Menlo Security Unveils Enhancements to Zero Trust Access Solution, Advancing Secure Enterprise Browser Capabilities
2024年8月7日 - 9:30PM
ビジネスワイヤ(英語)
Enhancements launched in parallel with new
Menlo Security research that detected novel evasive cybercrime
tactics
Menlo Security, the pioneer in browser security, today announced
enhancements to Menlo Zero Trust Access, the company’s Zero Trust
solution, which keeps enterprises steps ahead of adversaries and
extends Menlo’s leadership in the Zero Trust arena. Simultaneously,
the Menlo team released new findings as a follow up to the team’s
recently released Global Cyber Gangs Threat Report, revealing new,
evasive threat tactics targeting the browser.
In a recent 90-day period, Menlo Security identified three
sophisticated HEAT campaigns targeting 40,000 high-value users,
including C-suite executives. These campaigns employed highly
sophisticated and evasive attacks, emphasizing the urgent need for
Zero Trust solutions that go beyond what traditional security
tooling can detect. Where legacy Secure Web Gateways (SWGs) and
traditional cloud networking Security Service Edges (SSEs) have
struggled to stop these Highly Evasive Adaptive Threats (HEAT), and
where SaaS governance has proven complicated and costly to deploy,
Menlo Security has once again made Zero Trust access easy to adopt
and deploy with these new enhancements.
“Enterprises are moving away from complex and limited Zero Trust
Network Architectures. These approaches are limited to controlled
and managed infrastructure or they require expensive cloud-network
services, network redesigns or a firewall refresh,” said Pejman
Roshan, Chief Marketing Officer at Menlo Security. “In contrast,
cloud-driven, browser focused, Zero Trust Access can be deployed in
a matter of hours. Powered by the Secure Cloud Browser, and enabled
by the Menlo Secure Enterprise Browser solution, Menlo Zero Trust
Access makes it easy to implement Zero Trust and demonstrate
compliance with Cybersecurity and Infrastructure Security Agency
(CISA) Zero Trust Maturity Model version 2.0. Enterprises can
provide access to applications while hiding them from the internet
and without expensive routing changes and endless ‘roll-out’
projects.”
The enhancements to Menlo Zero Trust Access provide a
comprehensive approach to safeguarding enterprise browsing and
addressing critical aspects of zero trust. Menlo Zero Trust Access
supports application visibility and control, SaaS governance and
URL content filtering. As organizations seek enhanced protection
and work to replace legacy SWGs or Cloud Access Security Brokers
(CASB), Menlo Zero Trust Access delivers enhanced protection and
ease of use for both administrators and end users, while enabling
hybrid work.
New capabilities include:
- Enhanced support for Apple Ecosystem: Menlo has
delivered a Safari Extension, which is available now in the App
Store, the marketplace for iOS, iPadOS, and macOS. In addition to
enhancing the Secure Enterprise Browser solution and Zero Trust
Access for Apple mobile, endpoint posture checks are supported on
macOS for secure internet and enterprise application access.
- Multi Cloud App Connectors: In addition to ongoing
collaboration with Google Cloud and delivering support for GCP
Application Connectors, Menlo has increased multi-cloud support and
has announced support for applications hosted on Microsoft Azure.
In addition to this public cloud support, private cloud and
on-premises support has been enhanced with support for Microsoft
Hyper-V. (Amazon AWS and VMware vSphere have existing
support.)
- Secure Application Access Monitoring Dashboard and
Insights: As Zero Trust Access deployments scale beyond Virtual
Desktop Infrastructure (VDI) transformation and remote access VPN
replacements, enterprises require deeper visibility. Secure
Application Access Monitoring Dashboard and Insights provide
centralized reporting and intelligence into users accessing the
enterprise applications, top applications being accessed, users
doing uploads and downloads, DLP policies triggers, source geo, and
the health of connectors.
In parallel with these new capabilities, the Menlo Labs Threat
Research Team exposed and stopped a sophisticated Open-Redirect
phishing scheme and has published a follow up report on this
example of a Living Off Trusted Sites (LOTS) attack. The attack
directs users to verify information in their Amazon account. The
initial threat vector is an alert within Google Drawings, a trusted
site that will pass through most filters and which is generally
allowed to run scripts within a local browser.
The URL for a “Continue to Verification” page is obfuscated
using a WhatsApp URL shortener. The shortener does not issue a
redirect warning to users and sends the unsuspecting target to a
further obscured URL using yet another URL shortener. The open and
nested redirection combine to effectively evade traditional
security tools. Targets are then presented with an Amazon sign-in
page that is a phishing attempt. The fraudulent Amazon page then
gathers extensive personal information over several steps,
collecting victim data at every step of the process.
“These latest additions extend Menlo’s leadership and the
applicability in Zero Trust that has recently been validated by
GigaOm and by Coalfire,” said Nick Edwards, Vice President of
Product Management at Menlo Security. “Organizations trust
Coalfire’s independence and frankness. Their report indicates that
the Secure Enterprise Browser Solution solves Zero Trust challenges
and extends beyond Zero Trust Access. I am pleased that we have
advanced our capabilities and are demonstrating a broader reach
towards data protection and network separation, while keeping cyber
gangs away from our customers' browsers, endpoints, and
networks.”
New tactics exposed by the Menlo Labs Threat Research team are
detected and blocked in real-time by the Menlo Secure Cloud Browser
and Menlo HEAT Shield, the first AI–powered phishing and ransomware
protection solution. Menlo HEAT Shield detected and blocked this
zero-hour threat, using AI-based security tools that analyze
dynamic web content in near real-time. To learn more about this new
tactic read the Black Hat Follow Up Report to the 2024 Global Cyber
Gangs Threat Report at:
www.menlosecurity.com/resources/decoding-a-google-drawings-and-whatsapp-open-redirection-phish-report
For more information on Menlo Security and Menlo Zero Trust
Access, visit:
- Cyber Gangs Follow up Blog
- Coalfire Applicability Guide
- Gigaom Zero Trust Radar
To see demonstrations of the Menlo Secure Enterprise Browser or
Menlo Zero Trust Access, visit Menlo Security at Black Hat, where
they are exhibiting with Google at Booth #1860.
About Menlo Security
Menlo Security protects organizations from cyber threats that
attack web browsers. Menlo Security’s patented Cloud-Browser
Security Platform scales to provide comprehensive protection across
enterprises of any size, without requiring endpoint software or
impacting the end user-experience. Menlo Security is trusted by
major global businesses, including Fortune 500 companies, eight of
the ten largest global financial services institutions, and large
governmental institutions. The company is backed by Vista Equity
Partners, Neuberger Berman, General Catalyst, American Express
Ventures, Ericsson Ventures, HSBC, and JPMorgan Chase. Menlo
Security is headquartered in Mountain View, California. For more
information, please visit www.menlosecurity.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240807735613/en/
Emily Ashley ICR-Lumina for Menlo Security
Menlo@luminapr.com