The browser has become central to the enterprise workspace, going from a simple app that renders HTML and enables web interactions, to the single application that delivers access to almost everything else. While that access has greatly benefited productivity, it also means that the browser is involved in virtually every enterprise cyberattack today, for a number of reasons:
While many enterprises have tried to improve browser security, they tend to focus on security at the network or endpoint level. These tools are not equipped to combat evasive threats to the browser and often don’t even see them until it’s too late.
Menlo Security has specialized in protecting the browser, and we have over a decade of experience building rock-solid solutions that provide complete defense for users and for the enterprise.
Menlo was the first to recognize a new class of browser-based attacks that exhibit dynamic behavior. Examples of these exploits include those that adjust tactics based on environment, fileless attacks that run in memory to avoid AV software, and those that delay execution to obfuscate the attack vector. We’ve defined this category as highly evasive and adaptive threat (HEAT) attacks.
The first step to stopping HEAT attacks is seeing them, with Menlo HEAT Visibility
Menlo HEAT Visibility identifies and surfaces the evasive web-based threats that you have probably never seen before. This evasive threat intelligence, derived from Menlo logs, will give you deeper insight into malicious campaigns and the tactics, techniques, and procedures (TTPs) attackers are using. Alerts are compiled into a single dashboard and can be integrated into your workflow with the Menlo API.
Attackers are now using AI to create new attacks and customized approaches to gain access to your network. You need to fight AI with AI…from Menlo. The simple addition of HEAT Shield AI to your existing Menlo deployment delivers dynamic policy enforcement to every page load, without changing anything else in your security stack.
HEAT Shield AI is a radical departure from other offerings that rely on signatures or pattern matching, because these methods can only identify what has already been discovered. With HEAT Shield AI, you can identify and block zero-hour phishing attempts for full click-time protection, often up to six days before other vendors can detect such threats.
With HEAT Shield AI, browser traffic passes through the Menlo neural network, which employs multiple inspection engines simultaneously to deliver real-time analysis in a single pass. Because analysis of different page elements, including JavaScript, DOM, logos/graphic elements, input fields, and URL paths are all examined in parallel with zero latency.
With Menlo, you can dynamically block the latest credential phishing and brand impersonation attacks, including those that appear to come from reputable vendors whose products your organization actually uses.
When HEAT Shield AI identifies a phishing site, it dynamically creates and applies a configured policy enforcement action—either displaying the page in read-only mode or blocking it completely, so there is no need for security or incident response teams to investigate as the attack proceeds. All results are compiled in a single dashboard and can be integrated into your SIEM or SOAR platforms via the Menlo API.
HEAT Shield AI is built on the Menlo Secure Cloud Browser, which separates the endpoint from web-based traffic, analyzing the content and context to make real-time decisions so users don’t have to. The Secure Cloud Browser protects the user and the enterprise, providing complete email security, as well a secure document and archive viewer.
Because email is the backbone of enterprise communications, it is one of the first venues used for phishing and malware dispersal. While most users now realize there is no Nigerian prince seeking banking details, the propagation of attacks via email, SMS, and text remain successful.
With the Secure Cloud Browser, email traffic is analyzed just like all other web traffic. Rather than relying on other sources to determine if an email or the links within it are “good or bad,” all content is assumed to be malicious and executed in the Secure Cloud Browser. Only safe content is sent to the local browser. Menlo integrates seamlessly with existing mail server architectures, so there is nothing new to deploy or learn.
The browser has long been a blind spot for security and IT teams, but with Menlo Browsing Forensics you can see what’s really going on. As traffic passes through the Secure Cloud Browser, you can configure Browsing Forensics to capture sessions by site category or threat type. You can see user actions and interactions in near-real time, enabling incident response teams to get actionable data about any assets that may have been exposed.
Menlo Security Remote Browser Isolation protects users against targeted phishing and evasive malware threats. It provides a seamless browsing experience across any website, SaaS platform, and private application.
Remote Browser Isolation creates a protective layer between the user and the internet by moving all web requests to a remote browser inside an isolation platform. The Menlo Secure Cloud Browser creates this isolation, making requests on the user’s behalf, downloading the code, and executing all active content. It then sends only a clean, sanitized visual layer down to the endpoint.
With Remote Browser Isolation, attacks have no access to the network or endpoints, so malware cannot spread laterally through the network in search of valuable targets and cannot deliver its final payload.
All Menlo products are part of the Secure Enterprise Browser solution. An evolution from remote browser isolation technology that some vendors are just now adding to their security offerings, a Secure Enterprise Browser creates a hardened digital twin of users’ local browser on the fly.
Because the browser has been our sole focus, we are able to deliver a solution that offers all the security you want with the performance and familiarity that users require.