What is Menlo Security?
Menlo Security is a web security vendor providing secure, cloud-based internet isolation. Founded in 2013, in Palo Alto California, Menlo has taken a ‘Zero-Trust’ approach to web security and have built a platform that aims to eliminate 100% of web and email threats.
One of their core approaches to email and web security is that simply detecting threats is not enough, but that threats must be isolated, away from endpoints and business networks, to eliminate web malware, phishing and reduce credential theft.
Menlo Security argues that the traditional model of detecting threats, in order to block them, is flawed. Due to the sheer number of threats, they argue that no one solution is able to identify and block all of the web based security threats, when hundreds of thousands of new attacks are being launched on a daily basis.
To deal with this issue, Menlo Security has developed a platform which isolates all of your users web browsing on a remote server. By isolating all web content in these secure browsers, Menlo can prevent attacks from ever reaching your users devices.
This can totally eliminate malware infections, and their customers report over 95% declines in successful data breaches. Menlo is now used by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. It has been recognised by industry bodies such as Gartner, who named it a ‘Visionary’ vendor in their 2018 Magic Quadrant for Secure Web Gateways.
How Does Menlo Security Work?
Menlo Security isolates browsing activity away from end user’s devices and onto remote, cloud servers that they operate. This server is completely separate from the user’s endpoint and business networks, meaning they are fully protected from any threats the user may come across in a browsing session.
Menlo Security delivers Server-Side Browser Isolation. This means they deliver a remote browser to their users, which is hosted on a physically isolated server built to handle cyber risks. This means there is an ‘air-gap’ between the network, and any online threats. This does not require any additional clients or software to be installed.
The core of Menlo Security’s Browser Isolation is their Adaptive Clientless Rendering (ACR), which provides clientless browser isolation with a native user-experience.
How Adaptive Clientless Rendering Works
Utilizing ACR, the existing endpoint browser loads a safe transcoded version of the original page to users. It then relays inputs back to the original page with no latency, all over a secure HTTPS channel.
ACR provides a seamless transparent user experience, that provides complete safety for users. Using Document Object Model (DOM) Mirroring. This is the way in which Menlo is able to mirror the safe portions of the website to render to the user, while blocking any unsafe or malicious content.
Document applications such as Microsoft Office and PDF viewers are also susceptible to malicious content downloaded from the web or from email attachments. Menlo’s ACR technology also deals with these issues. When a user downloads a malicious document or file through their browser, ACR transcodes the document into a HTML-5 page, then loads this into the isolated browser. This means that users can still view the document, and it looks the same as it normally would, but any unsafe elements are kept fully isolated from the user and the endpoint.
Features Breakdown
Security Features
All web content is isolated from devices, stopping threats from phishing websites, such as viruses and ransomware. SWG detects and detonates malicious content. Prevents vulnerabilities in flash. Renders unsafe documents in read-only form. Isolated containers are wiped after every session.
Admin Controls
Admins can set policies that dictate what web traffic is isolated. Policies can be set per user, group, or file type. Admins create custom policies that allow specific users to access native documents. These documents go through a robust screening process for viruses and malware. Infected files are quarantined in a sandbox.
Onboarding
Menlo requires no additional client, agent, or browser plug-in. It integrates with most popular browsers. Highly scalable.
User Experience
Menlo uses its patented ACR technology to ensure a seamless user experience. Supports most major Browser Plug-Ins. No Latency to the User. Supports Copy, Paste and Print.
Benefits of Menlo Security
Reduction of Web-Based Threats
Menlo prevents the delivery of active code to the user’s local browser, which means it stops web-based infections from reaching the user itself. Isolating Browsing activity prevents ransomware and malvertising (malicious adverts) that infects large numbers of popular websites regularly.
Prevents Phishing Attacks
Menlo can help organizations mitigate the risks coming from phishing attacks. If a user were to click on a link to an unsafe website, the web page displayed would only show safe elements, to protect against any threats. Admins can also set the page to be ‘read-only’ which prevent users’ from inputting their personal details or passwords. Any documents attached to a phishing email, such as a ZIP file containing ransomware, would be safely rendered to users, isolating any threats.
Reduces Web Security Burden on Admins
Menlo’s isolation streamlines web security for admins. Their Isolation platform removes 97% of web traffic which comes from 3rd party sites that are delivered via JavaScript on the page requested by the user. This means that admins have far less web based alerts to review and enables admins to spend more time on other attack vectors.
Protects against Malicious Downloads
Menlo renders safe versions of downloaded documents to users, isolating them from any threats they may contain. Menlo’s ACR technology renders documents in much the same way that it renders web pages, with any vulnerabilities removed from the user. Users still access a rendered version of the document however, and can request to download the original file to their endpoint if they need to edit it. Using anti-virus scanning engines, Menlo will then determine if the original document is safe, helping to ensure users are always fully protected.
Provides a Seamless User Experience
Menlo Security provides a seamless user experience. Users experience no latency, can continue to use all their normal browser controls such as copy, paste and print, and can continue to consume web content as they normally would. Menlo helps to keep businesses productive without compromising security, as employees can access downloaded documents, even from unknown sources, without having to worry about malware or ransomware.
Affordable and Scalable
Menlo Security takes a ‘containerized’ approach to Browser Isolation. This is generally regarded as the most scalable, lightweight and affordable approach to browser isolation. It means that their remote servers only need to emulate the operating system and the browser to provide a rendered webpage to users, rather than needing to emulate the whole desktop and operating system, which has a far greater overhead.
Menlo Security Use Cases
Phishing Attacks
Sophisticated phishing and spear-phishing attacks coming via email are some of the biggest threats facing businesses today. Everybody uses email, and attackers know that this is a weak link in businesses’ security networks.
These attacks often fall through the gaps in security technologies because they don’t look malicious at first glance. Instead, they utilize social engineering to attempt to trick users into giving up their account information or make unauthorised payments. Alternatively, phishing attacks may contain malicious attachments, telling recipients it’s an important document they are required to open.
Menlo Security can help deal with both of these scenarios.
Malicious Attachments
Many phishing attacks distribute malicious email attachments. The attached file could be an Excel document, or a ZIP folder, which would deliver some malware or ransomware to the user’s device.
Menlo Security helps to protect users on Office 365 against this type of threat. When the folder or document is opened by the user, Menlo will scan the document with anti-virus systems. If the documents are malicious, Menlo will then block the user from being able to open these documents.
But the crucial aspect of Menlo Security is that if their anti-virus engines determine the document to be safe, users are able to open an isolated render of the document. This is important as because even if anti-virus engines don’t identify a threat, the document could still be malicious. This is because anti-virus engines often cannot spot zero-day threats, that have not been seen before.
Because the document can be immediately viewed 100% safely in isolation, users can view the document, without needing to worry about safety threats. Admins can also provide users with the ability to download a safe macro-free PDF version of the attachment, which removes any threats.
Malicious Email Links
Another common phishing attack is malicious email links. This email links may take the user to a phishing site, where credentials can be stolen, or malware can be downloaded.
Traditional email and web protection solutions struggle to deal with these threats, as they simply attempt to categorize the link as ‘good’ or ‘bad’ which can be difficult when there is no reputation data because the site is new.
Menlo Security can help deal with this issue, by opening all email links in isolation. By opening email links in safe isolation, all users are protected against any threats that may be contained, without blocking the users from accessing the site itself.
However, the site may be a convincing copy of a log-in page, for Office 365 for example. To stop users from accidentally giving away confidential information, admins can set a ‘read-only’ mode. This allows users to view the page but does not allow them to input any text or upload any files.
According to admin policies, if the user then determines the web page to be safe, they can request to turn off ‘read-only’ mode and visit an isolation version of the page which they can log-in to as normal.
Admins can set warnings on these pages, which helps to offer phishing awareness to ensure users are aware the page may be unsafe.
Expert Insight on Menlo Security
Menlo Security is one of the leading vendors in the Browser Isolation space. They provide comprehensive security to their customers, promising up to 99% reduction in the number of data breaches customers face.
Using Menlo Security as an end user, there is almost no difference to using the browser itself. Webpages load quickly, with dynamic content which updates in real time. There’s even a way to remove adverts, as advertising code can be removed from the webpages page you visit.
From an administration perspective, Menlo Security offers granular controls and policies. Admins can set policies for what downloads users can access from the internet, set ‘’Read-Only” modes on specific pages and control what types of pages different groups of users can access. The service is very easy to set up and can be as fast as two hours to get deployed. It’s also highly scalable for growing businesses.
A key feature is the phishing protection. Phishing is one of the major threats all of our readers have issues with. With Menlo, users can get comprehensive protection against phishing attacks, without being blocked from opening files.
Menlo is reasonably priced – it’s a good solution for smaller and midsized companies but offers enterprise level protection from threats. The solution works very well with a Secure Email Gateway such as Proofpoint. Using these solutions together would provide businesses with comprehensive protection against email threats such as spam and phishing, while also protecting against browser and web based threats.
