Menlo Security today announced enhancements to Menlo Zero Trust Access, the company’s Zero Trust solution. Simultaneously, the Menlo team released new findings as a follow up to the team’s recently released Global Cyber Gangs Threat Report, revealing new, evasive threat tactics targeting the browser.
In a recent 90-day period, Menlo Security identified three sophisticated HEAT campaigns targeting 40,000 high-value users, including C-suite executives. These campaigns employed highly sophisticated and evasive attacks, emphasizing the urgent need for Zero Trust solutions that go beyond what traditional security tooling can detect.
“Enterprises are moving away from complex and limited Zero Trust Network Architectures. These approaches are limited to controlled and managed infrastructure or they require expensive cloud-network services, network redesigns or a firewall refresh,” said Pejman Roshan, Chief Marketing Officer at Menlo Security. “In contrast, cloud-driven, browser focused, Zero Trust Access can be deployed in a matter of hours. Powered by the Secure Cloud Browser, and enabled by the Menlo Secure Enterprise Browser solution, Menlo Zero Trust Access makes it easy to implement Zero Trust and demonstrate compliance with Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model version 2.0. Enterprises can provide access to applications while hiding them from the internet and without expensive routing changes and endless ‘roll-out’ projects.”
The enhancements to Menlo Zero Trust Access provide a comprehensive approach to safeguarding enterprise browsing and addressing critical aspects of zero trust. Menlo Zero Trust Access supports application visibility and control, SaaS governance and URL content filtering. As organizations seek enhanced protection and work to replace legacy SWGs or Cloud Access Security Brokers (CASB), Menlo Zero Trust Access delivers enhanced protection and ease of use for both administrators and end users, while enabling hybrid work.
New capabilities include:
- Enhanced support for Apple Ecosystem: Menlo has delivered a Safari Extension, which is available now in the App Store, the marketplace for iOS, iPadOS, and macOS. In addition to enhancing the Secure Enterprise Browser solution and Zero Trust Access for Apple mobile, endpoint posture checks are supported on macOS for secure internet and enterprise application access.
- Multi Cloud App Connectors: In addition to ongoing collaboration with Google Cloud and delivering support for GCP Application Connectors, Menlo has increased multi-cloud support and has announced support for applications hosted on Microsoft Azure. In addition to this public cloud support, private cloud and on-premises support has been enhanced with support for Microsoft Hyper-V. (Amazon AWS and VMware vSphere have existing support.)
- Secure Application Access Monitoring Dashboard and Insights: As Zero Trust Access deployments scale beyond Virtual Desktop Infrastructure (VDI) transformation and remote access VPN replacements, enterprises require deeper visibility. Secure Application Access Monitoring Dashboard and Insights provide centralized reporting and intelligence into users accessing the enterprise applications, top applications being accessed, users doing uploads and downloads, DLP policies triggers, source geo, and the health of connectors.
In parallel with these new capabilities, the Menlo Labs Threat Research Team exposed and stopped a sophisticated Open-Redirect phishing scheme and has published a follow up report on this example of a Living Off Trusted Sites (LOTS) attack. The attack directs users to verify information in their Amazon account. The initial threat vector is an alert within Google Drawings, a trusted site that will pass through most filters and which is generally allowed to run scripts within a local browser.
The URL for a “Continue to Verification” page is obfuscated using a WhatsApp URL shortener. The shortener does not issue a redirect warning to users and sends the unsuspecting target to a further obscured URL using yet another URL shortener. The open and nested redirection combine to effectively evade traditional security tools. Targets are then presented with an Amazon sign-in page that is a phishing attempt. The fraudulent Amazon page then gathers extensive personal information over several steps, collecting victim data at every step of the process.
“These latest additions extend Menlo’s leadership and the applicability in Zero Trust that has recently been validated by GigaOm and by Coalfire,” said Nick Edwards, Vice President of Product Management at Menlo Security. “Organizations trust Coalfire’s independence and frankness. Their report indicates that the Secure Enterprise Browser Solution solves Zero Trust challenges and extends beyond Zero Trust Access. I am pleased that we have advanced our capabilities and are demonstrating a broader reach towards data protection and network separation, while keeping cyber gangs away from our customers' browsers, endpoints, and networks.”
Menlo HEAT Shield detected and blocked this zero-hour threat, using AI-based security tools that analyze dynamic web content in near real-time. To learn more about this new tactic read the Black Hat Follow Up Report to the 2024 Global Cyber Gangs Threat Report.
To see demonstrations of the Menlo Secure Enterprise Browser or Menlo Zero Trust Access, visit Menlo Security at Black Hat, where they are exhibiting with Google at Booth #1860.