MENLO SECURITY BLOG

Internet Isolation Enables a Zero Trust Approach That Protects Remote Users from Cybersecurity Threats without Impacting the User Experience.

Federal agencies are being forced to rethink the way they empower public servants with the tools and information they need to make government work. Even before the Covid-19 global pandemic, agencies were undergoing digital transformation in an effort to create efficiencies and be more responsive to citizens. Then, as government employees and contractors moved from their office cubicle to their dining room table—literally overnight—federal IT organizations had to scramble to enable application access to a nearly 100 percent remote workforce.

 

Tags: isolation, Internet Isolation, zero trust, new normal, federal cybersecurity, government digital transformation, next-gen secure web gateway

Isolation Provides Malware-Free Browsing Regardless of Patch Status

Imagine your life today without being able to freely browse the web. Browsers have put the entire world on our devices and in the palm of our hand—easily searchable in a powerful and seamless experience. This is where work happens, in browsers, email and shared files. Securing this this essential (yet vulnerable) entry point, ensures malicious actors wouldn’t be able to launch, much less carry out, an attack. Simply put, Chrome is critical to getting business done, as it is used by nearly two-thirds of devices worldwide.

Tags: cybersecurity, Google Chrome, Internet Isolation, cloud security, zero-days, CVE-2020-16017, CVE-2020-16013, web browser, CVE-2020-16009, CVE-2020-15999

Improve Productivity of Your SOC Personnel Through Menlo iSOC

I get it—it’s been a hard year for the cybersecurity industry. Covid-19 pushed users from a safe, central, hardened data center out to the edge of the network—literally overnight. We’ve been forced to scramble to enable secure application access to these newly remote users who are logging in to critical business systems from unsecured residential Internet connections and personal devices. We all knew this day was coming, but no one thought that 2020 would be the year we embraced the New Normal.

 

Tags: cybersecurity, threat intelligence, security operations center, SOC, false positives, cybersecurity alerts

Two FSI Experts Talk About What Keeps Them Up at Night

The thing about anxieties is that everyone has them. There’s not a person alive who isn’t afraid or worried. Whether it’s spiders or public speaking or nuclear war, something likely keeps us up at night. Cybersecurity is the same way. A CISO for a major hospital network is going to be concerned about different threats and challenges than a manufacturer or a nonprofit. These organizations have different intellectual property, interactions with customers, and business models—and are therefore targeted in different ways.

Tags: cybersecurity, FSI, secure financial information, PII, FSI security, secure personal information, remote user security

Whether the business world was ready for it or not, COVID-19 provided the accelerant for organizations of all shapes and sizes to embrace the era of remote work. Almost overnight, the pandemic also forced these organizations to pivot their users and applications to the cloud in order to continue seamless business operations. Securing this new work environment quickly became an essential mandate to ensure a truly safe online experience and keep the business moving forward.

Tags: funding, SWG, VPN Off load, VPN, secure web gateway, seamless business operations

The VA Has an Opportunity to Rethink Its Cybersecurity Posture in the New Normal with Cloud Web Isolation.

Covid-19 and its impact have pushed federal workers out from behind the firewall to the edge of the network in home offices. Fortunately, the Department of Veterans Affairs had already embarked on an aggressive IT modernization initiative—providing the framework for making sure remote workers have fast and consistent access to the tools and information they need, wherever the mission takes them.

Tags: malware, cybersecurity, phishing, ransomware, web isolation, COVID-19, Menlo Security, federal security, IT modernization, drive-by attacks, expanding attack surface, digital transformation, Veterans Affairs, VA

Menlo Imposter Threat Detection Flags Payloadless Attacks that Impersonate Senior Executives and Other VIPs

Cyberattacks aren’t always delivered via a payload such as a link to a malicious URL or an infected file attachment. Rather than trick users into downloading malicious content, attacks without payloads—otherwise known as imposter threats—use fake communications to get victims to carry out risky behavior, often offline. These fakes include emails such as phony government requests for a Social Security number, a relative’s plea for a wire transfer, a request from the boss to release proprietary business information or, more recently, give up personal information in exchange for health information and remedies about Covid-19.

 

Tags: email security, payloadless attacks, CEO wire fraud, scams, business email compromise, imposter threats, threat detection, email scam, mail spoofing, payroll diversion

I’m very proud of what we do at Menlo Security. We work very hard to make sure organizations and users around the world can safely access the tools and information they need to keep businesses running. We prevent confidential data from falling into the wrong hands. We protect users’ most personal data from malicious actors. And we enable remote productivity for organizations impacted by pandemics, wildfires, and other hazards.

Tags: phishing, secure web gateway, Menlo Security, By Light, DISA, federal cybersecurity, zero-days, drive-bys

Nimble but Smaller FSIs Adapt to Change Quickly, but Have Fewer Resources 

Not every financial service institution (FSI) is the size of a global bank with hundreds of thousands of workers. Frequently, boutique investment firms, insurance providers, and regional or local banks have only a fraction of the workers of their larger counterparts.

 

Tags: financial services, remote access, VPN, split tunneling, FSI

HHS Can Use Cloud Web Isolation to Stop Cybersecurity Threats without Impacting Productivity.

The U.S. Department of Health and Human Services (HHS) has been on the front lines of the Covid-19 pandemic, working with other federal departments to coordinate national policy and responses to address the public health crisis. However, just as in enterprises around the world, HHS has had to deal with shelter-in-place orders and work-from-home policies that have scattered users out from behind the data security perimeter to home offices. The ability of employees to log in to critical systems in the middle of a global pandemic is mission critical and a national security priority, but the department’s systems and the data that powers them need to continue to be secured without impacting business continuity or the native user experience.

Tags: cybersecurity, phishing, web isolation, secure web gateway, NIST, Data Privacy, Health IT, HHS, Office for Civil Rights