NEW Phishing Attack hits Indeed.com
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Apr 20, 2023
Share this article
The latest findings from the 2023 CyberEdge Cyberthreat Defense Report (CDR) features some positive news about the state of cybersecurity. The industry is making progress and is showing increased confidence in its ability to face attack. And, as evasive cyber threats continue to target the key productivity tool within organizations–the web browser browser–security teams seem to be getting the message, showing an increasing commitment to investing in preventative technologies that protect users from web-based attacks.
After decades of increasing threats and embarrassing breaches, the IT security industry seems to have turned a corner. According to the CDR, only 84.7% of organizations were successfully breached over the past 12 months–the second successive year that figure has declined since peaking in 2021. And while only 15% escaped the year unscathed, the fact that the percentage has plateaued and started to decline is a positive sign that we’ve turned a corner.
This success has led to more confidence among IT security professionals in their ability to stop attacks. CDR’s Threat Concern Index–an indication about how worried security professionals are with 13 different types of threats–fell from 3.88 to 3.82 and decreased in all but one of the threat categories.
The decrease of breaches and the rising confidence are giving security teams a seat at the table. According to the report, 97% of IT security leaders regularly engage with their board of directors–with half providing periodic cyber risk assessment reports and presenting their findings regularly at board meetings. More than a third go even further and regularly report security measurements to the highest levels of the organization.
What are security leaders doing with this newfound access to decision makers? They’re pushing for an investment in a Zero Trust approach to security. Rather than focus on trying to lock down an expanding and fluid perimeter, Zero Trust allows security teams to focus on users–wherever they log in–requiring all entities to continuously authenticate when requesting access to applications and data.
The key here is the web browser. According to Google, 75% of work today is conducted inside a browser. And threat actors have taken notice. Verizon reports that 90% of breaches now occur through the browser. Moving to a Zero Trust security approach requires that security teams focus on preventing these browser-based attacks.
Fortunately, Remote Browser Isolation (RBI) can be layered on top of existing detect-and-respond security solutions to prevent web-based attacks from gaining an initial foothold on an endpoint through the browser. RBI works by inserting a virtual air gap between users and the Internet. All content–whether it’s known or unknown, good or bad–is fetched and executed in a remote browser in the cloud where malicious content is stripped out before being sent to the end user. Without direct access to the end device, threat actors have no avenue in which to deploy their payload, preventing them from gaining a foothold into the network.
As the CyberEdge CDR suggests, despite turning the corner on progress against threat actors, security leaders need to continue to invest in browser security to keep up the pressure. Here are three reasons security teams should be investing in RBI solutions as a way to protect the browser, enable Zero Trust and stop attacks in their tracks:
According to the CDR, ransomware continues to grow in volume (72% of all organizations were impacted in 2022) and cost (now up to $408,000 average payout). But ransomware threats are also growing in sophistication. Only one-fifth of ransomware attacks in 2022 involved just encryption. The remaining 80% involved an additional one, two, three or even four more types of threats. This includes publicly releasing exfiltrated data and launching DDoS attacks to amplify pressure on victims. So, even if you are able to restore access to your information and systems, you still have to worry about when the second shoe will drop. That’s why stopping ransomware attempts before they are able to gain that initial access to an end user’s device is the only way to guarantee you can rid your organization of this threat.
When the perimeter was static and most work was done inside a hardened data center, focusing on detecting and responding to threats made sense. But we live in a new world–one with expanding threat surfaces and threat actors that move at the speed of business. Today’s Highly Evasive Adaptive Threats (HEAT) are designed to bypass traditional security tools, make an initial breach on an endpoint through the browser and spread laterally, virtually unimpeached through the network in search of more valuable targets. Once that initial access has been made, it doesn’t matter how fast you are able to detect suspicious behavior. It’s already too late. The damage has been done. New techniques such as man-in-the-middle attacks work within seconds of first contact. As malicious actors continue to evolve and gain agility in how fast they can corrupt a network, browser security powered by RBI is an organization’s best defense.
Zero Trust requires a complete rethinking of the organization’s security strategy, but security teams can’t just rip and replace their existing security stack. That would leave organizations vulnerable to HEAT attacks while strategies were being realigned. Instead, RBI can be deployed on top of the existing security stack, serving as a protection layer that provides cover without disrupting IT operations or impacting user productivity. This would allow security teams to make the necessary architectural changes without increasing risk.
The 2023 CyberEdge CDR shows that the security industry is finally making the necessary changes to keep up with today’s HEAT attacks, but we have a long way to go. Organizations should consider implementing RBI technologies on top of their existing security stack as a way to prevent increasingly sophisticated and increasingly costly ransomware attacks, replace outdated detect-and-respond solutions with a proactive, preventative approach and enable their Zero Trust security strategies. We’re making progress. Now is not the time to take one’s proverbial foot off the gas.
Posted by Menlo Security on Apr 20, 2023
Tagged with Awareness, Blog, Isolation, RBI, Threat Trends
Threat Trends & Research
To talk to a Menlo Security expert, please complete the form.