Name: Why HEAT attacks mark the next era of the cyber threat landscape
Start: 2022-03-08T19:00:00Z
End: 2022-03-08T19:59:46.000Z
Location: BrightTALK
Rating: 5

Menlo Security enables organizations to outsmart threats, completely eliminating attacks and fully protecting productivity with our one-of-a-kind, isolation-powered Cloud Security Platform.

When entire workforces went remote back in 2020 because of the global pandemic, organisations pivoted quickly to new business models by migrating apps and services to the cloud to enable the anywhere, everywhere workforce. However, with this digital transformation one thing was apparent - security was lagging. Hackers know more people are working remotely today - so they’ve deployed a new class of threats we call Highly Evasive Adaptive Threats (HEAT) to turn our browsers into increasing threat vectors and outpace our security controls.      

Listen as our cybersecurity experts discuss how threat actors are using these evasive threats. Attendees can expect to learn:
 
• How threat actors are getting past the security investments you have in place.
• Why shifting from a detection-focused approach to one that starts with prevention can eliminate threat activity.
• How this creates a paradigm shift that enables security to influence top-line growth.

Family Sedan vs Race-car: Who's helping threat actors outpace security controls?

When entire workforces went remote back in 2020 because of the global pandemic, government agencies and educational institutions pivoted quickly by migrating apps and services to the cloud to enable the anywhere, everywhere workforce and learning. However, with this digital transformation one thing was apparent - security was lagging.
 
Even with the shift to hybrid work and students back in the classroom, hackers know more work is still done via the browser and they’re using advanced threats like Highly Evasive Adaptive Threats (HEAT) to turn our browsers into increasing threat vectors. In many cases their threats outpace our security controls. A shift to a Zero Trust mindset is the first step in defense against these attacks.
 
Hear Senior Cybersecurity Strategist, Mark Guntrip, discuss how threat actors are using evasive threats to attack government agencies and educational institutions. Mark will also cover ways a Zero Trust strategy allows for a protective approach that can keep these attacks from ever happening. Attendees can expect to learn:
• How threat actors are getting past the security you have in place.
• Why shifting from a detection-focused approach to one that starts with prevention can eliminate threat activity.
• How this creates a paradigm shift that enables your Zero Trust strategy.

The Race to Zero Trust for Government and Education: Prius vs. Ferrari

Schools educate our nation's future so school administrators must navigate numerous challenges outside their control. With a reported 67 million malware attacks against education institutions during a typical 30-day stretch, one major challenge is that K-12 institutions easy targets for cybersecurity attacks. These attacks have risen since the Covid-19 pandemic forced remote learning, and a new form of highly evasive adaptive threats (HEAT) using multi-vector attacks has arisen as a primary source of these offenses. Although most students are back inthe classroom, the cyber attackers aren’t slowing down their attempts to infiltrate district networks. In September 2022, in a joint statement, the FBI, CISA, and MS-ISAC warned that cyberattacks against school districts would continue to rise. The statement continued, "School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk."In this ICIT briefing, a panel of experts will discuss examples of recent attacks, opportunities to decrease vulnerability, and developing an action plan to maximize the district's resources.

3 Considerations for School Systems When Building Their Cybersecurity Strategy

When entire workforces went remote back in 2020 because of the global pandemic, organizations pivoted quickly to new business models by migrating apps and services to the cloud to enable the anywhere, everywhere workforce. However, with this digital transformational one thing was apparent - security was lagging. Hackers know more people are working remote today and they’re using advanced threats like Highly Evasive Adaptive Threats (HEAT) to turn our browsers into increasing threat vectors and outpace our security controls. Listen as cybersecurity experts discuss how threat actors are using evasive threats. Attendees can expect to learn:
 
• How threat actors are getting past the security investments you have in place.
• Why shifting from a detection-focused approach to one that starts with prevention can eliminate threat activity.
• How this creates a paradigm shift that enables security to influence top-line growth.

Prius vs. Ferrari: Who's helping threat actors outpace security controls?

Hear Menlo experts discuss how the browser – which is more important to today's workers than ever before – is a hotspot for the single biggest unknown threat organizations face today: Highly Evasive Adaptive Threats (HEAT).

Ready to work without worry in 2023? Spotlight on Securing the Browser

Government guidance on cybersecurity is gaining momentum but it's still unable to keep pace with current trends. Changes in how we work (such as remote working) and evolving cyber threats will continue to endanger state, local, tribal, territorial, and educational networks. Today’s threat landscape means that private and public sector organizations can no longer rely on their users or on detection-based security tools to protect their users, critical data, and systems from attacks.

While detection of intrusions is essential, far more attention needs to be paid to prevention, which provides much better protection against incoming attacks. To capitalize on the growing threat landscape, bad actors are targeting web browsers with Highly Evasive Adaptive Threats (HEAT). These HEAT attacks bypass traditional security defenses and leverage the standard capabilities of modern web browsers to deliver things like ransomware, compromised credentials, and various malware.

Hear government and industry thought leaders discuss the tools and techniques that can build prevention into the cybersecurity infrastructure, such as browser isolation to provide visibility and control for a zero trust approach to web-based threats.

Staying a Step Ahead of Bad Actors in State, Local Cybersecurity

Ransomware continues to be one of the single biggest threats to government networks, and IT professionals are increasingly worried about employees who work remotely ignoring security guidance and clicking on malware-infested links or attachments. Their concerns are justified, particularly regarding highly evasive adaptive threats that target web browsers and take active measures to avoid detection by current-generation security. These attacks have increased by more than 220% in the past year and can target worker credentials as a precursor to launching a ransomware attack.

Those concerns are well-founded according to a new survey, which reports that one-third of respondents said they experience a ransomware attack at least once a week – with nine percent saying they are attacked more than once a day. And IT security professionals fear they can’t keep up with the increased rate of attacks. Public sector professionals, including state and local agencies, were the third-largest group to participate in the survey.

Listen to thought leaders from government and industry discuss the nature of malware and the steps that agencies should take to guard against falling victim to these emerging threats.

Evolving Risks: Combating Ransomware’s Latest Threats

Requirements for access to mission-critical business apps have fundamentally changed in the past few years. Given the explosion of hybrid work and increasing digital transformation initiatives, users now require secure anytime, anywhere access to an array of cloud apps, and Virtual Private Networks (VPNs) are struggling to keep up.

That’s why organizations are increasingly turning to Zero Trust Network Access (ZTNA) to grant users access to apps on a one-by-one basis instead of granting permission to the entire network like a VPN. But the path to ZTNA looks different for every organization, and deployment requires a thorough and methodical approach.

In this discussion, ESG Senior Analyst John Grady will take a detailed look at everything organizations need to know about ZTNA technology with Mark Guntrip, senior director of cybersecurity strategy at Menlo Security.

Attendees will learn:
• Why organizations are quickly adopting ZTNA
• How to plan for and deploy ZTNA technology
• What to look for in a ZTNA solution

Securing access for the modern workforce

When COVID-19 hit, many organizations attempted to implement Zero Trust environments to protect their data from online threats presented by unsecured home office equipment. But these efforts were often temporary and not particularly effective. In this webinar, experts offer a more permanent, more effective strategy for using Zero Trust to secure remote and hybrid workers and protect critical data from unauthorized access.

During this webinar you will:

• Find out how to develop a zero-trust strategy that makes sense for your environment.
• Get guidance from the pros about how identity asset management (IAM) fits into a zero-trust plan.
• Receive insights about the role of the end user within the zero-trust framework.
• Learn about when and where automation makes the most sense for most enterprises starting out on their zero-trust journey.

Using Zero Trust to Protect Remote and Home Workers

Businesses know that security is essential, but the wrong security can cause new problems. Employees who come across too many security roadblocks are less productive (and may take their work from secure corporate systems to personal machines and public Wi-Fi). In this InformationWeek webinar, you'll learn how to rethink your IT and security architecture to create a more secure enterprise while making work easier.

Attendees will:
• Learn how to get a better view of shadow IT risks in your business.
• Hear about emerging innovations in identity and access management that can help make life easier for employees.
• Identify the worst usability pain points and discover solutions that won't create new security pain points.

User-Friendly Security: Better Defense, Happier Employees

The COVID-19 pandemic transformed enterprises into remote workplaces overnight, forcing IT organizations to revamp their computing and networking strategies on the fly. Some of the changes were intended to be temporary, and some rules were adopted without thinking through all the implications. With businesses moving to permanent work-from-home and hybrid work models, enterprise IT teams need to rebuild their security strategies and switch off temporary rules and controls. In this webinar, experts discuss how to rethink the remote computing architecture and adjust the rules to consider remote networking and access, all the while giving users safe access to corporate systems and data.

Attendees will learn:
• Remote work policies that safeguard identity, access and user data.
• Balancing user convenience against security policies that satisfy the "C" suite.
• Password and account management that are speedy, efficient and secure.
• Handling the increased workload that comes with keeping remote workers’ data and devices secure.

Building and Maintaining an Effective Remote Access Strategy

When entire workforces went remote in 2020 because of the global pandemic, organizations pivoted quickly to new business models by migrating apps and services to the cloud to enable the anywhere, everywhere workforce. Many business users are spending a majority of their workday in a browser which accesses unmanaged sites, too. These same digital enhancements, also ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Adaptive Threats (HEAT), which are used as entry points for initiating ransomware, data theft, and account takeovers.
 
During this insightful session taking place on Tuesday, August 30, 2022 at 1:00 p.m. Eastern / 10:00 a.m. Pacific, (ISC)² and Menlo Security will discuss why HEAT attacks are the next-class of browser-based attacks taking advantage of today’s remote and hybrid workforce.

The Reason Why Ransomware is Really HEATing Up

Enterprise security teams have experienced more than their share of change throughout the past few years. But while many have adapted to the curveballs thrown their way in the form of a remote workforce, the tools needed to facilitate productivity, and the resulting proliferation of data, security is still lagging. 

These changes have ushered in a tidal wave of ransomware impacting organizations – both large and small – across industries. The problem? Security teams are still married to early strategies founded on detecting threats versus focusing on initial access. The shift to remote work has made the web browser the new office, and threat actors have caught on. Today’s ransomware gangs have pivoted as quickly as organizations to take advantage of modern work by leveraging a new class of cyber threats – Highly Evasive Adaptive Threats (HEAT). HEAT attacks are aimed explicitly at web browsers and use various tactics to evade multiple layers of detection in today’s security stack. 

So, is it possible for security teams to shut the door on these threats before they place? Can ransomware finally be removed from the scroll of concerns security leaders have? Is there a way to make security effective again without getting in the way of modern work? What’s the role of Zero Trust in all of this? Guest speaker Heath Mullins, senior analyst at Forrester, sits with Mark Guntrip, senior director of cybersecurity strategy at Menlo Security, to answer those questions – and yours – during this upcoming discussion.

Completely avoiding the ransomware tidal wave

More and more organizations are moving applications and services to the Cloud, creating a work environment where the office has become a “browser” for employees to access resources remotely. While Software as a Service (SaaS) applications have grown in popularity to meet hybrid and remote work requirements, SaaS applications and Cloud migrations mean an expanded attack surface that organizations are seldom ready to secure. 
 
As organizations struggle through their Cloud migration, cyber criminals are eager to take advantage of occupied security teams and deliver ransomware attacks through Highly Evasive Adaptive Threats (HEAT). Join host John Grady, Senior Analyst at ESG and guest Eric Schwake, Sr. Manager of Cybersecurity Strategy at Menlo Security as they explore the rise in HEAT and:
- An in-depth look into Menlo’s HEAT security assessment 
- What’s driving these HEAT attacks and how they’re evading existing security defenses
- Solutions to keep in mind and how organizations can secure themselves against HEAT attacks

Ransomware Attacks Are Evolving: The Rise of Highly Evasive Adaptive Threats

When organizations look to bolster their existing security strategy by improving endpoint detection tactics and technology, they often fail to consider prevention strategies. By prioritizing one over the other, organizations leave themselves vulnerable to incoming cyber attacks. As ransomware attacks become increasingly malicious with severe consequences from damaged reputations to revenue, it’s necessary that organizations shift their mindset and prioritize preventing attacks from even reaching their endpoints. 

While many organizations utilize the Cloud to manage applications and store data, they’re also widening their attack surface and making themselves vulnerable as they adjust to the New Era of Work. So how can organizations secure themselves in this new digital era? Join host John Grady, Senior Analyst at ESG and guest Neko Papez, Sr. Manager of Cybersecurity Strategy at Menlo Security as they take a deeper dive into ransomware prevention strategies and how Menlo is taking a different approach to security. 

They’ll examine:
- Why traditional security solutions are failing and how organizations can upgrade their security stack
- Why threat prevention is important and how isolation can help prevent threats
- Detection vs prevention and how Menlo is taking a more modern approach to threat prevention

Detection and Prevention: Creating a Foolproof Ransomware Defense Strategy

The rise in cloud adoption, remote work, and other digital transformation efforts are forcing organizations to adapt how they are managing network security. This is proving to be challenging considering there is no one-size-fits-all approach to network security. Tune into this panel discussion where experts will provide insights on how organizations can use emerging concepts like SASE, next-gen firewalls and zero trust to help enhance their network security strategy.

Moderated by:
Melinda Marks, Senior Analyst, ESG

Featuring:
Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security
Eyal Webber-Zvik, VP, Product Marketing, Cato Networks

Enhancing Your Enterprise Network Security Strategy

The rise in cloud adoption, remote work, and other digital transformation efforts are forcing organizations to adapt how they are managing network security. This is proving to be challenging considering there is no one-size-fits-all approach to network security. 

Watch panel discussion from RSA 2022, where experts provide insights on how organizations can use emerging concepts like SASE, next-gen firewalls and zero trust to help enhance their network security strategy.  

Moderated by: 
John Grady, Senior Analyst, ESG
Featuring: 
Nick Edwards, VP Product Management, Menlo Security

Build a Network Security Strategy that Works for You, Not Cyberattackers

It’s difficult to navigate today’s cyber threat landscape as new and returning malicious attacks leave organizations anxious for what’s next. Cybersecurity Ventures estimated that in 2021 organizations would experience a ransomware attack every 11 seconds and predicted that attacks would only increase and occur up to every 2 seconds by 2032. 
 
Despite comprehensive cybersecurity measures, ransomware attacks continue to breach traditional defenses. As hybrid and remote workplaces remain increasingly popular, organizations are scrambling to transport users, data, and applications to the Cloud whilst staying on top of security strategies and incoming threats. Join host John Grady, Senior Analyst at ESG and guest Mark Guntrip, Sr. Director of Cybersecurity Strategy at Menlo Security as they discuss how organizations can defend themselves against ransomware by securing access points and:
- What’s behind the increase of ransomware attacks today
- Where are defense strategies falling short and how can security leaders buff up their security strategy
- The various stages of ransomware and how attacks are delivering malware today

Defending Against Ransomware Attacks in Today’s Threatscape

Enterprises today are more complex than ever. Data and applications increasingly reside in the cloud, and the users accessing them often do so remotely. Yet traditional on-premises security approaches still dominate the landscape. With web browsers constantly being updated to address vulnerabilities and SaaS applications further expanding the attack surface, this distributed work model – as well as corporate data – needs to be protected.

Threat actors understand this paradigm shift and have adapted by creating Highly Evasive Adaptive Threats (HEAT), which are used as beachheads for initiating ransomware payload and causing other endpoint breaches that result in account takeovers. HEAT attacks are evading existing security defenses, including Secure Web Gateway anti-virus engines and sandboxes, network and HTTP-level inspections, malicious link analysis, and indicator of compromise (IOC) feeds. 

During this insightful conversation, ESG Senior Analyst John Grady will dive deep into the challenges that HEAT attacks present organizations with Eric Schwake, senior manager of cybersecurity strategy at Menlo Security.

Attendees will learn: 
• How modern work has given rise to HEAT attacks.
• The delivery mechanisms these attacks leverage to evade detection.
• What organizations can do to prevent HEAT attacks.

One lucky live viewer will win a LEGO Star Wars Ultimate Millennium Falcon 75192 Expert Building Kit and Starship Model!

Why HEAT attacks mark the next era of the cyber threat landscape

Ransomware

Malware

Threat Prevention

Threatscape

Network Security

Web Security

Data Security

Cloud Security

Remote Access

Digital Transformation

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Why HEAT attacks mark the next era of the cyber threat landscape

Presented by

About this talk

More from this channel