OK, we’ll start with an easy one. Anti-virus capabilities stop known malware. Many malicious actors make an initial breach; lie in wait undetected for weeks, months, or years; and then execute their payload that helps them rapidly move from device to device. In today’s distributed environment, it’s absolutely critical that you’re able to detect viruses before they make that initial breach or execute their payload and start to spread. While anti-virus software has become less effective over time, given the velocity with which attackers change their threats, it’s still important in order to make sure the volume of older threats are addressed.
Users today expect to be able to access critical business systems, applications, and data from their personal devices—making it essential that the security team is able to control access to both managed (company owned) and unmanaged (privately owned) devices. This is especially critical in healthcare. Many doctors and nurses are technically independent contractors who use hospital and clinic facilities for their private practice, and they bring their own devices to access the hospital network. The hospital’s security team still needs to apply the appropriate security policies to these unmanaged devices.
Cloud transformation has pushed many critical applications to the cloud and Software as a Service (SaaS) platforms. CASB solutions provide users with safe, secure access to SaaS platforms—including detection of both sanctioned and unsanctioned SaaS applications and sensitive data discovery and monitoring. It’s important that your CASB solution is able to monitor both traffic flowing from the SaaS platform (malware) and traffic flowing to SaaS platforms (data exfiltration).
CSP prevents cross-site scripting, clickjacking, and other code injection attacks originating from malicious content embedded in a trusted web page. The point here is that trust has an expiration date. A website deemed safe one day may be infiltrated with malicious content (usually through advertising or other third-party modules) the next day. Trust must be verified at the point of click.
In a data breach, sensitive, confidential, or otherwise protected data is accessed, stolen, or exposed by an attacker. Data breaches can occur due to a variety of factors, such as hacking, malware, human error, or system failure. The consequences of a data breach can be severe, including financial losses, damage to reputation, and legal liabilities for the organization that experienced the breach.
Organizations need to continuously monitor for sensitive information leaving the network. A DLP solution in the cloud is able to monitor traffic outside the traditional perimeter, where users access information on the Internet. It’s important that the DLP solution is lightweight, invisible to users, and able to record what happened, how it happened, and who was involved.
EDR continually monitors the health of distributed devices and allows the security team to respond to cyberthreats. As devices spread out from the data center, it’s important that they’re detectable by EDR solutions and protected from sophisticated cybersecurity threats.
Encryption puts a lock on data so that even if threat actors are able to steal it, they can’t open it without the key. The organized data that makes up files and documents is scrambled into a seemingly random order, or encoded, and can only be decoded with an encryption key — that is unless threat actors brute force the key, essentially guessing it with a powerful computer that tries different passwords at rapid speed until it finds the right one. Truly secure encryption prevents this with sufficiently complex encoding. Encrypting data is required in a variety of industries.
A traditional firewall monitors all traffic that passes through the perimeter, but now that users, devices, and applications are moving outside the data center, there’s no perimeter anymore. Organizations still need to monitor and block traffic that wants to interact with users, systems, and data, so it makes sense to move firewall capabilities to the cloud and deliver them as a service to distributed users. This way, the organization can monitor for malicious connections and apply the appropriate security and network policies to all traffic.
According to the U.S. General Services Administration, the Federal Risk and Authorization Management Program (FedRAMP) “is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. By running through the program, agencies are then able to leverage modern cloud technologies that have an emphasis on security and protection of federal information.
Firewalls act as a barrier between the network and all incoming and outgoing traffic, analyzing web activity and either allowing or prohibiting it based on a set of parameters. They’re typically set up both on the corporate network, or the trusted network, and the endpoint, or the untrusted network, as a first line of defense in keeping out malicious traffic while allowing in non-threatening traffic. Firewall technology was developed in the late 1980s, and it’s still commonly used today.
Highly Evasive Adaptive Threats (HEAT) are a class of cyberthreat that leverage web browsers as the attack vector and employ various techniques to evade multiple layers of detection in current security stacks. Consequently, HEAT-based attacks bypass traditional web security measures and leverage web browser features to deliver malware or to compromise credentials. In many cases, this leads to the delivery of ransomware.
Threat actors are easily bypassing traditional Secure Web Gateways (SWGs) and URL filters with Legacy URL Reputation Evasion (LURE) attacks, a type of Highly Evasive Adaptive Threat (HEAT). In order to let users safely browse the entire web, legacy web filters categorize domains as either trusted or untrusted. The problem with this solution? In LURE attacks, enterprising threat actors are taking over websites categorized as good and then rigging them with malicious content that’s able to slip past web filters completely undetected.
Malware, short for malicious software, is any piece of software that’s designed to infect a user’s computer or network and cause damage to it. Malware is a relatively broad umbrella that takes many different forms, such as viruses, worms, Trojans, phishing attacks, spyware, and the much-dreaded ransomware. These different forms of malware can lead to a range of consequences, from personal information being stolen to an organization’s data being encrypted.
Very similar to a man-in-the-middle attack, this approach differs in that a Trojan is used to intercept information between a web browser and its security mechanisms (or libraries) on the fly. A common use case is financial fraud, where an installed Trojan sniffs or modifies transitions as they’re formed on the browser. The user is clueless as the intended transaction is still displayed to them.
Knowing who is trying to access the network and confirming the identity of that person are key components of the Zero Trust approach to cybersecurity. MFA uses several methods for determining authentications—most typically through an initial password and then through a token passed to an already trusted device.
Phishing is a type of cyberattack where the attacker attempts to trick the victim into giving away sensitive information, such as login credentials or financial information, by posing as a trustworthy person or organization. This is typically done through fake emails or websites that look legitimate but are actually designed to steal the victim’s information. Phishing attacks are often difficult to detect, as the attacker will try to make their fake emails or websites look as realistic as possible in order to trick the victim into giving away their information.
Considered one of the greatest cyber threats today, ransomware is a class of malware that is designed to block users or organizations from accessing files on their computers or networks. The only way to regain access to this information is to pay the threat actor a ransom to unlock it. Oftentimes, a message is displayed on the victim’s screen alerting them of the extortion attack. Once an attacker gains access to a victim organization’s files, they will encrypt them so they cannot access files, databases, or applications.
Not just a baseball term, RBI removes the risk of interacting with potentially malicious content by executing dynamic content away from the endpoint in a remote browser in the cloud—cutting off threat actors’ access to the endpoint device. This protects users’ devices from web- and email-based cyberattacks such as phishing, ransomware, drive-by exploits, and zero-day attacks.
What is Remote Browser Isolation?
SASE enables a Zero Trust approach to enterprise security by giving organizations a consolidated framework from which to deliver security and networking services through the cloud. SASE is designed to connect distributed users, devices, branch offices, apps, and SaaS platforms—regardless of physical location. This allows users to securely and seamlessly access whatever tools and information they need wherever and whenever, without posing a risk to the organization. You’ll definitely want to know more about this architecture, as it’s primed to be the blueprint for all modern enterprise security.
A critical component of SASE, SD-WAN automatically optimizes traffic route paths between two locations across any network architecture. Modern enterprises can use SD-WAN to route traffic through the appropriate security controls without impacting the user’s browsing experience.
Many security teams use a SIEM solution to correlate huge amounts of reporting data and draw conclusions in threat investigations. This is critical for understanding security event context to conduct root-cause analysis and stop future attacks.
Whether internal or through a service provider, SOC teams are responsible for investigating potential breaches within an organization, using forensic tools and threat intelligence to figure out how a threat entered and what—if anything—happened that needs remediation.
Remember that email you got from your CEO asking you to buy him gift cards? Yeah, that wasn’t your CEO. That was a threat actor impersonating your CEO — also known as spoofing. Attackers disguise themselves as a trusted entity to ensnare victims through emails, text messages, websites and other channels and ultimately steal money, download the victim’s data or gain access to their organization’s network.
Considered one of the most common threats to web surfers–and the ultimate data privacy violator–spyware is malicious software that enters a user’s device with the aim of gathering data and forwarding it to a third-party without the user’s consent. This information can include passwords and bank credentials. While difficult to detect, users infected by spyware may notice that their processor or network connection speeds are lagging. Classes of spyware include adware, keyboard loggers, Trojans, and mobile spyware.
A SWG protects users from web-based threats on the Internet by preventing malicious content from accessing the endpoint. SWG solutions typically work by blocking inappropriate or malicious websites based on policies set by the enterprise cybersecurity team. The SWG typically replaces the proxy in a traditional hub-and-spoke security model, in which all traffic is backhauled to the physical appliance in the data center.
A Trojan horse, like the trojan horse the Greeks were said to have used to sneak soldiers into Troy, is a type of malware that tricks users into downloading it by disguising itself as a harmless program or file in order to gain access to a computer system. Once inside the system, a Trojan horse can perform a variety of harmful actions, such as stealing sensitive information, spying on the user, or allowing the attacker to gain remote access to the system.
Qakbot is one of the most common banking Trojans around the globe. It’s designed to steal sensitive information, such as bank login credentials and financial data, and send it back to the attackers who deployed it. Qakbot is typically spread through several evasive techniques such as phishing emails or HTML smuggling. Once it has infected a computer, it can also spread itself to other computers on the network and install ransomware.
OK, another easy one. A VPN allows remote users to connect directly to the corporate network across public infrastructure as if they were in the office. The problem with a VPN is that it requires all traffic to be backhauled to the data center, creating massive latency and bandwidth issues. This solution is fine when only 10 percent of the workforce is working from home, but as we saw in the last year, organizations run into major performance issues when 100 percent of the workforce goes remote. Split tunneling (routing application traffic back to the data center while allowing direct connections to the Internet) is a common method for getting around these performance issues, but allowing users to connect directly to websites and SaaS platforms is not a viable option given today’s dangerous threat landscape.
WAAPaaS protects users, devices, and the data center from malicious intent originating from web applications. It works by monitoring web app traffic (HTTP and encrypted HTTPS) for malicious SQL injections, cross-site scripting, and file executions. It combines WAF, API security, bot management, and DDoS protection in a single tool designed to prevent malicious actors from getting into your web-facing applications.
A critical component of WAAPaaS, a web application firewall filters, monitors, and blocks HTTP traffic moving to and from a web service. WAF is specifically used to prevent DDoS attacks from shutting down an organization’s web application.
Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust. It turns the traditional detect-and-remediate approach to cybersecurity on its head, resulting in the continuous validation of digital interactions. When considering activity by users on the Internet, organizations that take a zero trust approach assume that all traffic – regardless of whether it originates from a trusted source – is untrustworthy. This forces web sites, web apps, Software-as-a-Service (SaaS) platforms and even email content to be treated as if it is malicious. It then needs to be authenticated continuously, before each interaction with a user, device or application on the network.
Modern enterprises need to make sure distributed entities (users, devices, applications, remote offices, and SaaS platforms) are able to securely connect to applications. Unlike VPN connections, ZTNA operates on a Zero Trust model in which access is granted only to applications required for a particular person or role to do their job. In this way, connecting to the network doesn’t provide the ability to scan or search across the whole network. It’s critical that your ZTNA solution gives the security team the ability to secure a wide range of managed and unmanaged entities.
What is zero trust?