How a Fortune 500 Customer Embraced Menlo’s Isolation as Their Primary Defense Against Phishing and Email Threats.
I had the opportunity to chat with one of our largest customers the other day. I can’t mention the company name, but they are a big, well-known brand. Menlo works with eight of the ten largest banks and four of the five biggest credit card companies in the world. Let’s just say it was one of them.
It was an interesting conversation because we were talking about why the company chose to go with Menlo. We were very small then—just one of thousands of security startups getting into the market—and we were talking about this new technology called isolation. And, like I said, they are this big company, more than a trillion dollars in annual transactions, millions of customers, 80,000 users. And they already worked with dozens of security vendors—some of the largest, most respected companies in our industry. So, why Menlo?
The answer was a bit surprising. According to the CISO, it was our singular focus on solving their biggest, most disruptive problem: Malware and phishing attacks kept getting through. Despite millions of dollars in security technology investments, a robust security stack, and a team made up of the world’s top cybersecurity professionals, malware was still getting through. And according to the CISO, one bad click was one too many.
They chose Menlo Security because we dedicated our lives to achieving 100 percent malware-free email and web browsing. They liked that focus, and they believed in our technology.
The company’s existing solution was based on a detect-and-respond approach that relied on an on-premises proxy environment. All traffic was routed through these appliances in the data center, and categorization would make an allow-or-block decision.
This caused three issues that the CISO knew could be resolved only through isolation—specifically, Menlo Security’s Isolation solution.
Issue #1: Not Everything Was Getting Caught.
Threat intelligence simply can’t keep up with increasingly sophisticated attacks. The problem just defies the laws of physics. A security technology that relies solely on detection-based approaches can't catch everything. Why not? Because there has to be a first instance that creates the signature. This is a problem because even one successful attack could be devastating to any business, and for our customer, it was a matter of when—rather than if—a big breach would cause a big problem. Menlo makes sure that every email and website is isolated in a remote browser on the web, giving malware no avenue for reaching a user’s endpoint device—even if the user clicks on a malicious link. Isolation effectively takes the risk management decision out of the user’s hands, providing 100 percent malware-free email and web browsing.
Issue #2: Existing Filtering Solutions Were Creating Too Many False Positives.
False positives created a lot of noise that the remediation team had to go through to find the real issues, which put strain on an already stretched resource. Menlo filters out all the noise associated with a detect-and-respond approach. Everything is isolated—effectively eliminating false positives. The customer said that his team is now able to focus on the real issues and has more time for threat hunting and behavioral analysis. Before, his team was running around putting out tiny little fires here and there. Isolation put a stop to all that, allowing the team to focus on the big stuff.
Issue #3: Categorization Doesn’t Work for Uncategorized or New Websites, and This Was Causing Unnecessary Disruption for Users.
This was a big issue. Users weren’t able to access the websites they needed to do their jobs and had to submit a ticket to the help desk to get the site unblocked. This could take days or weeks in some cases—an unacceptable timeframe. Menlo, on the other hand, preserves the native user experience. Because everything is isolated, users can click with impunity, without having to make any sort of risk assessment. This is especially important as users increasingly rely on email, web browsing, and web-based business applications. It’s a complex ecosystem that has to work flawlessly, and Menlo provides peace of mind because distributed users have safe, secure access to the tools and information they need to keep the business running.
But, Wait. Time Was Also an Issue.
The customer also said that the ease of deployment and integration with the rest of their security stack was the clincher. Menlo is scaled across an extensive global elastic cloud. Nearly everywhere the company had a presence, Menlo was there to provide local Internet breakouts for users. In fact, the customer was able to roll out Menlo to 80,000 global users in just a few months. No other vendor could provide that timeframe, and that was important. The company knew that malware and phishing attacks were getting through to the endpoint, and it was just a matter of time before there was a major security breach. Menlo was (and still is) singularly focused on solving their main security issue. It’s what we do.
Feel free to reach out at any time to discuss how Menlo can provide 100 percent malware-free email and web browsing for your organization.