Mar 27, 2024The Hacker NewsData Protection / Browser Security

As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance.

However, a new report: “Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise” (Download here), challenges SASE’s ability to deliver comprehensive security against web-borne cyber threats on its own. From phishing attacks to malicious extensions and account takeovers, traditional network traffic analysis and security falls short. The report sheds light on these limitations and introduces the role of secure browser extensions as an essential component in a comprehensive security strategy.

SASE Advantages and Limitations

SASE takes on a dual role in addressing both infrastructure and security. However, while SASE offers clear advantages in security, it may not entirely cover the expanse of the web-borne threat landscape. SWG, CASB, and NGFW are not a silver bullet to all the security needs of the SaaS-first organization, even when they are packaged as SASE.

The modern threat landscape is shaped by the centrality of the browser as a main working space. These new threats leverage the browser as a bridge between the device and organizational resources and aim to gain malicious access to the organization through phishing, malicious extensions, and account takeover, to name a few. While SASE is designed to protect the perimeter from threats that attempt to enter it, this new threat landscape relies on traffic from the browser to a SaaS app or website, which SASE does not entirely cover.

Bridging the Gap with Secure Browser Extensions

Secure browser extensions complement SASE’s network security measures. Through deep session analysis and proactive threat prevention, these extensions provide granular visibility and real-time protection against sophisticated web-borne threats, effectively addressing the gaps left by SASE.

SASE vs. Secure Browser Extensions: 3 Use Cases

How do the differences between SASE and secure browser extensions play out when it comes to actual threats? The report provides three use cases.

1. Phishing

• SASE limitations: SASE’s NGFW or SWG lacks visibility into the actual session, leaving it to rely on known malicious addresses or emulate the session in a virtual environment. As a result, SASE misses ~60% of malicious web pages. It also is unable to detect pages that disable their phishing activity when executed in a virtual environment.
• The solution: A secure browser extension provides granular visibility into the live session, enabling the tracking of malicious components in the phishing web page and disabling them in real time.

2. Malicious Extensions

• SASE limitations: SASE’s NGFW or SWG lacks the ability to detect and block outbound traffic generated by any malicious extensions.
• The solution: The secure browser extension provides visibility into the browser and detects and disables all extensions that introduce a data exfiltration risk.

3. Account Takeover

• SASE limitations: SASE’s CASB lacks visibility into complex, modern web apps and depends on the app’s API, limiting protection to sanctioned apps.
• The solution: The secure browser extension integrates with the organizational identity provider and acts as an additional authentication factor. Access is possible only from a browser that has the extension.

With SaaS app usage becoming dominant, the more important the role of the browser becomes – and the threat landscape it encounters will increase. Can organizations ignore the risks that derive from the modern browser? According to LayerX, network security is insufficient on its own, and they call for complementary measures that can address SASE’s gaps.

To read more about how to gain real-time protection against this evolving risk with a secure browser extension, read the entire report.

SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors.

Recently, Adaptive Shield commissioned a Total Economic Impact (TEI) study conducted by Forrester Consulting. The study demonstrates the impactful ROI achieved by a multimedia company with an annual revenue of $10 billion. While the quantitative ROI is significant, at 201%, the qualitative security ROI improvements were substantial.

Figure 1: Summary of the TEI Study

In this article, we’ll examine the study’s findings of how Adaptive Shield’s SaaS Security Posture Management (SSPM) platform impacted this global enterprise.

Learn how a $10B media firm dramatically improved their security posture with SSPM

The Organization’s Top SaaS Challenges

In interviews with Forrester Consulting, the organization being studied pointed out several key challenges that were facing in their SaaS stack leading up to 2022.

1. The organization acknowledged that they lacked the knowledge and skill to manage the applications. They didn’t understand many of the unique configurations or the impact they had on security or compliance, which left them unaware of the risks or mitigations that needed to happen.
2. The organization had experienced an increase in SaaS adoption across IT, HR, sales, marketing, and other departments. They recognized that sensitive assets and valuable data were moving into SaaS applications and being spread out in a way that the security team could no longer supervise all its comings and goings. In addition, they needed to foster collaboration between the app owners, who control the applications, and security teams that are tasked with securing them.
3. They were also dealing with increased complexity caused by their Merger & Acquisition (M&A) activity. Each M&A increased the number of applications that they needed to manage, many of which were geographically-distributed tenants that could not be easily combined with existing tenants of the app.

The organization began looking for a solution that could alleviate the SaaS misconfigurations that they were dealing with at scale. They needed a platform that would integrate with multiple business applications, mitigate communication issues between the app owners and security teams, and help them maintain regulatory compliance in their SaaS stack.

They were impressed with Adaptive Shield’s platform which not only demonstrated the widest coverage of supported applications but also found configuration issues during the proof of concept phase. In 2022, Adaptive Shield was selected and deployed to secure the organization’s stack.

Security Benefits Adaptive Shield Introduced to the Organization

Forrester Consulting found that Adaptive Shield enabled the security team to “gain complete control and increased visibility of the security posture of all business-critical applications.”

Increased SaaS Security Posture

The security team had dealt with six security issues stemming from misconfigurations and low-security posture in the past. However, the organization saw posture improvements beginning with the POC. They “realized substantial improvement in its security posture score through visibility, remediation guidance, and ongoing monitoring” while experiencing a 30% increase in posture.

Improved Collaboration

Forrester Consulting also found evidence of increased collaboration between security teams and app owners. They noted that business owners are critical players in securing applications, as they have “the key to the kingdom,” but they lacked the security expertise needed to secure their ecosystem. Deploying Adaptive Shield helped bridge that gap and foster collaboration between the app owners and security teams.

Many Other Security Benefits

While some security benefits were quantifiable by the Forrester Consulting team, they were unable to place a dollar value on everything offered by Adaptive Shield. For example, Forrester Consulting found that the automated processes within the Adaptive Shield platform allowed security teams to focus on security management rather than conduct interviews with app owners about their configurations. It also helped the organization overcome challenges introduced by the democratization of SaaS security. It helped the organization achieve continuous compliance, avoiding any interruptions to business operations, and staying ahead of any SaaS security trends.

Find out how an SSPM can deliver impressive ROI and security benefits

Why Economic Benefits Indicated a 201% ROI

The Total Economic Impact study measured the return on investment experienced by the organization that was interviewed. To quantify these findings, Forrester Consulting first calculated the value of an improved SaaS Security posture. They factored in the number of breaches that had taken place before Adaptive Shield was deployed and projected the number of breaches over three years. Their calculations included diminished productivity, impacted business and security users, and salary data. Their three-year present value estimate of an improved SaaS Security posture was $1.49M.

Figure 2: Breakdown of ROI by Category

Next, Forrester Consulting reviewed operational efficiency achieved through the Adaptive Shield’s SSPM platform. They factored in the number of applications being monitored, hourly wages, and the cost of securing SaaS applications with and without an automated solution. Their estimated three-year present value of savings was $397K.

Forrester Consulting then turned its attention to compliance. They calculated improvements in efficiency based on the time it takes organizations to review their applications and ensure compliance with the different standards. Their three-year present value was worth $260K.

Improved collaboration between security teams and business app owners added another 32K in savings over three years at present value. While the study noted other areas of ROI, it wasn’t able to quantify them.

The total benefits over three years (at present value) totaled $2.18M. The total licensing and deployment costs over those three years, at present value, was $723,866. Payback was reached in less than six months, and the ROI over the three-year time frame was 201%.

A Push Toward SaaS Security

Today, organizations are increasing the volume and value of data stored in the cloud. Modern SaaS apps contain highly sensitive data, including PII, intellectual property, and third-party confidential information. Protecting this data is paramount, and the only realistic way to secure it is through a SaaS Security Posture Management (SSPM) tool.

Organizations understand the need to secure their SaaS stack. At the same time, they need to justify the cost of adding new security tools. By demonstrating significant, measurable ROI, organizations can finally make the case for implementing an SSPM solution.

For the full TEI study, click here.

Note: This article has been expertly written by Maor Bin, CEO and co-founder of Adaptive Shield.

Jan 25, 2024NewsroomCyber Attack / Data Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.

“The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said in a regulatory filing with the U.S. Securities and Exchange Commission (SEC).

The intrusion has been attributed to the Russian state-sponsored group known as APT29, and which is also tracked under the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.

The disclosure arrives days after Microsoft implicated the same threat actor to the breach of its corporate systems in late November 2023 to steal emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments.

HPE said it was notified of the incident on December 12, 2023, meaning that the threat actors persisted within its network undetected for more than six months.

It also noted that attack is likely connected to a prior security event, also attributed to APT29, which involved unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023. It was alerted of the malicious activity in June 2023.

HPE, however, emphasized that the incident has not had any material impact on its operations to date. The company did not disclose the scale of the attack and the exact email information that was accessed.

APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been behind some high-profile hacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.

Jan 02, 2024The Hacker NewsBrowser Security / Threat Protection

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built enterprise browsers as the answer to the browser’s security challenges.

However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria.

LayerX, the User-First Enterprise Browser Extension, is addressing security teams’ need with the downable Enterprise Browser Buyer’s Guide, which guides its readers through the essentials of choosing the best solution and provides them with an actionable checklist to use during the evaluation process.

The Browser is The Most Important Work Interface and the Most Targeted Attack Surface

The browser has become the core workspace in the modern enterprise. On top of being the gateway to sanctioned SaaS apps and other non-corporate web destinations, the browser is the intersection point between cloud\web environments and physical or virtual endpoints. This makes the browser both a target for multiple types of attacks, as well as a potential source of unintentional data leakage.

Some of these attacks have been around for more than a decade, exploitation of browser vulnerabilities or drive-by download of malicious files, for example. Others have gained recent momentum alongside the steep rise in SaaS adoption, like social engineering users with phishing webpages. Yet others leverage the evolution in web page technology to launch sophisticated and hard-to-detect modifications and abuse of browser features to capture and exfiltrate sensitive data.

Browser Security 101 – What is It That We Need to Protect?

Browser security can be divided into two different groups: preventing unintended data exposure and protection against various types of malicious activity.

From the data protection aspect, an enterprise browser enforces policies that ensure sensitive corporate data is not shared or downloaded in an insecure manner from sanctioned apps, nor uploaded from managed devices to non-corporate web destinations.

From the threat protection aspect, an enterprise browser detects and prevents three types of attacks:

• Attacks that target the browser itself, with the purpose of compromising the host device or the data that resides within the browser application itself, such as cookies, passwords, and others.
• Attacks that utilize the browser via compromised credentials to access corporate data that resides in both sanctioned and unsanctioned SaaS applications.
• Attacks that leverage the modern web page as an attack vector to target user’s passwords, via a wide range of phishing methods or through malicious modification of browser features.

How to Choose the Right Solution

What should you focus on when choosing an enterprise browser solution for your environment? What are the practical implications of the differences between the various offerings? How should deployment methods, the solution’s architecture, or user privacy be weighed in the overall consideration? How should threats and risks be prioritized?

As we’ve said before – unlike with other security solutions, you can’t just ping one of your peers and ask what he or she is doing. Enterprise browsers are new, and the wisdom of the crowd is yet to be formed. In fact, there’s an excellent chance that your peers are now struggling with the very same questions you are.

The Definitive Enterprise Browser Buyer’s Guide – What it is and How to Use It

The buyer’s guide (download it here) breaks down the high-level ‘browser security’ headline to small and digestible chunks of the concrete needs that need to be solved. These are brought to the reader in five pillars – deployment, user experience, security functionalities and user privacy. For each pillar there is a short description of its browser context and a more detailed explanation of its capabilities.

The most significant pillar, in terms of scope, is of course, the security functionalities one, which is divided into five sub-sections. Since, in most cases, this pillar would be the initial driver to pursuing browser security platform in the first place it’s worth going over them in more detail:

Enterprise Browser Deep Dive

The need for an enterprise browser typically arises from one of the following:

• Attack Surface Management: Proactive reduction of the browser’s exposure to various types of threats, eliminating adversaries’ ability to carry them out.
• Zero Trust Access: Hardening the authentication requirements to ensure that the username and password were indeed provided by the legitimate user and were not compromised.
• SaaS Monitoring and Protection: 360° visibility into all users’ activity and data usage within sanctioned and unsanctioned apps, as well as other non-corporate web destinations, while safeguarding corporate data from compromise or loss.
• Protection Against Malicious Web Pages: Real-time detection and prevention of all the malicious tactics adversaries embed in the modern web page, including credential phishing, downloading of malicious files and data theft.
• Secure 3rd Party Access and BYOD: Enablement of secure access to corporate web resources from unmanaged devices of both the internal workforce as well as external contractors and service providers.

This list enables anyone to easily identify the objective for their enterprise browser search and find out the required capabilities for fulfilling it.

The Buyer’s Guide – A Straightforward Evaluation Shortcut

The most important and actionable part in the guide is the concluding checklist, which provides, for the first time, a concise summary of all the essential capabilities an enterprise browser should provide. This checklist makes the evaluation process easier than ever. All you have to do now is test the solutions you’ve shortlisted against it and see which one scores the highest. Once you have all of them lined up, you can make an informed decision based on the needs of your environment, as you understand them.

Download the Buyer’s Guide here.