How To Protect Your Business From Ransomware Without Restricting Employees
Posted on by Zuly GonzalezCategories Blurb, Security, Web SecurityLeave a comment on How To Protect Your Business From Ransomware Without Restricting Employees

The internet has seen a lot of different malware variants pop up over the years, but few of them have had quite the financial and technical impact as the one on every security professional’s lips in 2018: Ransomware. But what is ransomware exactly, and what makes it so much more devastating to businesses than any other malware that has come before it?

According to a recent blog post from IBM’s SecurityIntelligence division, ransomware is defined as “…malware that holds your data hostage and demands payment for release”. In the post IBM talks about the various attack vectors that ransomware can use to infiltrate a corporate network, including phishing emails and web-based infection pathways. Read the full article here.

IBM suggests that the best ways to protect against ransomware threats is to constantly update your network with the latest security patches, teach employees how to spot potential scam emails or links, and have a threat response team trained and ready to go in case the first two lines of defense fail. However, the author also suggests limiting the functionality of your users’ workstations, such as disabling Flash (that may be necessary for some business web apps to function properly), which can result in lost productivity and continued headaches for your network security team if implemented improperly or with too many restrictions.

This is exactly where solutions like Remote Browser Isolation (RBI) can help. RBI allows your employees to retain many of the same freedoms they’ve become accustomed to when it comes to how they use and browse the web, while also securing your network against the threat that major ransomware variants like WannaCry pose.

RBI is both simple to implement and highly effective against the threat vectors that bad actors rely on most frequently to deliver ransomware infected payloads to enterprise networks. RBI also offers a host of additional features that help protect your users’ privacy and security in the era of rapidly evolving ransomware threats.

Learn more about Remote Browser Isolation

Endpoint Security Solutions Challenged by Zero-Day and Fileless Attacks
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on Endpoint Security Solutions Challenged by Zero-Day and Fileless Attacks

As the world of malware continues to evolve at a relentless pace, IT departments globally are struggling to keep up. Today, fileless attacks and zero-day exploits are appearing more frequently, and traditional AV solutions and detection methods are failing to prevent infections the way they used to.

According to a recent article posted by Help Net Security, the challenges that endpoint security specialists face in this fight are significant. In a survey by the Ponemon Institute and Barkly that polled 660 IT and security professionals, they found that 64 percent of organizations experienced a successful endpoint attack in 2018, which represented a 20 percent increase from the same 12-month period last year. Furthermore, 63 percent of individuals surveyed stated that the frequency of endpoint attacks has increased in the past 12 months. Read the full article here.

Most importantly, respondents estimated that the current AV implementations active on their networks were only capable of blocking 43 percent of incoming attacks.

In response to this problem some organizations have resorted to focusing more on quickly detecting and responding to attacks instead of preventing them. However, the prospects of this solution working are bleak at best, given the results of the 2018 Cost of Data Breach Study by Ponemon, which found that the average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days).

This begs the question: what potential solutions are out there which can mitigate the threat that zero-day and fileless attacks pose without affecting employee productivity or adding unnecessary burden on the on-site IT staff? Options like Remote Browser Isolation present a secure alternative to traditional antivirus detection methods.

Remote Browser Isolation can help close the gap between post-infection detection techniques, which may not detect all attacks, and the proactive threat hunting approach that may leave the corporate network vulnerable for weeks before the threat is detected and neutralized. By isolating an employee’s browser activity in an external virtual environment that exists outside of your corporate network, any breach attempts that are launched against that user via a web browser, whether they are zero-day, fileless, or run of the mill attacks, can be stopped before they can even enter the corporate network. By implementing Remote Browser Isolation, your IT department can reduce the management overhead while simultaneously making it easier for your users to browse the web safely, securely, and without the limitations that other protection methods might place on their daily browsing habits.

Learn More About Remote Browser Isolation

How to Balance Employee Freedom With the Needs of Corporate Security
Posted on by Zuly GonzalezCategories Computer Security, How To, Web SecurityLeave a comment on How to Balance Employee Freedom With the Needs of Corporate Security
balancing stones on white background

Today’s employees prefer to use a wide range of web apps in the office in order to get the absolute most out of their workday. For example, they manage their calendar with Google Calendar, check their emails through Office 365, chat with fellow employees using Slack, watch videos over YouTube, have conference calls over Zoom or store and share files using Dropbox.

The idea of allowing employees access to various web applications they need to maximize their productivity may sound like a good one at first, but often this level of freedom can create a host of headaches for a company’s security department. The problem is further exacerbated when security teams have to worry about securing access to such web apps over multiple web browsers for every employee on every device.

Web Browsers Are a Necessary Evil

Gartner estimates that 98% of all external information security attacks happen over the public internet, and 80% of those attacks are carried out through end users’ web browsers. With browsers at the center of so much corporate activity, it’s no surprise that browsers are the most likely place for cyber-attacks to happen.

Oftentimes, to keep things simple, the IT department will block entire categories of websites, including many of the essential sites that employees need to do their job effectively. Contrary to popular belief, no good comes out of being so heavy handed with blocking sites. First, the inability to access sites to do their job leads to employee productivity loss, and second, enterprise networks are still vulnerable since blocking sites doesn’t eliminate the threat of web-based malware that can be introduced through typically “safe” sites. To make matters worse, some organizations even take the extreme measure of blocking internet access altogether, which has obvious productivity concerns.

Then what is the best way to mitigate the threat of browser-based attacks while still providing employees with all the flexibility they need to be productive on a daily basis?

Remote Browser Isolation Provides a Solution

The solution to keeping your network safe while allowing unrestricted access to the web and work flexibility is Remote Browser Isolation. Remote isolated web browsing brings the best of both worlds into one seamless, easy to use solution that lets employees browse the web with complete freedom while also protecting your network from any browser-based threats.

Remote Browser Isolation moves your web browsing activity off the corporate network entirely, and into a remote virtual environment. This means that no web content ever enters the corporate network, so if any infected links or files are encountered, they are unable to cause any damage.

Furthermore, Remote Browser Isolation enables truly anonymous browsing capabilities that protect a user’s identity when browsing the web.

Conclusion

Today, the internet is the go-to source for information, productivity tools, commerce, socialization and business communication. The rapid emergence and use of social media, news sites, web apps and other business sites in the workplace, whether for personal or business use, have made the web browser one of the most likely places for cyber-attacks to happen. Every new website that is allowed into the corporate network potentially introduces a whole new range of attack vectors that security teams need to worry about. Remote Browser Isolation alleviates these security concerns while still allowing employees access to a wide range of websites and web applications in the office in order to get the absolute most out of their workday.

Learn More About Remote Browser Isolation

How to Prevent Web Browser Forensic Data From Falling Into the Wrong Hands
Posted on by Zuly GonzalezCategories How ToLeave a comment on How to Prevent Web Browser Forensic Data From Falling Into the Wrong Hands

There is a wealth of information available online, and web browsers are the primary way we access it. Just as web browsers help us learn about the world, the world (both good and bad actors) can learn a lot about us by looking at our web browsers.

Web browsers store a host of valuable information about a user’s surfing habits and usage patterns. In his recent article, author Barry Shteiman describes the different ways that enterprises can use the data collected by web browsers to help quantify the nature, scale and scope of any potential threat, including insider threats. Read the full article here.

For example, in a post-breach investigation, investigators can collect vital evidence of the user’s activities and motivations to understand if a cyber-crime was committed. Aside from the more obvious pieces of information like web browsing history and autofill options, more specific breadcrumbs left by the user during their sessions like cookies, alternate email logins, and file download histories can be used to more accurately piece together a picture of the ‘person of interest’.

But, in the same way that the good guys (a member of an organization’s own network security team) can use this information to identify an insider threat, it can also be used against them if this data happens to fall into the wrong hands. Web browsing exposes your organization to web-based malware attacks that can allow unfettered access to this data to bad actors who will in turn use it for far more nefarious purposes.

To prevent malware from being delivered from the web to your corporate network via phishing links or other browser-based exploits, consider using security solutions like remote browser isolation. With browser isolation technology, users’ browsing activities are moved to an environment that’s completely separated from their organization’s network. Malware gets trapped in the isolated environment, where it is safely contained and disposed of. This prevents any kind of corporate data, including user’s’ browser data, from being exposed to potential hackers, while allowing users to freely surf the web.

Learn More About Remote Browser Isolation

If You Use Your Web Browser’s Incognito Mode We’ve Got Bad News
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on If You Use Your Web Browser’s Incognito Mode We’ve Got Bad News

We place our trust in simple browser features like Chrome’s ‘incognito browser mode’ with an expectation that it will work as advertised and protect our privacy. Sadly, it doesn’t.

The incognito browsing mode, or the ‘private browsing mode’ as it is also known, has become the go-to method that amateurs rely on to protect their privacy and keep their internet browsing history a secret. But while the private browsing mode is good enough for preventing local cookie tracking or saving of autofill details, it falls short in dozens of other ways that matter most in keeping your information truly private and secure. For example, the private browsing mode cannot prevent browsers from giving away your geographical location, nor can it prevent viruses and malware from infecting your computer.

In an article posted on IFLScience.com, Aliyah Kovner blames the major browser providers for not doing a good job with their disclosures, which makes it difficult for their users to comprehend what these features actually can and cannot do. Read the full article here.

Though the article doesn’t offer a solution, it does bring up two very important points – (1) the majority of users out there want an easy, convenient and reliable way to protect their privacy while browsing the web and (2) even if the major browser providers improve their disclosures, people are not likely to read them, which means that they will likely still not understand the limitations of these features..

This poses a big challenge for companies that not only need to protect their users’ privacy, but also need to ensure that their corporate network is secure from threats like malware and ransomware.

Enterprises need a solution that can address both the privacy concerns of their users and the security concerns of their security teams. What they need is a solution called Remote Browser Isolation (RBI) that can not only enable truly anonymous web browsing, but can also ensure the security of their network against web-based malware threats, and much more.

Learn more about Anonymous Web Browsing with Remote Browser Isolation

Light Point Security CEO to Speak at the Techno Security & Digital Forensics Conference
Posted on by JudyCategories Events, Light Point Security Update, Security, Web SecurityLeave a comment on Light Point Security CEO to Speak at the Techno Security & Digital Forensics Conference

I’m happy to share that Light Point Security CEO, Zuly Gonzalez, will be speaking at the 2018 Techno Security & Digital Forensics Conference about how malware can infiltrate an organization’s network and how to protect against these threats. This is Zuly’s second year presenting at this conference and we are looking forward to another great show of making new connections and learning from the best.

The Techno Security & Digital Forensics Conference will be held June 3-6, 2018 in Myrtle Beach, SC. Zuly’s presentation is scheduled for Monday, June 4, 2018 10:30am – 11:20am. If you’d like to join us at the conference and attend Zuly’s presentation, you can register here. We hope you’ll join us!

Presentation Information

Don’t Let the Hunter Become the Hunted – Protect Your Online Research Network Intelligently

Online research of publicly accessible websites is a source for a practically infinite amount of data. But who knows what sorts of malicious software (malware) is lurking on the other side of every link you click. A malware infection in your research lab’s network can have devastating effects for your organization, ranging from data theft and leakage, ransomware infections, or simply destruction of your data and equipment. If your data is stolen and leaked to the wrong people, it may be you that is being investigated by your targets! This session will discuss the malware risks you are exposed to when doing online research as well as some cutting edge new ways to protect your network from online malware threats.

Light Point Security Sponsors MESA HITS Spring 2018
Posted on by Beau AdkinsCategories Events, Light Point Security UpdateLeave a comment on Light Point Security Sponsors MESA HITS Spring 2018

In mid May Light Point Security sponsored and attended the MESA HITS Spring 2018 event in Los Angeles. The Hollywood IT Summit (HITS) brings together IT technologists from all the major Hollywood studios, independent content creators and their supporting information technology partners.

During the event our team met Jeffrey Stansfield from Advantage Video Systems. Jeffrey learned about Light Point Web, our browser isolation solution, and decided to create a short video interview highlighting its value.

Enjoy!

Webinar: How to Prevent WannaCry and Other Web Threats
Posted on by JudyCategories Events, Light Point Web, Security, Web SecurityLeave a comment on Webinar: How to Prevent WannaCry and Other Web Threats

Light Point Web prevents WannaCry and other ransomwareIn a matter of days, the WannaCry ransomware outbreak infected more than 230,000 computers in 150 countries. It impacted healthcare organizations, universities, government agencies, and many others, including FedEx. If you are concerned about the WannaCry ransomware and other similar attacks, join us for this informative webinar.

Light Point Security is hosting a joint webinar with partner, ELEVI Associates, today May 18 at 1pm EST. This educational webinar will explain the causes of ransomware and the devastating effects it can have on an organization. Learn about remote browser isolation technology and how it protects organizations from ransomware and other web-based threats.

Join us by signing up for the webinar here.

Register Now

Light Point Security CEO Invited to Speak at the Pentagon
Posted on by JudyCategories Events, Light Point Security UpdateLeave a comment on Light Point Security CEO Invited to Speak at the Pentagon

Zuly Gonzalez Speaks at the PentagonWe were privileged to have the Pentagon invite Light Point Security CEO, Zuly Gonzalez, as a keynote speaker for its JSP Cybersecurity Forum.

The Joint Service Provider (JSP) provides the full range of information technology equipment, services, solutions, and customer support to the Office of the Secretary of Defense, the Office of the Deputy Chief Management Officer, and WHS to meet mission and business requirements.

Zuly presented at the Pentagon yesterday on the topic of cybersecurity innovations and how remote browser isolation is changing the game for the better and giving organizations the power to completely eliminate their web-based malware problems once and for all.

We were honored to have been invited to speak at such a prestigious event.

You may view the full press release here.

Light Point Security Founders Featured in the Baltimore Sun
Posted on by JudyCategories Light Point Security UpdateLeave a comment on Light Point Security Founders Featured in the Baltimore Sun
Zuly Gonzalez CEO of Light Point Security and former NSA cybersecurity expert
Zuly Gonzalez, CEO of Light Point Security, is pictured in her office space. (Algerina Perna / Baltimore Sun)

Light Point Security founders, Zuly Gonzalez and Beau Adkins, were featured in The Baltimore Sun this week! The story “Maryland’s federal workforce offers state a source of cyber entrepreneurs” highlights a few Maryland-based cybersecurity companies, their founders and how they got started. Here’s an excerpt from the story:

Zuly Gonzalez and Beau Adkins worked in the digital trenches at the National Security Agency for more than a decade.

Gonzalez designed computer protection systems and Adkins figured out how to penetrate such barriers. Their light bulb moment came when they decided to apply their expertise to the commercial sector and founded their company, Light Point Security.

“We kind of melded both his offensive mindset of hacking and attacking and my mindset of defending. He knew how easy it was to hack and get into networks,” Gonzalez said. “So we basically thought about what would it take to really stop Beau from getting into a computer.”

Numerous businesses in Maryland’s growing cybersecurity industry were founded by former government workers or government contractors, and count such workers among their current and prospective employees.

The full article by Baltimore Sun reporter Sarah Gantz can be viewed on The Baltimore Sun website here.

Categories
Archives