Connect with us

Hi, what are you looking for?



Shield and Visibility Solutions Target Phishing From Inside the Browser

Menlo Security introduced anti-phishing solutions that analyze what users see on a landing page rather than just analyzing the content of an email.

Menlo Security has introduced two anti-phishing solutions that tackle the problem from within the browser; that is, by analyzing what the user sees on a landing page rather than just analyzing the content of an email.

Phishing has been a problem for decades. Far from being solved, it is a bigger problem today than ever. The reason is that phishers have become adept at evading traditional detection systems. “The threat actors have shifted the way that they get to their victims,” says Mark Guntrip, senior director of cybersecurity strategy at Menlo. They have become increasingly evasive and increasingly successful. “So, we’ve put in place something that does things a little differently to the more traditional and commonly deployed security.”

This is performed by new solutions, HEAT Shield and HEAT Visibility. Rather than concentrating on monitoring communications to detect phishing, HEAT looks at the threats as presented to the user on the attacker’s phishing page. The purpose is to recognize the threat at the point of presentation to the user and block the threat at that point. This approach means that any new phishing email that gets through to the user, and is clicked by the user, is still prevented from doing harm.

The linked-page examination is performed by an AI-enhanced analysis of the landing page to assess its legitimacy. “What’s on the website, what logo is being shown? Does the logo look correct for the brand that it represents? What URL is the page coming from, and does it look to be legitimately associated with the brand? What is the page trying to do — Is it trying to download something? Is it a form, and does that form look right or not?” explains Guntrip.

Based on all the information gathered, the solution creates an instant risk score and, if necessary, enforces a dynamic policy change. “Rather than allowing this page, I’m going to put it into isolation.” he continued; “or if I’m sufficiently suspicious, I’m just going to block it dynamically. The whole point is these phishing attacks are now very quick — they come, and they go before human intervention can determine if they are malicious and block them. It’s that zero hour phishing window that we’re trying to play into with a new level of protection.”

HEAT Shield generates the information that triggers Menlo’s Isolation Platform to perform a dynamic block between the user and the phisher’s website. If a phishing email gets through all other defenses, lands in an inbox and is triggered by the user, Shield can still prevent a malicious site stealing the user’s credentials. The focus is from within the browser — seeing and acting on what the user sees rather than listening to evasive and misleading emails from the phisher.

There is no operational delay to the user. If Shield determines there is no risk, the user continues as if nothing has happened. If the risk score is high enough to trigger a block, this happens within milliseconds – a ‘page blocked’ banner appears immediately.

Advertisement. Scroll to continue reading.

HEAT Visibility builds data on who is attacking the company, and what evasive tactics are getting through other defenses. “You can see that on a dashboard,” said Guntrip. “You can dive into it to see what’s happening, what techniques the attackers are using. So, it’s really about understanding the phishing threat landscape as it’s impacting the person or the organization.”

HEAT Visibility will be rolled into all existing Menlo subscriptions. HEAT Shield (which includes Visibility) is a separate subscription service if the customer has no other Menlo services. Menlo provides several product bundles, and if a customer already subscribes to one of the larger bundles, Shield and Visibility will both be added at no extra cost.

Mountain View, California-based Menlo Security was founded in 2012 by Amir Ben-Efraim (CEO) and Poornima DeBolle (CPO). It has raised a total of $250.8 million in five funding rounds including: Series A ($10.5 million), Series B ($25 million), Series C ($40 million), Series D ($75 million) and Series E ($100 million).

Related: Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign

Related: New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts

Related: UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

Related: Zendesk Hacked After Employees Fall for Phishing Attack

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...