Dealing with phishing attacks from email is one of the
largest challenges facing security teams and systems analysts all over the
world. There is a plethora of different vendors and different technologies out
there that promise to be able to stop threats like phishing, ransomware and Business
Email Compromise coming from email. But the fact remains that most technologies
fail to stop phishing emails from making it into user inboxes.
Menlo Security offers protection against these threats with
Browser Isolation. They have developed a technology that they promise can
remove up to 99% of data breaches impacting an organization.
This article will cover why organizations are at risk from email attacks, what Browser Isolation is, and how Menlo Security can protect businesses against phishing.
Why are businesses at risk from phishing attacks?
In the last few years email has grown to be the most popular
and most lucrative attack vectors for cyber criminals, bad actors and hackers.
This is largely because email is so ubiquitous as a communications tool and
because technologies designed to protect businesses against email threats are
unable to stop them from reaching users’ inboxes.
Phishing attacks aim to trick users into clicking on a
malicious link or downloading a malicious file attachment. These attacks are
often highly targeted and are becoming more sophisticated, making it difficult
for even the most security conscious users to spot a phishing email from a
Email Security technologies find it difficult to detect
these threats because they often do not appear to be obviously malicious. Email
Security solutions typically utilize third party threat intelligence to
determine if email attachments or URLs are malicious. If the threat is a new
‘zero-day’ threat, which is not flagged by the filters, the email will be
delivered to email inboxes.
The risk from phishing attack have meant businesses have
needed to invest more heavily into more advanced email security solutions, and
into security training for their employees. This is crucial to meet compliance
regulations and help to protect data and employees.
However, Browser Isolation is a new security approach which
aims to help businesses deal with the threat of phishing attacks.
What is Isolation?
Isolation is a new approach to business security, which
moves away from a model of detecting cyber security threats and blocking them.
Instead, all web content is fully isolated on secure servers, and rendered to
users. This removes threats from malicious web pages, and file downloads from
reaching user’s devices and business networks. The main aim of Browser
Isolation is to provide complete protection against web based threats while
keeping a seamless user experience while browsing the web.
Isolation delivers a remote browser to their users, which is
hosted on a physically isolated server built to handle cyber risks. This means
that end users can continue to use the web without disruption, able to view
dynamic web pages as they normally would, and use controls such as copy, paste
and print. It normally does not require any endpoint clients or software to be
installed, is quick to deploy and is scalable.
Menlo Security provides an Isolation service. It renders dynamic web pages to users that isolate all web based threats including malware, viruses and ransomware. It also protects against malicious downloads, by giving users a fully safe rendered version of any web based downloads.
Get a Quote of Menlo Security
How can Menlo Security stop Phishing Attacks?
Menlo Security’s Isolation Platform can be deployed to
protect Office 365, Exchange and Gmail users against phishing attacks. By
integrating with existing mailboxes, such as Office 365, Menlo can prevent
harmful phishing attacks.
Menlo protects users against phishing attacks in two ways.
Email Link Isolation
With Menlo, all web content is isolated away from the user
device and executed in Menlo’s cloud isolation platform. This means that any
malicious links delivered within email are scanned and isolated, so that only safe
and authorized content are delivered to end users.
In addition, based on admin policies that have been set, URLs
that are classified as risky or unknown are opened in a ‘read-only’ mode, which
means that users cannot input any text on the page. This alleviates the threat
of credential theft, by stopping users from filling out forms on unsecure web
pages. Menlo also displays warnings on malicious web pages, which helps to
train users on what a phishing page looks like and helping them stop making a
similar mistake again.
Email Attachment Isolation
Menlo Security also enforces Document Isolation. This means
that when a user receives an email with an attachment, the document can be
viewed with 100% safety in Isolation, without disrupting the end user experience.
This helps to prevent any malware or ransomware infecting business networks
from email phishing attacks.
The document can be viewed as normal by users, but any threats
will be fully removed. Admins can also give users the ability to download a safe,
macro-free version of the document, which means users have no workflow
disruption without any threats being able to enter the business network.
You can learn more about how Menlo Security can prevent phishing attack by watching our interview with Menlo Security CTO Kowsik Gruswamy and CTO Young-Sae Song.
How Organizations Can Totally Eliminate Web and Email Based Threats – Menlo Security
Isolation provides businesses with an effective way to block
phishing attacks, by isolating threats within URLs and attachments. This is a
whole new approach to the phishing problem, moving away from the angle of
detecting threats, and towards a ‘zero-trust’ approach of using Isolation to
remove the threats entirely.
If you’re interested in reading more about the different Isolation vendors on the market, visit our Browser Isolation category.
If you’re interested in Menlo Security, you can get a quote
of the service from one of our specialists:
Get a Quote of Menlo Security
Looking to Solve a Phishing Problem?
Click to schedule a call today with an email security expert.
Schedule a Call