The RSA Conference
(RSAC), the premier cybersecurity industry event, returns to San
Francisco's Moscone Center April 28-May 1, 2025, bringing together
thousands of security professionals, vendors, and thought leaders from
across the globe. This annual gathering serves as the definitive forum
for the latest cybersecurity innovations, trends, and best practices,
featuring hundreds of educational sessions, keynotes from industry
luminaries, and an expansive expo floor showcasing cutting-edge security
solutions. For organizations navigating today's complex threat
landscape, RSAC provides unparalleled networking opportunities, hands-on
training, and essential insights to help bolster defense strategies
against evolving cyber threats.
In an increasingly complex threat landscape where AI-powered attacks and phishing-as-a-service are on the rise, organizations are searching for security solutions that don't compromise user experience.
Ahead of RSA Conference 2025, VMblog spoke with Andrew Harding, VP of Security Strategy at Menlo Security, about the company's innovative approach to browser security.
Menlo's strategy focuses on transforming existing browsers into secure enterprise tools through network separation, browser isolation, and advanced malware defense—bringing zero trust principles directly to the most overlooked attack vector in cybersecurity today. Visitors to Booth #2436 in the South Expo Hall can expect hourly demos showcasing their Secure Enterprise Browser solution and the latest enhancements in visibility, forensics, and file sanitization technology.
++
VMblog: Give VMblog readers a quick
overview of your company and its core mission in the cybersecurity space.
Andrew Harding: At Menlo Security, our core mission is to
fundamentally shift how organizations approach securing their users and data in
today's modern work environment. We believe you don't have to overhaul the
entire browsing experience to achieve robust security. Instead, our focus is on
enabling organizations to secure the browser itself - the primary interface to
the web and cloud applications - with trusted and proven defenses.
We achieve this by managing the browser attack
surface, deploying granular security policies, protecting users from
sophisticated threats, and securing access and data down to the last mile. Our
foundation lies in network separation, browser isolation, and advanced malware
defense, ensuring that malicious content never reaches the user's endpoint.
This allows us to bring the principles of zero trust directly to the browser,
creating a critical layer of defense-in-depth.
In essence, Menlo Security provides a fast,
easy, and effective browser security solution that leverages the browser your
users are already familiar with, eliminating the complexities and limitations
of legacy access methods and providing comprehensive protection for both
managed and unmanaged users and devices.
VMblog: Where can attendees find you at
RSA 2025? What's your booth number, and what kind of experience can visitors
expect when they stop by?
Harding: Find Menlo Security at Booth #2436 in the
South Expo Hall. We invite attendees to stop by for live demos every hour
showcasing our Secure Enterprise Browser solution and the latest enhancements
in visibility, forensics, and the integration of Votiro's sophisticated file
sanitization within the Menlo Secure Cloud Browser. Beyond demos, our team will
be on hand to have meaningful conversations, answer your specific security
challenges, and provide insights from our recent State of Browser Security Report.
VMblog: What is your message to RSA
attendees coming out to the show this year?
Harding: In today's evolving threat landscape,
particularly with the rise of sophisticated, AI-driven attacks, the browser has
become a critical, often overlooked, attack vector.
You don't need to rip and replace your
existing infrastructure or force users into unfamiliar environments to achieve
robust security. Menlo Security offers a proven path to transform the browser
you already own into a secure enterprise browser, providing comprehensive
protection against phishing, malware, and advanced threats - all while
enhancing user productivity.
Come to RSA to see how we're
revolutionizing browser security with innovative solutions like enhanced
visibility, advanced forensics, and streamlined policy management.
VMblog: With AI being a major focus in
cybersecurity, how is your company leveraging or addressing AI both as an
opportunity and a potential threat vector?
Harding: We're leveraging HEAT Shield AI to
enhance our threat detection capabilities. We're fighting AI with AI,
integrating computer vision, cloud sandboxing, and machine learning to identify
and block highly evasive advanced malware, including those crafted using
generative AI. HEAT Shield AI allows us to proactively catch malicious GenAI
sites, including sophisticated phishing attacks that mimic legitimate AI
services, before they can do any damage.
We recognize the productivity benefits of
GenAI for our customers. That's why we've developed solutions to enable the
safe use of GenAI platforms within the enterprise. The Menlo Secure Cloud
Browser creates a secure separation between the user's endpoint and GenAI
sites, preventing direct interaction with potentially risky content. We also
offer last-mile DLP protections to control what users can submit to these
platforms, preventing inadvertent data leakage of sensitive corporate
information or intellectual property. We provide granular controls like
copy-and-paste restrictions and character limits to further mitigate risk. In
addition, our Browsing Forensics capabilities provide visibility into user
actions and page resources, even on malicious sites that are no longer live,
aiding in post-event analysis and threat intelligence.
VMblog: What specific market challenges
or pain points is your company addressing at RSA 2025? Can you share any
exclusive previews or announcements that attendees can expect to see at your
booth this year?
Harding: We're focused on solving the most
pressing browser security challenges facing organizations today. First, the
dramatic rise of AI-powered attacks and readily available phishing-as-a-Service
has left traditional security struggling to protect users within their primary
work environment - the browser. Attendees are actively seeking solutions to
this escalating threat. Second, security teams are hampered by a lack of deep
visibility and granular control into user actions within the browser session,
hindering effective incident response and the implementation of a robust
zero-trust strategy. Finally, the complexities of providing secure and seamless
access to critical applications in today's hybrid work models, without
increasing risk or management burdens, remain a significant hurdle. At RSA,
Menlo Security will be showcasing how our solution delivers the deep visibility
and granular control within the browser necessary to effectively combat modern
threats and secure access to critical applications in today's modern workspace.
VMblog: What sets your solution apart in
today's crowded cybersecurity marketplace? Why should RSA attendees prioritize
visiting your booth?
Harding: We secure the browser itself, preventing
threats from ever reaching the endpoint through our unique Secure Enterprise
Browser solution built on network separation and browser isolation. Unlike
legacy solutions that react to threats, we proactively eliminate the browser
attack surface.
We're really looking forward to chatting
with folks at RSA! Swing by Booth #2436 in the South Expo Hall to see for
yourself how we make browsing seriously secure without making it a pain for
your users. Plus, if you want to dive deeper into your specific situation,
we've got our executive team available for private meetings.
VMblog: What role does zero trust play
in your security strategy and solutions? How are you helping organizations
implement zero trust effectively?
Harding: The traditional 'trust but verify' model
is no longer sufficient. Instead, Menlo operates on the core tenet of 'never
trust, always verify,' assuming that all content, users, and applications are
potentially malicious until proven otherwise. The Menlo Secure Enterprise
Browser is architected from the ground up with zero trust in mind, ensuring
there's no direct connection between end users and the websites and
applications they access.
Menlo Security helps organizations move
beyond the daunting idea of a complete, overnight zero-trust overhaul. Our
browser-centric approach provides a critical and easily implementable layer of
zero trust that addresses a significant attack vector - the browser. We enable
organizations to make incremental progress towards a more comprehensive
zero-trust posture by focusing on securing user access to the web and cloud
applications they rely on every day.
VMblog: How is your company addressing
the challenges of securing hybrid and multi-cloud environments?
Harding: Traditional security approaches, like
VPNs and VDI, struggle with the distributed nature of modern work and the need
for seamless access across diverse environments. They often rely on
network-centric controls, which become less effective as applications move to
the cloud and users connect from anywhere, often using unmanaged devices.
Menlo Security brings Zero Trust Access
(ZTA) directly to the browser. We move beyond the limitations of Zero Trust
Network Access (ZTNA) by focusing on securing access to applications and data
regardless of their location or the user's device. The Menlo Secure Enterprise
Browser acts as a consistent and controlled gateway to all web and cloud
resources, whether they reside in private data centers, public clouds, or SaaS
environments.
##