Today’s Threat Landscape

and Dynamic Internet

MENLO SECURITY 1
The Internet is constantly
evolving making it
NEXT-GEN SECURE WEB impossible to keep
blacklists and whitelists
GATEWAY updated while website
reputation history is limited
and inaccurate
SECURE WEB TRAFFIC AND ELIMINATE MALWARE
Users are falling prey to
2
Growing Sophistication and Volume of Threats in phishing, social media
attacks, credential theft, and
a Dynamic Internet other advanced web malware
attacks.
Now, more than ever, today’s business is conducted on the internet
especially with increasing adoption of mobile and cloud. However,
3 Safe, legitimate websites can
the internet is fraught with malicious content from fake login portals be hijacked with malware
to malware-infected sites that look legitimate. Virtually any website,
link or web advertisement can be used to deliver malware today, Legitimate looking URLs are
4
launching an attack on a user’s endpoint device that quickly spreads really spoofed
throughout your organization, infecting any device it can reach.

However, opening access to everything on the web or limiting access

to the internet is both counterproductive and stretches an already
overburdened IT support team. There is no simple way for security
professionals to differentiate safe content from malicious content--
putting the organization at risk while inhibiting the productivity of users.

Existing Solutions Not Keeping Pace with Cyber

Threats USE CASES
Traditional Secure Web Gateway (SWG) solutions give enterprise’s 1. Protect users from all malware
the ability to allow or block internet content based on policies but hosted on hijacked websites
how do you know what to block and what to allow? In addition, 2. Prevent users from entering
legacy SWG’s are based on detect and respond approach to security credentials or exposing personally
identifying only known threats and are not able to keep up with identifiable information (PII)
increasingly sophisticated cyberattacks. They rely on inaccurate risk on suspicious webforms by
data or signatures from threat intelligence databases or use behavior making risky sites read-only and
monitoring to detect anomalies resulting in false positives and negatives restricting uploads to prevent
and delayed detection. Dynamic and active content--which makes up the data loss
majority of commonly-visited sites today make it impossible to keep up.
3. Enforce a web access
Additionally, protecting the enterprise from today’s cybersecurity policy using a set of rules and
threats requires deep insights and context into threats and regulations by limiting and
vulnerabilities as well as user web and email behavior. Security analysts blocking access to inappropriate
and threat detection and response teams need to know exactly what or offensive content on the web
users were doing at the moment an attack occurs. However, visibility 4. Monitor user access to websites
into user behavior is difficult to come by if it exists at all. and documents on the Internet
and generate detailed reports
The existing approach to web security and malware prevention results that gives insights into threats,
in tools sprawl and overburdened security teams and is ineffective vulnerabilities and web activity for
and expensive. Web-based attacks are far too common and successful. improved security investigations,
Clearly, a new approach to security is needed. remediation and compliance

The answer? Menlo Security’s Next-Gen Secure Web Gateway that 5. Isolate ALL websites for all
allows you to block specific and isolate all other websites ensuring users without compromising
complete protection for web browsing. security, productivity or
performance
 MENLO SECURITY NEXT-GEN SECURE WEB GATEWAY
SECURE WEB TRAFFIC AND ELIMINATE MALWARE

Next-Gen Secure Web Gateway features and Benefits

Advanced Threat Protection with web User/Group Policy and Authentication

isolation
• Fine-tune policies for specific users or groups
• Web and document Isolation
• Integrates with SSO and IAM solutions with SAML
• Eliminate all malware, ransomware and emerging zero- support
day threats from web traffic and documents
• Integrates with Active Directory Federation services (ADFS)
• Eliminate false positives and false negative alerts
eliminating website re-categorization and re-imaging of
endpoints
Encrypted Traffic Management
• Intercept and inspect TLS/SSL encrypted web browsing
URL Filtering and Acceptable Use Policy (AUP) traffic
• Enable, isolate, block and restrict access to the web • Provisionable SSL inspection exemptions ensuring
using categorization and exception based policies privacy for certain categories of websites
• Control employee web browsing via granular policies • Expose hidden threats in encrypted sessions
(user, group, IP …)
• Document access controls including view only, safe
or original downloads specified with granular policies Data Loss Prevention (DLP)
based on file type
• Limit user interaction for specific categories of websites • Render websites in read-only mode
• Ability to block file uploads
• Integration with 3rd party DLP (both on-premise on cloud
Content and Malware Analysis based) maintains optimal visibility
• Limit user interaction on risky or specific categories of
• Integrated file analysis using file hash check, antivirus, websites like social sites
and sandboxing • Prevent data loss and credential theft
• Integration with existing 3rd party AV and sandboxing
solutions
• Inspect risky content and detect malicious behavior of all Cloud Access Security Broker (CASB)
original documents downloaded
• Deep visibility and control of Cloud and SaaS application
traffic to protect information and ensure compliance
Logging, Analytics and Reporting • Integration with 3rd party CASB solutions (both on-
premise and cloud-based)
• Gain visibility and insights into users browsing behavior
and threat activity including threats mitigated
• Built-in and custom reports and alerts
• Detailed event logs and built-in traffic analysis
• Built-in and custom queries for flexible exploration and
analysis of data
• Configurable data retention period for compliance
• Export log data using API to 3rd party SIEM’s and BI tools
• Accelerate threat detection, IR and forensic operations
for security teams.
 MENLO SECURITY NEXT-GEN SECURE WEB GATEWAY
SECURE WEB TRAFFIC AND ELIMINATE MALWARE

Web and Document Isolation features and Benefits

Web Isolation and ATP Document Isolation / Access Control

• Safe viewing of websites by executing all active and risky • Safe viewing of documents by executing all active or
web content (ie. JavaScript and Flash) risky active content in the cloud away from the endpoint
• All native web content is discarded in disposable • Option to download safe cleaned or original versions of
containers using stateless web sessions documents
• Adaptive clientless Rendering (ACR) optimally renders • Broad file type support
safe content on endpoint • Granular policies to limit document access based on file
• Native and seamless user experience type and user
• Restrict document upload to the Internet

Cloud Delivery and Endpoint Support features and Benefits

Connection Methods and Endpoint Support Cloud Delivery with Universal Access
• Proxy Automatic Configuration (PAC) automatically • Global Elastic Cloud with autoscaling and least-latency
configured on endpoints based routings
• Proxy chaining from existing proxy device and IPSEC VPN • ISO27001and SOC2 certified data centers
• Works with native browsers with broad browser support • High Availability and Service Level Agreements
• Supports all OS and devices types • Allows connectivity from any location
• No endpoint software or browser plug-ins • Secure and optimal web access for remote sites and
mobile users

Menlo Key Differentiators

Web Isolation Technology Global Elastic Cloud

• Industry leading web isolation technology with no • High performance and low latency cloud service
impact on user experience or productivity and no need • Scales to 1000’s of users in ‘Isolate All’ deployments
for endpoint software
• Security Hardened platform
• Protects users and endpoints from all active and
malicious content
• Optimal usage of endpoint and network resources Advanced Threat Protection
• Recognized as a Visionary in the 2018 Gartner Magic
Quadrant for Secure Web Gateways • 100% protection against all web and document borne
threats including zero-day malware
• Assumes all content is risky
• No endpoint or user infections
 MENLO SECURITY NEXT-GEN SECURE WEB GATEWAY
SECURE WEB TRAFFIC AND ELIMINATE MALWARE

Menlo Security Next-Gen Secure Web Gateway with Web Isolation

Rather than determining what web content is content to the end user’s browser with no impact
legitimate, organizations should just assume that all on user experience or productivity nor special
web content is risky and hosts potentially malicious client software/plug-ins. This restores 100 percent
content. This approach eliminates the need to make confidence in security posture for security teams and
an allow or block determination based on coarse worry-free and productive clicking, downloading and
categorization and detailed analysis. Customers browsing experience for end users.
should employ an Isolate or Block policy instead.
Menlo Security enables this approach by intercepting The Menlo Security Next-Gen Secure Web Gateway
all web browsing sessions preventing malicious is delivered from a global elastic cloud as a service,
content from reaching endpoints and enforcing protects enterprises from web based cyber threats,
acceptable use policies and data loss prevention for enforces granular access and security policies,
each session in the cloud. controls, monitors and protects web traffic, prevents
data leaks and credential theft, secures cloud apps
Our Next-Gen Secure Web Gateway uses state-of-the- and ensures compliance across all devices and
art web isolation technology, protecting organizations locations. It does this with unmatched performance
from cyber attacks by eliminating the threat of and scale.
malware and phishing attacks from the web and email.
The Menlo Security Next-Gen Secure Web Gateway The Menlo Security solution provides powerful
isolates all active content in the cloud, enabling users protection from web-born threats and attacks like
to safely interact with websites, links and documents malware and data loss. The best part is that the user’s
online without compromising security. web browsing experience is not impacted at all, giving
them unrestricted yet safe and transparent access to
For content that is allowed, Menlo Adaptive Client all web content.
Rendering (ACR) efficiently delivers authorized

Menlo Security’s cloud-based next-generation Isolation platform scales to provide

comprehensive web, email and document protection across enterprises of any size,
without requiring endpoint software or impacting the end user-experience.

Menlo Security is trusted by major global businesses, governments and verticals,

About Menlo Security including Fortune 500 companies and financial services institutions, and backed by
Menlo Security protects leading venture capital firms and banks. Recognized as a visionary in the Gartner
organizations from Magic Quadrant for Secure Web Gateways, Menlo Security is a leader in web security
innovation.
cyberattacks by eliminating
the threat of malware from the Menlo Security is headquartered in Palo Alto, California.
web, documents and email. To learn more, visit menlosecurity.com or contact [email protected]