Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Kowsik Guruswamy | Dec 05, 2019
Share this article
Cyber threat actors have gotten smarter–or lazier–depending on your perspective. It used to be fairly common for attackers to spend days or even weeks probing targeted networks for vulnerabilities to exploit. Once identified, they would break down traditional cybersecurity defenses around the network perimeter and steal as much information as they could, or cause as much chaos as possible, before the hole was patched and they were shut out.
Today, threat actors are much more subtle. Instead of trying to break down the castle walls, they simply steal the keys and stroll through the front door. By tricking users into willfully giving up their credentials through spear phishing, threat actors can simply remain undetected for days, weeks or even months until the time is right to execute their mission– to extricate data, hold systems hostage, spy on users or all of the above.
Is this lazy or creative? Depends on who you ask, maybe it’s a generational thing.
The point is that 94% of malware attacks conducted through email, according to the Verizon 2019 DBIR. Spinning up a seemingly legitimate email from a trusted individual or brand is fairly easy when anyone can become a Photoshop wizard overnight. Email addresses and domain names can be masked, and it is alarming how much personal information is publicly available on social media accounts. An enterprising threat actor could easily find the name and email address of a manager or vendor and send an email with a malicious attachment, such as a link to a compromised site or fake login page. By sending multiple versions of the spoofed email with slight variations, threat actors can scale the attack, knowing that at least one will eventually be clicked by the user.
This shift in strategy means that no matter how strong your cybersecurity defenses, your organization’s cybersecurity posture is almost entirely reliant on users. Web filtering through traditional security solutions need a reputational footprint of an attack based on third-party or internal threat intelligence. If an attack is new or has been slightly modified, it can sneak through. In fact, many malware attacks have grown sophisticated enough to identify whether they are in a sandbox and shut down until instructed to ramp up again when executed on users’ devices. Users – whether apathetic, unsavvy or both – are then responsible for determining what they can safely click on. As a result, phishing attacks are growing increasingly more successful. Verizon’s research also shows that 30% of phishing messages are opened by targeted users, so it is clear current defense mechanisms are not working.
What’s an enterprise to do? How can an enterprise build a robust cybersecurity strategy when attackers continue to target the weakest link: the user? Traditional cybersecurity solutions and conventional threat prevention products rely on detect and respond tactics and have failed to keep up with the evolving nature of sophisticated phishing attacks. These solutions analyze web links in an email and make a ‘good vs. bad’ determination. Unfortunately, this approach requires a reputational footprint to make a decision that does not detect (and ultimately block) new or modified attacks.
Enterprises need to rethink how they can protect users from cybersecurity threats by implementing a Zero Trust Internet policy. Instead of trying to determine what web content is bad, enterprises should just assume that all content is risky and isolate everything to be safe. Making an isolate or block determination is much safer than an allow or block approach, preventing even unknown attacks from executing malware on end users’ devices or directing users to fake login pages where credentials can be stolen. All email links and attachments can be opened in a safe isolation session in the cloud, protecting users from giving away credentials or opening attachments in a sandbox or on the endpoint.
The result: 100 percent malware free email.
Depending on how you look at it, threat actors are either getting smarter or lazier and going after the weakest link in the cybersecurity chain: the user. It’s time to take the responsibility out of their hands and implement a Zero Trust Internet strategy to cybersecurity.
This article originally appears in Cyber Defense Magazine
Posted by Kowsik Guruswamy on Dec 05, 2019
Tagged with Email Isolation, Isolation
Protecting the Remote Workforce
To talk to a Menlo Security expert, please complete the form.