Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Marcos Colon | Jun 15, 2021
Share this article
In an unprecedented move, President Biden publicly and privately has been putting pressure on global leaders for harboring known cybercriminals who have launched attacks on U.S.-based organizations. FBI Director Christopher Wray likened today’s cybersecurity threats to the September 11 attacks in New York and Washington, D.C., and other officials, including Secretary of Commerce Gina Raimondo, have hinted that military action would be considered if it would protect the U.S. from cybercriminals backed by nation-states.
The federal government’s focus makes it clear that ransomware is a rapidly growing problem with huge potential consequences. Over the past several months, high-profile attacks have targeted critical infrastructure in the U.S., including a global meatpacking plant and a major oil pipeline. The SolarWinds hack made millions of government and commercial endpoints vulnerable to attack, and many experts note that these events could be dress rehearsals for a larger, more disruptive attacks—for example, potentially shutting down the electrical grid of a large city, causing dam failures that flood a populated river valley, or shutting down major e-commerce sites such as Amazon or Walmart.
The threat to critical infrastructure is real, but most ransomware attacks continue to target enterprises and individuals for monetary rewards. Fujifilm recently announced it was the target of a ransomware campaign. Quanta, the manufacturer of Apple’s laptop computers, was also hit this year, as was the University of California, Royal Shell, and the Broward County School District. In fact, the six most active ransomware gangs are linked to attacks on 292 enterprises in 2021. Although not all attacks are successful, many enterprises simply pay whatever ransom the attackers want—perpetuating the problem. According to Atlas VPN research, malicious actors bring in $1.5 trillion per year through ransomware, cryptojacking, and stolen data—a figure more than the combined annual earnings of Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart.
In addition to its high success rate, ransomware is a popular threat tool because it’s very difficult for enterprises to protect themselves.
The federal government is strongly advising the private sector to step up ransomware protection. The deputy national security advisor for cyber and emerging technology sent an open letter to the business community to start using commonly advised security practices to defend against ransomware, and the Transportation Security Administration (TSA) issued an order aimed at curbing attacks on critical infrastructure.
It’s not like they’re not trying. Many organizations introduced work-from-home policies in the last 18 months that came with mandates to log in through a VPN. However, the sudden explosion in traffic overwhelmed VPNs and opened up new ways for malicious actors to infect networks. In fact, it’s recently been reported that the SolarWinds hack was perpetuated through stolen VPN credentials.
Enterprises use a variety of tools to detect and stop the initial infection that kicks off a ransomware attack, but traditional security solutions that rely on a detect-and-remediate approach are broken. Given the reasons above, it’s increasingly difficult to detect ransomware, and you can’t stop an event you can’t detect. The alternative of just blocking everything on the Internet or requiring a separate device to connect to the Internet is counterintuitive, only serving to frustrate users and disrupt their productivity. These harsh tactics tend not to work anyway, encouraging users to create workarounds or simply ignore security policies. Remember, all it takes is one click.
Not all is lost. There are security approaches that can stop ransomware in its tracks, all while preserving the user experience and protecting productivity. An isolation-powered approach to Zero Trust can prevent all malware—yes, including ransomware—from infecting endpoints. Isolation works by creating a protective layer around users as they navigate the web, effectively creating a virtual air gap between the Internet and enterprise networks. By coupling isolation with a Zero Trust approach, both known and unknown potentially malicious activity is blocked, ensuring that attackers never gain a foothold in the network and ransomware has no avenue for reaching endpoints.
Critically, isolation-powered technology never disrupts the user experience, and web pages look identical to how they would normally. The only difference is transparent: There is zero risk of malware exploiting vulnerabilities. All email and web traffic goes through this isolation layer, where the content is visible but never actually downloaded to the endpoint.
Ransomware is quickly emerging as the number one threat and CISO concern to enterprise security. It’s gotten so bad that two nuclear powers are squabbling over the new cyber battlefield—putting enterprises in the middle. An isolation-powered approach to Zero Trust is the only way ransomware can be defeated. Cutting off access to the endpoint eliminates any opportunity for infection, without disrupting the way people work. It’s time to ditch the outdated detect-and-remediate approach of the past and rethink how you protect users, applications, data, and the business from ransomware attacks.
For additional insight, download this Gartner report on best practices for protecting your enterprise from ransomware attacks.
Posted by Marcos Colon on Jun 15, 2021
Tagged with Malware, Ransomware, SWG, Zero Trust
Threat Trends & Research
To talk to a Menlo Security expert, please complete the form.