日本郵政グループCISO様によるユーザー講演をオンデマンドで配信中!
Most Searched
従来のセキュリティアプローチには抜け道があり、コストが高く、セキュリティ チームにとって負担が大きいものでした。しかしメンロ・セキュリティは違いま す。最もシンプルかつ信頼のおける方法で業務を守り、オンラインの脅威からユー ザーやビジネスを分離します。
我々のプラットフォームは目に見えませんがオンラインユーザーがどこにいても保護しています。脅威は過去のものになり、アラートの嵐は過ぎ去りました。
データシート
従来のネットワークセキュリティは現在の複雑な環境を想定していません。SASEでこの問題を解決。
ソリューション概要
Menlo Labs は、脅威インサイト、専門知識、コンテキスト、およびツールを提供して、顧客が妥協することなく安全に接続、通信、コラボレーションするためのプロセスを支援します。 このチームは、既知の脅威と未知の脅威にスポットライトを当てる専門的なセキュリティ研究者で構成されています。
購入ガイド
Menlo Labs は、知見、専門知識、コンテキスト、およびツールを提供して、お客様が妥協することなく安全に接続、通信、コラボレーションするためのプロセスを支援します。
What are Highly Evasive Adaptive Threats (HEAT)?
A prevent and detect approach is key to stopping HEAT attacks.
Highly Evasive Adaptive Threats (HEAT) are used by threat actors who employ evasive techniques to bypass traditional web security measures and leverage web browser features so they can deliver malware or compromise credentials. If successful, HEAT attacks render all browser-based security defenses helpless. These include sandboxes, file inspections, network and HTTP-level inspections, malicious link analysis, offline domain analysis and indicator of compromise (IOC) feeds.
Specific HEAT techniques include:
HEAT attacks leverage one or more of the following four evasive HEAT characteristics to bypass legacy network security defenses:
Termed Legacy URL Reputation Evasion (LURE), sites classified as benign by categorization engines are compromised and then used for malicious purposes, bypassing indicators of compromise-based detection. Threat actors can quickly flip the behavior of that website, reveal the malicious content and drive people to that site – all before offline categorization engines have had a chance to categorize that as malicious. Attackers may even go as far as patiently creating new sites and leaving them to gain a good reputation across categorization engines, before using them to deliver malicious content. Captcha usage in malicious sites is also being used to not only gives users a false sense of security, but also force real user interactions to get to the real malicious content.
Phishing has normally been a 100% email problem, so attackers are finding alternative ways to get in that aren’t protected. SEGs and email link analysis are bypassed by leveraging additional phishing avenues outside the email path such as web, social media, professional networks, collaboration tools and SMS phishing techniques.
Traditional Secure Web Gateway (SWG) anti-virus or sandbox solutions are used to identify malicious content by scanning for known malware signatures and by monitoring file execution and remote file requests for suspicious behavior. Rather than downloading a file directly – which would be analyzed and if malicious – blocked – HTML Smuggling evades detection by embedding tiny bits of malicious code inside of seemingly benign sub-components, or Javascript blobs. These blobs aren’t in any format that’s understandable by the sandbox so they can’t be analyzed, and individually they don’t do anything malicious so they wouldn’t be detected, however these tiny blobs of information dynamically rebuild themselves into a malicious executable at the browser level without any user action, thus bypassing file content inspection engines completely.
Malicious content like browser exploits and phishing kit code are hidden or obfuscated to make the Javascript unreadable in order to bypass detection. Javascript is then revealed in the browser at run time executing its active content on the endpoint. Attackers also use website manipulations to hide impersonation logos behind morphed images to avoid visual detections in inspection engines.
There are three stages of a HEAT attack: gaining the initial foothold, spreading through the network and executing the final payload to gain control over critical business systems. Stage two and three are entirely dependent on stage one—gaining initial access. Menlo focuses on stopping HEAT attacks before they are able to make the initial access—effectively rendering the malware impotent. Without access, it can’t spread through the network, gain control, exfiltrate data or hold systems ransom.
Menlo Securityの製品やソリューションなどに関するお問い合わせをご希望の場合は、フォームにご入力いただき、送信してください。 また、ご意見・ご要望などがございましたら、お気軽にお問い合わせください。