Two minutes on…HEAT attacks evading content inspection

The pandemic forever changed the way that we work, with over 75% of employees’ workdays spent in a web browser and all the data and applications they need migrating to the cloud. This opened the door for a new class of threats called Highly Evasive Adaptive Threats (HEAT) that target employees where they work — the web browser — and easily bypass current security technology.

Security teams relying on the detect-and-respond approach to threats are struggling to keep up with the surge in HEAT attacks, which render static and dynamic content inspection defenseless by leveraging techniques like HTML smuggling. Unfortunately, once a HEAT attack is detected, chances are the network is already compromised.

In under two minutes, Menlo Security Senior Cybersecurity Strategist, Neko Papez, breaks down how HEAT attacks evade static and dynamic content inspection and how to prevent them from hitting your network in the first place.