Shauli Zacks
Updated on: February 20, 2024
In a recent interview with SafetyDetectives, Andrew Harding, VP Security Strategy at Menlo Security, discusses the company’s innovative solutions in browser security and the challenges posed by evolving cybersecurity threats. With a background in network security and cyber defense, Harding shares insights into Menlo Security’s mission-driven approach and highlights the recently launched Menlo Security Enterprise Browser Solution. He also addresses key trends identified by Menlo Labs Threat Research, emphasizing the increasing threat of browser-based phishing attacks and the impact of generative AI on organizational security.
Can you introduce yourself and your background in cybersecurity? What led you to join Menlo Security?
I have been working in network security and cyber defense for a while. I have been lucky enough to lead and be part of some excellent teams and help deliver dramatic innovations to enterprises. I worked on the leading SSL VPN and one of the biggest Wi-Fi products, which emerged as the security-focused system at a time when that was really needed. Later, I worked in data-center security on several products that have been popular, and I was involved with some high profile responses in Korea, the Middle East and Crimea. LinkedIn tells the whole story.
But my work history doesn’t share how much I love this segment of the industry: I have been on a mission to make Internet connectivity and mobility safe and ready for business since finishing school as a software engineer and product management leader. Menlo was the best place to continue that journey.
To be precise, I joined Menlo Security because I called a friend there to pitch a new idea and he said, “Dude, we’re doing that or we have it planned.” We just started talking from there. It’s exactly the domain where I want to work and the team I want to work with. The Menlo Security gang – “Menlovians” as we call ourselves – is mission driven. We believe that the Menlo innovations are well timed to expand beyond the most secure environments, such as the U.S. Department of Defense. It’s time to defend the broader enterprise landscape while also enabling a new, much simpler approach to remote and hybrid work. (That sounds like fun, right?)
What does Menlo Security do and how is it set apart from other browser security companies?
Today’s threats are slipping past what many consider to be the most comprehensive security tools. These Highly Evasive and Adaptive Threats (HEAT) are well-crafted, thought out, and have very high success rates. They exploit vulnerabilities in web browsers, using a variety of evasive techniques to get around detection-based security tools. Menlo Security protects organizations from these evasive cyberattacks by eliminating the threat of malware completely from the web, documents, and email. Traditional network and endpoint-based security solutions weren’t designed to protect against browser-based threats, making it a prime target for threat actors. The Menlo Security Secure Cloud Browser provides a scalable secure browsing experience for users, keeping all threats away from the endpoint. The Secure Cloud Browser delivers browser security to desktops and mobile work, protecting users, applications, and data. Menlo Security analyzes over 400 billion web sessions each year globally, and we’re trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions.
Can you talk about the recently launched Menlo Security Enterprise Browser Solution?
Yes, we recently unveiled the first cloud-delivered enterprise browser solution, building on trusted and proven elements of the Menlo Secure Cloud Browser. The Menlo Enterprise Browser Solution turns every browser into a secure enterprise browser, with end-to-end visibility and dynamic policy enforcement directly inside browser sessions and blocking zero-hour phishing, malware, and ransomware attacks. This new launch ushers in three brand new capabilities:
- Menlo Security Browser Posture Manager provides easy browser configuration assessment and instant attack surface analysis.
- Menlo Browser Extension and Menlo Security Client extends effortless zero-trust access to more users, devices, and applications, and supports unmanaged devices and adds a self-service deployment option.
- Menlo Security Last-Mile Data Protection goes beyond traditional DLP technology, applying protection in the cloud that extends copy-paste control, user-input limits, watermarking and data masking to the endpoint.
These new capabilities support easy browser policy management, protect users from phishing attacks and evasive malware, and enable safe and simple hybrid work and zero-trust access. By combining the
benefits of the Secure Cloud Browser and the new capabilities, the Menlo Enterprise Browser solution provides unparalleled protection against even the most advanced and evasive threats, no matter what browser users choose.
What challenges in the market led to this solution? How does it address the shortcomings of other browser security solutions?
Many employees spend 75% or more of their workday in a browser. However, most enterprises neglect browser policy management. There are thousands of settings and updates every two to four weeks. During 2023, 175 CVEs classified as high or critical were issued and over 125 new features were added to Chromium, the open-source web browser project that underpins over ninety-five percent of browsers. The work required to track configuration settings and feature additions and the lack of automated tooling has left a significant security gap within these enterprises. The first of the three new capabilities – the Menlo Browser Posture Manager – automates the process and enables administrators to define policies for browsers and deploy them instantly.
Traditional security approaches have run their course. The network contains this byzantine labyrinth of controls, and the endpoint is evermore hotly contested ground. With the Menlo Security Enterprise Browser Solution, we are bringing to market the industry’s first cloud-delivered solution that transforms any browser into a secure enterprise browser, adding the local browser into a layered security architecture.
What recent trends has the Menlo Labs Threat Research detected through its research into phishing and highly evasive threats?
In January, we released research that examined the state of browser security in 2023 and found that there was rapid growth of Highly Evasive Adaptive Threats (HEAT) targeting the browser. In particular, the Menlo Labs Threat Research Team detected a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first. And when specifically looking at attacks classified as evasive, the researchers observed a 206% increase. Evasive attacks utilize a range of techniques meant to evade traditional security controls and they’re increasing because cybercriminals are aware of how successful they are against traditional security tooling and detections. These tactics include SMS phishing (smishing), Adversary in the Middle (AITM) frameworks, image-based phishing, brand impersonation or Multi-Factor Authentication (MFA) bypass. To emphasize this point further, over a 30-day period, the Menlo Labs Threat Research team observed more than 11,000 zero-hour phishing attacks that exhibited no signature or digital breadcrumb, meaning no existing Secure Web Gateway (SWG) or endpoint tool could detect and block those attacks. The reality is that humans remain the weakest link in the cybersecurity chain, and cybercriminals have targeted the browser as the attack vector of choice to reap the rewards and steal as much sensitive data as possible.
How has the rise of generative AI in the workplace impacted organizations? What should they be doing to protect themselves?
In the last half of 2023, the market and nature of generative AI usage have transformed considerably, particularly in the workplace. The explosion of the hot new technology has opened a world of new risks and data privacy concerns, and companies must be aware of how these tools can potentially compromise or expose sensitive data. We launched research in February on the risks generative AI is posing to organizations and uncovered some interesting findings. In the last thirty days, over half (55%) of Data Loss Prevention events detected by our researchers included attempts to input personally identifiable information. With PII the most frequent instance of potential exposure and data loss, organizations must adopt comprehensive, group-level security policies to effectively eliminate the risk of data exposure on these sites. We also found an 80% increase in attempted file uploads to generative AI websites, and our researchers attribute this increase partly to the many AI platforms that have added file upload features within the past six months. Once users were introduced to it, however, they quickly took advantage, and while copy and paste attempts to generative AI sites decreased minimally, it’s still a frequent occurrence.
Another trend to highlight is that our team discovered a 26% increase in organizational security policies for generative AI sites. However, the majority are doing so on an application-by-application basis rather than by establishing policies across generative AI applications as a whole. The biggest risk with this approach is that organizations must either constantly update their application list or risk gaps in safeguards to the websites that employees are using. To back this up, our researchers found that while most traffic is directed towards the main six generative AI sites, when looking at generative AI as an entire category, file uploads are 70% higher, highlighting the unreliability of ensuring security policies on an application-by-application basis.