Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
What are Zero Trust Policies?
By taking a Zero Trust mindset to security, online threats are prevented from ever reaching users. Resulting in zero worry for you.
It’s important to note that Zero Trust is not a solution. It’s not a tool. It’s not something you can buy in a box or download and deploy on your network. Zero Trust is a state of mind. A Zero Trust security strategy assumes that all traffic–regardless of whether it originates from a trusted source – is untrustworthy. This forces web sites, web apps, Software-as-a-Service (SaaS) platforms and even email content to be treated as if it is malicious. It then needs to be authenticated continuously, before each interaction with a user, device or application on the network.
Zero Trust Policies enforce the rules that govern Zero Trust strategies. For example, an organization may want to force read-only access for suspicious websites to protect users from credential theft. Or, it may want to tighten restrictions around payroll applications because of the sensitivity of data on those systems. Zero Trust Policies take into account the user, the device and what they are requesting access to–and their trustworthiness are continuously monitored and evaluated.
Traditional security policies authenticate entities (a user, device or application) once at the edge of the network and then give them access to everything inside the network. This worked well when enterprise networks were set up in a hub and spoke model where there was little mobility. Users tended to log in from corporate headquarters behind a robust firewall that could control traffic flowing in and out of the data center.
Today’s networks, however, are highly-distributed and mobile. Users, devices, apps and data are spread out across private and public cloud infrastructures where they are spun up and down on demand. This decentralized architecture hasn’t so much eliminated the perimeter as it has expanded it to anywhere users do business–whether it is a remote office, a home office, a customer site or on the road. The perimeter is everywhere – making it impossible to stop breaches.
Zero Trust Policies continuously authenticate entities at the perimeter and inside the network, ensuring that nothing gets through the cracks. This granular control allows you to identify and monitor changes of trustworthiness. Rather than assume authenticated entities are trustworthy, Zero Trust Policies assume everything is malicious by default and require them to continuously prove their trustworthiness.
It’s a strategy that requires enterprises to completely rethink how they protect the organization. Zero Trust Policies must be ubiquitous throughout the network security stack–including the Secure Web Gateway (SWG), firewall, and Cloud Access Security Broker (CASB). Whether someone is connected to a cable coming out of the wall at the corporate headquarters or logging on from public WiFi in a coffee shop, Zero Trust Policies govern exactly what they can access and at what level.
You can’t secure what you don’t know. Any Zero Trust policy starts with cataloging your applications so you know where they sit in the network and what users need access. You can then define levels of accessibility to determine who gets full access, who gets read-only and whether users can get upload or download permissions.
Once you know what you have, you can bake levels of control into your Zero Trust Policies. It’s almost like calculating a risk score. For example, let’s say that a known user is trying to access an application on the network. Multi-factor authentication proves that the user is who they say they are and they are logged into a known device. However, the user is located in a country such as Albania.
Not only is that a strange location for this particular user to be located in, it’s a known hotbed of hacker activity. A Zero Trust policy can be set to provide the authenticated user access to the application but limits him to read-only. This granular level of control protects the application from potentially malicious activity without disrupting the user’s productivity–just in case the user really does have a legitimate reason for being in Albania. Zero Trust policies allow you to set these various levels of security based on pre-set rules and apply them globally.
Zero Trust policies also need to go beyond just user to app accessibility. They need to go the other way as well by dictating data flow from the application to the user or even between applications. This allows you to apply Zero Trust policies to applications, users, devices and data–providing complete coverage across the enterprise. You should even be able to extend policies to third parties such as customers and partners using unmanaged devices to be truly secure. It shouldn’t matter if it’s an application, a person, an IoT device – every entity needs to continually prove its trustworthiness throughout every interaction.
Menlo Security starts with a clientless first approach, making it easier and more elegant for the IT staff to implement globally. Menlo then provides a single place to create and manage those Zero Trust policies – allowing you to set once and apply globally across applications, users, devices and data.
Menlo is also built on an Isolation Core™. Everything goes through this abstracted layer in the cloud, giving administrators unparalleled visibility and control into security without impacting the native user experience.
To talk to a Menlo Security expert, please complete the form.