SBN

How Isolation Changes Incident Response

Large Groups of Isolated Users Shrink Your Exposure Surface

Enterprises frequently acquire an isolation solution (with Menlo for remote browser isolation) for groups of users, such as VIPs, rather than their entire workforce. While this strategy insulates VIPs from malware attacks, it assumes that only VIPs have access to potentially crippling information.

 

In reality, an attacker can cause massive damage using any employee’s credentials. Once access is granted, tiny slivers of information such as customer lists and SSNs could easily force ransomware payments of millions of dollars.

 

Everyone is vulnerable in an organization and focusing on protecting only “very attacked people” wrongly prioritizes the most visible targets.

 

 

Shorter Response Times Across Isolated Users

A goal of many security professionals is to decrease the number of vulnerable users to a given threat. This goal is important during IT fire drills and active attacks, in which the time-to-response window can be short.

 

Knowing which threats to investigate first (or last) shortens response times. Suppose an entire organization is equipped with isolation. In that case, the risk of a successful web or email-based attack drops because the previously exposed and vulnerable parts of the network are now isolated.

 

More Accurate Threat Modeling Reduces Response Times

Similar to herd immunity, cloud-based isolation has benefits that increase as more users are shielded.

 

In modeling an attack event with a network of 100 percent isolated users, the IT admin may want to alter their threat model to account for the lowered probability of a web-based phishing attack. An updated threat model would direct IT teams more toward threats not protected by isolation, such as someone taking physical control of an unlocked laptop or discovering gaps in their isolation coverage.

 

One major banking company noted a drastic reduction in IT-related emergencies after they adopted Menlo isolation. We helped them reduce their attack surface area by 90 percent across their entire deployment of isolated and non-isolated endpoints. The result was a 10X increase in worker productivity and an ROI of 261 percent after three years.

 

Learn More About User Behavior with Menlo Security Insights

Menlo Security Insights, our analytics engine, enables you to discover, track, and monitor user activity during incident response.

 

Reports can be created on-demand or automatically sent to various stakeholders across the organization. Importantly, our threat modeling tools help IT admins observe their entire threat profile (risky users, phishing, malware, etc.) for analysis.

 

To learn more about Incident Response with Menlo Security Insights, consider reading our Data Sheet.


*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by James Locus. Read the original post at: https://www.menlosecurity.com/blog/how-isolation-changes-incident-response