall that gives them the visibility and control into all data center and Internet traffic. But that’s just not realistic given today’s always-on, 24/7 world. The new normal is that an increasing proportion of users will continue to work from home or in branch offices, and organizations need to make sure everyone is protected from malicious threats such as spear phishing, ransomware, drive-bys, and zero-day attacks.
As you can see in these two use cases, consistency is the key. It doesn’t matter if User 1 is completely protected, because User 2 presents a risk. All it takes is one click in a malicious email or one compromised website, and the entire organization can be compromised. Cybersecurity is an all-or-nothing discipline. No one is protected as long as one person is vulnerable.
Menlo Security gives cybersecurity teams visibility and control over traffic that bypasses the VPN—allowing them to apply security policies reliably and consistently whether users log in from headquarters, home, a branch office, or public Wi-Fi. Menlo does this by delivering security services through the cloud. A cloud-based secure web gateway (SWG) acts as the central security control point for all traffic, providing a separate security layer through which all web traffic flows and where security policies can be applied.
Applying corporate security policies to all traffic also extends access control to Internet traffic and SaaS platforms. Security teams are able to monitor users’ web behavior and control their access to certain websites and cloud-based apps via URL filtering. Organizations may have acceptable use policies that prevent users from accessing social media during work hours, known pornography hubs, or other inappropriate content. Security teams may also want to limit unauthorized app use, such as cloud storage or file transfer sites, to boost insider threat prevention programs.
Cloud-delivered security powered by Menlo ensures consistent access policies for all users—whether they’re in the office or working remotely.
Read our new ebook, Securing the Future of Work, to learn how you and your organization can intelligently transition to this new normal.
Please do not hesitate to contact us with any questions.
Posted by Menlo Security on Jul 21, 2020
Tagged with SWG, Web Security
To talk to a Menlo Security expert, please complete the form.