How Menlo Security protects organisations from cyberattacks
Founded in 2013, Menlo Security is a leader in cloud security, protecting organisations from cyberattacks by eliminating the threat of malware from the web, documents, and email.
Menlo Security’s cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience.
Headquartered in California, the company is trusted by global businesses, including Fortune 500 companies and eight of the ten largest global financial services institutions, and is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase.
Increasing concerns around cyber security
Today, security continues to be a top concern for organisations of all sizes in all industries as hybrid-remote work becomes the new normal. Growing concerns around cybersecurity and critical data loss coupled with the need for protection from increasingly sophisticated cyber threats are expected to fuel further market growth.
Despite the growing risks, less than a third (27%) of organisations have advanced threat protection in place on every endpoint device that can access corporate applications and resources. This is according to new research, ‘The state of threat prevention: evasive threats take center stage,’ published today by Menlo Security.
The company recently identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks.
Exploiting gaps in traditional security defences
As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months.
The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.
“Threat actors seek to exploit gaps in traditional security defences and the fact that security capabilities haven’t really changed over the past decade. One of the areas of focus for attackers is using web threats, and we’re seeing more and more of them successfully deployed using HEAT techniques. Last year, we saw Nobelium use HTML smuggling, a HEAT tactic to avoid static and dynamic content analysis, to deliver malware and ransomware attacks. The fact that these are successful means their usage will increase, which could have devastating consequences for companies of all sizes,” explains Mark Guntrip, senior director of cybersecurity strategy, Menlo Security.