Virtualization Technology News and Information
RSA Conference 2024 Q&A: Menlo Security Will Showcase Its Browsing Forensics and Secure Cloud Browser

VMblog RSA 2024 

Are you getting ready for the upcoming RSA Conference, the world's leading information security conference and exposition?  The event is quickly approaching, taking place May 6 - 9, 2024 at the Moscone Center in San Francisco.  This year's theme: The Art of Possible - as we collectively create works that will change our perspective on what we can accomplish. Let's celebrate limitless opportunities, challenge the status quo, and explore new horizons together.

Ahead of the show, VMblog received an exclusive interview with Andrew R. Harding, Vice President of Security Strategy, Menlo Security, a pioneer of browser security.

menlo security logo 

VMblog: To kick things off, give VMblog readers a quick overview of the company.

Andrew R. Harding:  Menlo Security pioneered browser security and protects organizations from cyber threats that attack enterprise browsers. The Secure Cloud Browser is rooted in Menlo's patented Cloud-Driven Security Platform. It represents a significant evolution since its origins in browser isolation and cloud-delivered security services. Menlo is available globally and protects over 1,000 organizations and around 400 billion web sessions every year. Eight of the ten largest global financial services institutions and large governmental institutions rely on Menlo to protect against browser-borne threats including phishing, malware, ransomware and zero-day exploits. Our home base is in Mountain View, California, but we have a global presence.

VMblog: How can attendees find you at the show?

Harding:  We're hosting meetings nearby Moscone Center this year and you can book meetings with us via this link: Meeting request - RSA Conference 2024 (

VMblog: What market needs or problems are you addressing in the security space?

Harding:  Menlo brings defense in depth to browser security. Since 2020, the shift to hybrid work models and increased use of SaaS applications have changed how threats operate, leading to a critical security challenge. Ransomware has grown from a $1 billion problem annually to a problem that can cost $1 billion in a single incident. It may actually end some companies. Menlo Security solves the problem of securing browsers and protecting users from threats. Menlo stops phishing and malware delivery through the browser.

Menlo also enables an approach to zero trust access that is simple and cost-effective to adopt. Zero trust has historically been tough to roll out at scale, and expensive. Menlo fixes that problem at the same time as defending against modern threats. Adopting Menlo means you can ditch legacy VDI for many use cases and pitch the outdated remote-access VPNs that are often still in place in many enterprises. Menlo is easy on users - they don't have to change the way they work or what browser they use, and it's easy on security practitioners because it reduces alerts and automatically adds the browser content to investigations when they are required.

VMblog: What are some of the key takeaways of your solution that RSA conference goers should be aware of?

Harding:  Today, people spend on average 80% of their workday in browsers, and over 50% of employees complete all of their duties within a browser. We all work with SaaS and private web applications. But browsers are a security blind spot. They operate without the necessary protection and security controls, exposing enterprises to attack. Browsers are the entry point for internet-borne attacks, and the exit point for data leakage.       

Menlo Security secures enterprise browsers. Menlo manages browsers, protects your users, and secures application access and enterprise data, providing a complete enterprise browser solution from any browser.

Menlo Security secures the browsers that users want and preserves a familiar, easy-to-use experience. You can deploy browser security policies in a single click, secure SaaS and private application access, and protect enterprise data down to the last mile. We bring trusted and proven cyber defenses to every browser.

And what sets you apart from the competition?

Harding:  Legacy browser isolation and replacement browsers cannot provide the security required to address modern threats and enable hybrid work or clientless zero trust access. Fundamental limitations in their product architecture limit their effectiveness. Network service based approaches are complex and expensive, and allow advanced threats to break through their defenses.

Secure enterprise browsing requires browsers to enter the cloud era and use a separation strategy, employing dislocated, cloud-based isolation. A cloud-based, AI-powered approach eliminates browser-based threats by processing and rendering content in the cloud, safeguarding data and securing web sessions.

VMblog: Is your company launching anything new at the show? Can you give us a sneak peek?

Harding:  The Menlo product team has been busy lately. The Secure Cloud Browser has just been updated and works with HEAT Shield and the Menlo Posture Manager to transform any browser into a secure enterprise browser. We have introduced defense in depth to browser security. The Secure Cloud Browser runs within an elastic and orchestrated cloud-native platform, fetching content and delivering safe, decomposed and reconstructed, content to a local browser. Cloud content inspection keeps threats off the endpoint and protects against internet-borne phishing and evasive malware. The AI-powered cloud content inspection works with a safe cloud document and archive viewer, next-generation browser isolation, and other protections.

The Secure Cloud Browser scales globally and can deliver a risk-free local-browsing experience for every user, every tab, and every web session within and across an enterprise. We recently introduced a browser extension that enables really simple deployment for BYOD and zero trust access applications.

Menlo Security also just today announced a partnership with Google Cloud to advance enterprise browser security. Through the partnership, we are expanding our global usage of Google Cloud's infrastructure. Mandiant will also strengthen its browser security expertise through training provided by our threat research, and mutual customers can take advantage of integrated products, such as Google Chronicle Security Operations and VirusTotal Threat Intelligence.

VMblog: What will you be showing off at the show this year?

Harding:  There is so much that is new from Menlo. I am particularly excited about how we have totally changed the speed of incident response tools. The complicated investigation that relies on endpoint telemetry or network data and misses what happens within the browser are yesterday's news. Network forensics systems are complex to deploy and costly to operate. Changes in transport encryption are making network forensics impossible, unless you compromise secrecy and security. And EDR is so tiresome to use: alerts, alerts, alerts.

Menlo Security Browsing Forensics works with the Secure Cloud Browser, providing complete insight into web sessions. Browsing Forensics helps responders to understand a user's activity within a browser. Menlo Browsing Forensics automatically preserves a comprehensive record of web sessions and the user interactions. Browsing Forensics stores the history of a web session, so analysts can understand what happened or trace a data leak without delay.

VMblog: What are some top priorities for security leaders at RSA to consider this year?

Harding:  Security leaders need to stop using legacy tools that have been creating risk. VDI systems and legacy VPNs are a problem. VDI needs to be optimized and legacy VPNs need to be decommissioned and replaced. They are literally antiques at this point. Legacy VPNs and VDI have proven complex and expensive, and they sometimes create more risk than they are worth. Menlo reduces risk, enables secure access, dramatically reduces cost and can enhance productivity and enable the managed use of generative AI. We build one of the rare security products to actually make life easier for end users.

VMblog: What are some of the security best practices you would deem critical?

Harding:  Organizations need to treat their browser as an enterprise asset and they need to add the browser context to their planning and policy considerations.

When we think about all the other assets in your enterprise, whether it's a laptop or another company-managed asset. Traditionally the asset is procured and registered and shipped to the new user. A laptop comes installed with a variety of endpoint technologies, productivity tools, some networking controls and so forth. And this is good. It allows us to be productive and have some baseline level security from the start.

The same thing applies to bringing network infrastructure up and connecting to the Internet. On the network side, you're definitely going to put firewalls and a variety of other security controls in place before any packet reaches the web or any server processes a request. Of course, many of these tasks have been automated in the last 10 years, too.

Now, when you think about browsers, these have been basically free tools that we just use. Users now spend 80% of their day in a browser and web application. And we do very little as an industry to provide the same baseline level of protection for browsers.

Ultimately, the browser needs to be treated as an enterprise asset. And that means we need to manage it, protect users, and leverage capabilities to secure access to applications and data.

VMblog: The keynote stage will be talking about major themes this year. But what trends is your company seeing that we should be aware of in 2024 and beyond?

Harding:  To succeed, we must collaborate to stay ahead of today's threats and anticipate tomorrow's challenges. Legacy approaches that are all about connecting network and scanning data or trying to catch threats in the endpoint are not getting the job done. To shape a more secure world, we need to move past the "anti-virus" and "web security" era. We can't put firewall boxes between users and all the applications they need anymore. We need to add the browser context to cybersecurity defenses, and we need to adopt cloud-driven, AI-powered defenses that enable hybrid work and zero trust access that is easy to deploy, cost-effective, and simple to live with over time.


Published Thursday, May 02, 2024 12:50 PM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2024>