When talking to infrastructure and operations teams, one common concern when moving to a SASE architecture is the loss of visibility and control that they have historically been accustomed to. Overnight traffic destined for critical business applications, both private and public, routes through what is often seen as a black box, or in today’s world, more of a “gray cloud.”
For infrastructure and operations (I&O) teams, the transition from legacy architectures to a modern zero trust architecture is far from straightforward. Teams often face a complex patchwork of fragmented and siloed systems of different vintages, along with the challenge of managing dozens of disparate security and networking vendors.
Remote browser isolation (RBI) has its merits for safe access to risky websites and uncategorized content, plus newly registered, observed, and parked domains. Each user gets a remote container where website code and scripts execute so no malware can infect endpoint devices, while also preventing cross-site scripting, web-based attacks, and phishing prevention.
For remote work and hybrid working environments where we are now more dispersed the central collection point for traffic captures is within the cloud. Networking, infrastructure and operations, and security teams require traffic visibility for troubleshooting, performance monitoring, threat detection, discovery of assets, and to address compliance use cases.
Netskope has recently released two exciting enhancements to our Advanced UEBA product. The enhancements are: Together, these two new features streamline operationalization of Advanced UEBA by providing operators alerts when it identifies users exhibiting risky behavior and an at-a-glance summary of the risky activity observed for each user.
As happens every year, Netskopers from across different teams attended the Black Hat USA, BSides, and DEFCON conferences, each coming away with their own take on what was new and exciting. With “Summer Camp” now behind us, we checked in with those folks who attended to share some of what they saw on the floor and what exciting topics stuck out most to them. Here’s what they had to say.
Zoom is firmly a part of everyday work. The modern workspace is no longer a corporate office—it’s anywhere an employee accesses corporate data and applications. With the widespread adoption of hybrid work, there has been a hard shift towards communication platforms like Zoom that allow you to connect, share ideas, and get projects done together in real time, regardless of your physical location.
From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North America and Asia, across different segments, led by the technology, financial services, and banking sectors.
Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.
