IT Brief UK - Technology news for CIOs & IT decision-makers
Story image
Exclusive: Menlo Security continues to lead in browser security
Fri, 25th Aug 2023

Menlo Security is a leader in browser security. Its patented Isolation-powered cloud security platform provides protection for enterprises of any size, anywhere, and on any device without requiring endpoint software or impacting the end-user experience.

The web browser is the favoured entry point for threat actors attempting to deliver phishing attacks and malware, as commonly deployed security has no visibility into activity occurring inside the browser. Menlo Security protects organisations all over the world against these highly evasive adaptive threats (HEAT). 

To learn more about what they do, TechDay spoke with Mark Guntrip, who is the Senior Director for Cybersecurity Strategy at Menlo Security.

Who is Menlo Security, and what do you do?

Menlo Security was founded in 2013 by Amir Ben-Afraim and Poornima DeBolle. The company is headquartered in Silicon Valley and operates in all major regions, including North America, EMEA, and Asia Pacific, with around 500 staff across the globe.

The company is well known for introducing Remote Browser Isolation (RBI) to the industry. However, over time, Menlo has migrated this capability to become its Elastic Isolation Core, which powers all of Menlo's browser security capabilities across web, email, SaaS applications and private applications. Menlo is responsible for monitoring and analysing over 400 billion web sessions annually.

The company is proud of the recent launch of its HEAT Shield and HEAT Visibility – the industry's first suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser. These threats are designed to evade detection by commonly deployed security but can be prevented with visibility and control inside the browser. Menlo's HEAT Attack Dashboard also allows customers to receive detailed threat intelligence and evasive threats that are targeting their end users.

"Menlo Security isolates more than four billion files annually for many of the largest and most security-conscious organisations around the world. Threat actors are refining their techniques daily, developing novel and innovative ways to target their victims through the web browser, often testing their attacks against commonly deployed security tools before launching them in the wild," says Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security.

"Armed with this knowledge and a decade of developing industry-leading browser security products, we are proud to be able to deliver the industry's first suite of threat prevention capabilities designed to detect and block HEAT attacks."

Does Menlo use artificial intelligence in its solutions?

HEAT Shield and HEAT Visibility are both powered by AI. HEAT Shield detects and blocks phishing attacks before they can infiltrate the network. It uses AI-based techniques – including computer vision combined with URL risk scoring and analysis of the web page elements – to accurately determine in real-time if the link being accessed is a phishing site. The output of this will then dynamically determine the security policy that is enforced, either allowing access, isolating the session to prevent malicious content, blocking input from the keyboard to prevent credential loss, or blocking the website completely.

HEAT Visibility performs continual analysis of web traffic and applies AI/ML-powered classifiers that identify the presence of highly evasive attacks. This delivers timely, actionable alerts to security teams, who can significantly reduce the time it takes to detect and respond to highly evasive threats.

Who are Menlo's customers, and does Menlo operate with partners?

While Menlo doesn't specialise in any particular sector, it has customers mainly operating in sectors that require the highest levels of security due to the nature of their business or the complexity of their operations. These include financial services, healthcare, government, manufacturing, and energy.

The key challenge for businesses is that phishing attacks, malware and ransomware continue to be a key concern even though they have invested in security. The key change in threat actor behaviour is the rapid adoption of highly evasive threats, which increase their likelihood of success as they are designed to avoid detection. 

While the challenge remains somewhat consistent, as phishing has been a top concern for companies for some time, the method of how it is being carried out has changed drastically. That's where Menlo Security can augment security capabilities to prevent these tactics and, therefore, the attacks they deliver.

One key change in the work environment is the shift to the web browser being used to access all web content and applications. This has become the main target for threat actors because it is where end users are working for the majority of their day, and it's the least secured enterprise application as most security solutions have no visibility into activity occurring inside the browser and therefore can't detect or stop these threats.

"Adversaries have placed a massive bullseye on the web browser. It has become the new desktop, where we spend the bulk of our working day. Legacy security vendors are fighting yesterday's war by trying to shoehorn network security and endpoint tools to keep users safe and it isn't working," adds Guntrip.

"The capabilities we have mark a significant leap forward towards our mission of creating a secure, seamless browsing experience, ensuring the internet can be used safely by our customers."

COVID-19 also led to a huge transition to remote and hybrid working. It changed the way Menlo worked with a focus on using the web browser as the doorway to all resources and applications for simplicity and to offer end users an experience that was familiar and easy to adopt. 

It also changed the way organisations implemented their security, shifting from on-premises to the cloud with great urgency in order to support remote workers. These two shifts match perfectly with the mission of Menlo Security. The company's elastic, scalable, cloud-based browser security platform prevents highly evasive threats on any device, any browser, anywhere.

Menlo is also a channel-focused business with a global network of distributors, resellers, systems integrators and MSSPs. This year, Menlo announced new initiatives to help drive international expansion and growth through its channel partners, including enhanced training and comprehensive go-to-market plans.