Menlo turns up the HEAT on web browser attacks with new threat prevention suite

Menlo Security has announced the release of HEAT Shield and HEAT Visibility, a new suite of threat prevention products designed to tackle web browser attacks. Generally available now across Menlo Security's global network, HEAT Shield and HEAT Visibility prevent attacks from infiltrating enterprise networks and provide actionable intelligence to help mitigate threats, according to the vendor. Both use AI/machine learning (ML) technology and are built upon Menlo Security's cloud-based Isolation Core, which monitors and analyzes over 400 billion web sessions annually, the firm said.

Web browsers prime attack targets

Evasive threats are growing as threat actors evolve how they deploy phishing and malware attacks, targeting users via web browsers. The traditional approach for web security has focused on the server side of the equation, deploying things such as web application firewalls (WAFs) for the purpose. Commonly deployed security infrastructure can be blind to actions occurring inside the browser and fall short in combating web-based attacks. Attackers have spotted that while the front door has been bolted, there's a window round the back that's been left open, and so are finding ways of exploiting that weakness. Hybrid work models and the shift to SaaS/web-based applications have made browsers a prime target for attackers who use malicious websites and file downloads to breach organizations.

Findings from the Q1 2023 Watchguard Internet Security Report show phishers leveraging novel browser-based social engineering strategies to carry out attacks. Watchguard detected several common malicious domains using a web browser's notification features to do the same social engineering techniques that had once been done via pop-ups. The firm theorized that this is because browsers' relatively new notification capabilities don't have the same protections in place as for pop-ups.

HEAT Shield detects, blocks attacks before they infiltrate enterprise networks

HEAT Shield is built to detect and block phishing attacks before they can infiltrate the enterprise network, Menlo said in a press release. It uses AI-based techniques - including computer vision combined with URL risk scoring and analysis of the web page elements - to determine if a link being accessed is a phishing site designed to steal a user's credentials, according to the vendor. It also leverages Menlo's Isolation Core to power dynamic security policies which can be applied to users based on web session events and behavior to prevent attackers from gaining access to the endpoint.

HEAT Visibility analyzes web traffic to identify evasive attacks

In parallel, HEAT Visibility performs continual analysis of web traffic and applies AI/ML-powered classifiers that identify the presence of evasive attacks. This delivers actionable alerts that enable security teams to reduce mean time to detect (MTTD) and mean time to respond (MTTR) to threats that could be targeting enterprise users, Menlo said.

A HEAT attack dashboard then allows customers to receive detailed threat intelligence, which can be integrated into their existing SIEM or SOC platforms, while HEAT alerts sent to SOC teams provide threat visibility to enrich threat intelligence sources and enhance/accelerate incident response capabilities, it added.

The web browser is the new desktop

Web browser attacks are a significant threat for modern organizations for a host of reasons, Poornima DeBolle, chief product officer and co-founder, Menlo, tells CSO. "With the growth of cloud apps, the browser is the new desktop, with users spending an average of 75% of their workday using the web browser." 

Given the power embedded within the browser (script execution etc.), it's a tool that threat actors can exploit to maximize the success of their attack campaigns, DeBolle says. "Web content is also an advantage to threat actors as they can use tools such as obfuscation and even CAPTCHA to prevent security solutions from analyzing the content and identifying it as malicious. They unveil the real intent only once it is inside the browser on an endpoint at which time it's too late."