Whilst working with a customer on a web isolation project over the past two weeks, I was passed on a query based on a report published by Recorded Future in December 2016. The report was a summary of what were the popular vulnerabilities used in exploit kits by attackers in 2016 (source: RecordedFuture).
What the customer asked us was: How would the Menlo Isolation platform deal with the exploits highlighted in the report?
All 10 vulnerabilities happened to be web-based browser vulnerabilities in 2016.
What was of no surprise to us, but was welcomed by the customer, was that we could demonstrate that the Menlo Security platform provides 100% prevention from infections across all the top 10 vulnerabilities of 2016 mentioned in the report. Every vulnerability on the list below would have been mitigated at time of writing, and if in use still today (as many old vulnerabilities are), would be mitigated using the Menlo Security Isolation Platform (MSIP).
Of note, CVE-2015-7645 was used by a huge number of exploit kits from Angler, Rig through to Neutrino, which as a cross OS-platform Flash vulnerability would be mitigated by the Menlo platform. At Menlo Security, we are unique in converting Flash video into safe video content, ensuring the user gets safe content without risk of browser compromise, but still providing safe access to content.
All exploits rely on two key steps: Leverage a vulnerability to corrupt the memory of the application (e.g. a buffer overflow or use-after-free bug), and leverage control over the memory state of the client to hijack execution flow and execute attacker controlled code.
The key message to highlight here is that, whether they be known or unknown vulnerabilities that are being exploited, the Menlo Security Isolation Platform can provide real value to organisations and provide protection against ransomware, malvertising, and other forms of web-based malware infection vectors.