With the deployment of software-as-a-service tools, like Workday and Salesforce to name a few, workers are now spending more time than ever before completing tasks in the browser.
Coupled with the growing complexity of how web browsers display information, there are a number of vulnerabilities for threat actors to exploit.
“If you look at the browsers themselves, in 2022 Google Chrome released seven zero-day exploits,” Poornima DeBolle, Co-Founder and Chief Product Officer, Menlo Security, told Infosecurity. She noted that in 2023 Google has already released three zero day exploits.
DeBolle highlighted how email and browsers are the two vectors kept open so you can “interact with the world.” Unfortunately, this makes them highly sought-after targets for cyber-criminals.
To this end, she noted that Menlo Security has observed a severe rise in Highly Evasive Adaptive Threat (HEAT) techniques, which seek to circumnavigate defenses like firewalls.
Menlo Security notes that commonly deployed security infrastructure such as Secure Web Gateways, firewalls, endpoint security and EDR solutions are blind to actions occurring inside the browser and fall short in combating web-based attacks including highly evasive threats.
AI is also playing a part in allowing threat actors to be more accurate with their phishing attempts targeting emails. However, DeBolle said she is skeptical that AI is helping threat actors to write malicious code.
“You can’t automatically say, ‘generate me malware’, and it's going to be able to do it. You have to do it step by step,” she said.
AI-Powered Solutions
Against this backdrop of security issues for browsers, Menlo security recently released information about its AI-powered browser security tools, Menlo Security HEAT Shield and HEAT Visibility. These tools are built on Menlo Security’s cloud-based Isolation Core, which monitors and analyzes over 400 billion web sessions annually.
“We use AI because we have billions of sessions that we process on a regular basis,” DeBolle explained. The company goes beyond simply “crawling the web” to gather its information, including analyzing billions of websites using JavaScript to inform its prevention techniques within its platform.
Menlo Security described its new solutions as able to “blocks phishing attacks before they can infiltrate the enterprise network.”
DeBolle explained that one new technology that has been added is the ability to detect company logos on suspicious URLs. This logo detection capability has been developed over the past two years using the company’s computer vision algorithms.
“We use a combination of analyzing the URL characteristics, the presence of a logo on a URL that shouldn't have a certain logo and an input field. When we put all of those three things together, we have in all of our labs and customer testing shown 100% efficacy in blocking that as a phishing attack and that is the power of the isolation platform,” DeBolle explained.
Speaking about the solution, Sir Jonathan Pineda, Chief Information Security Officer GSIS (APAC), Menlo Security, said: “The solution prevents all web and email security threats before they enter our network. The main difference with the on-premise proxy was that we were heavily dependent on signatures, web categorization, and filtering. We have seen a decrease in the number of security alerts that our security ops team has to follow up on. “
The HEAT Visibility solution is new and enables Menlo’s customers to view what is happening on the isolation platform.
“HEAT Visibility is taking all of the information we have in the isolation platform and providing that back to the customer. Not only as proof of how positive the protection from, but also for them to be able to follow the breadcrumbs and learn,” she added, noting that companies benefit from knowing if sophisticated attacks are coming towards them so they can better protect themselves.
Image credit: Tada Images / Shutterstock.com