How Menlo Security protects organisations from cyberattacks

We take a look at Menlo Security and how it aims to provide cyber protection across different enterprises to eliminate the threat of malware

Founded in 2013, Menlo Security is a leader in cloud security, protecting organisations from cyberattacks by eliminating the threat of malware from the web, documents, and email. 

Menlo Security’s cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. 

Headquartered in California, the company is trusted by global businesses, including Fortune 500 companies and eight of the ten largest global financial services institutions, and is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. 

Increasing concerns around cyber security 

Today, security continues to be a top concern for organisations of all sizes in all industries as hybrid-remote work becomes the new normal. Growing concerns around cybersecurity and critical data loss coupled with the need for protection from increasingly sophisticated cyber threats are expected to fuel further market growth.

Despite the growing risks, less than a third (27%) of organisations have advanced threat protection in place on every endpoint device that can access corporate applications and resources. This is according to new research, ‘The state of threat prevention: evasive threats take center stage,’ published today by Menlo Security.

The company recently identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks. 

Exploiting gaps in traditional security defences

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. 

The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

“Threat actors seek to exploit gaps in traditional security defences and the fact that security capabilities haven’t really changed over the past decade. One of the areas of focus for attackers is using web threats, and we’re seeing more and more of them successfully deployed using HEAT techniques. Last year, we saw Nobelium use HTML smuggling, a HEAT tactic to avoid static and dynamic content analysis, to deliver malware and ransomware attacks. The fact that these are successful means their usage will increase, which could have devastating consequences for companies of all sizes,” explains Mark Guntrip, senior director of cybersecurity strategy, Menlo Security.

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI