Staying up to date on the latest security threats and trends is paramount. It's not just a responsibility but a strategic imperative for security leaders in safeguarding their organization's digital assets and reputation.
That's why we sat down with Poornima DeBolle, Co-founder & Chief Product Officer, Menlo Security, to discuss the very latest in browser and highly evasive threats, as well as how Menlo Security is utilizing AI to help protect networks.
What are you hearing from global CISOs about threat trends and key concerns?
We are hearing about three trends consistently across the globe.
First, is the continued threat of ransomware by targeting the browser. With the adoption of SaaS and modernization of enterprise applications, users are spending 75%+ of their time in the browser making it the most attacked application in the enterprise – accounting for more than 80% of the attacks in 2022. The good news is that CISOs are finally looking to secure the browser and user rather than play catch-up in the network.
Second, a surprising trend that substantiates a recent World Economic Forum Global Cybersecurity Outlook report is that for the first time, business leaders and CISOs agree that new cyber and privacy regulations are improving the security posture of enterprises. Singapore, Japan, and South Korea have mandated Internet Separation/Airgap for certain industries and they have seen a big reduction in risk from the browser.
Third, the risks of adopting AI and the competitive disadvantage of not using AI is a tightrope that all CISOs are walking. We are engaged in discussions with many of our customers on how to empower users to use AI at the same time protect the enterprise data.
Why is the browser such an open vector for threats/attacks?
We have come a long way from Netscape’s Mosaic to the browsers of today, which are powerful applications that deliver complex services. This growth in browser capabilities has rendered many of the legacy network security solutions incapable of identifying the threats targeted at the browser. A secure web gateway or a next generation firewall (NGFW) has no identifying files that use HTML Smuggling because the file is composited in the browser using JavaScript. Many ransomwares and banking trojans are using this technique to bypass existing security layers. Menlo Security has identified a number of techniques, called highly evasive threats, that target the browser and evade detection.
Menlo Security recently announced the industry’s first suite of threat prevention capabilities that thwart attacks from infiltrating enterprise networks and provide rich, actionable intelligence to mitigate highly evasive threats, shining a light on threats that are designed to evade detection.
What dangers do highly evasive threats present?
Highly evasive threats have reverse engineered the existing security stack and use specific techniques to circumvent them. Typically, they use multiple techniques to ensure they bypass all the security layers. For example, a recent attack we saw at a large government customer started with SEO poisoning, ensuring an often searched for document about a ceremony protocol was one of the top three links in a Google search. When the user clicked on the link, the attack delivered a password protected file from a compromised website that the user was allowed to access based on URL reputation. The secure web gateway or NGFW allowed the user to connect to the website and could not inspect the password protected file on the network – the combination of three evasive techniques easily delivered the first file of the attack to the endpoint.
The main reason we continue to see successful ransomware attacks in the headlines is because existing tools are too static and have not evolved to protect the work environment of today.
Please share more about Menlo Security HEAT Shield and HEAT Visibility, which you just announced.
Menlo Security HEAT Shield and HEAT Visibility are built on Menlo Security’s cloud-based Isolation Core which monitors and analyzes more than 400 billion web sessions annually. Commonly deployed security infrastructure such as secure web gateways, firewalls, endpoint security and EDR solutions are blind to actions occurring inside the browser and fall short in combating web-based attacks including highly evasive threats.
Menlo Security HEAT Shield detects and blocks phishing attacks before they can infiltrate the enterprise network. It uses AI-based techniques – including computer vision combined with URL risk scoring and analysis of the web page elements – to accurately determine in real time if the link being accessed is a phishing site designed to steal the user’s credentials. In parallel, HEAT Visibility performs continual analysis of web traffic and applies AI/ML-powered classifiers that identify the presence of highly evasive attacks. This delivers timely, actionable alerts that enable security teams to significantly reduce mean time to detect (MTTD) and mean time to respond (MTTR) to any highly evasive threats that could be targeting enterprise users.
While Menlo Security is relying on AI to help protect the network, I imagine the same can be said for bad actors and the use of AI for nefarious reasons. Will the rise of AI adoption worsen these types of threats?
Yes, we have already seen AI being used in both phishing and ransomware attacks. All of us have been to anti-phishing training that points to badly formatted emails with spelling mistakes as one of the indicators of a phishing email. With AI, phishing emails can be more believable and can be delivered in multiple languages with minimal effort, so we will see an increase in AI-powered phishing attacks. On the ransomware side, again, the barrier to entry has been lowered. While sophisticated ransomware might have needed skilled programmers in the past, AI-generated code can reduce the time to market for programmers of all skill levels and capabilities.
Menlo Security’s own research has found that a user is only three to seven clicks away from malware online. With AI-generated content and code, we are expecting a big uptick in the volume of attacks even if all of them are not successful. ###