Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2021

Not Laughing: Malicious Office Documents using LoLBins

Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve. In August – September of 2020, we analyzed samples that used advanced techniques like: In January 2021, we examined samples that use obfuscation and embedded XSL scripts to download payloads.

The Right Steps to SASE: Refactor Internal Data Center Controls to Closed Loop Risk Management

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the sixth in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture. Throughout this series, we repeat that the data center is just one more place people and data have to go—it’s no longer the center of attention.

Netskope CTE and CrowdStrike Demo

Together, Netskope and CrowdStrike deliver a comprehensive view of threats across web, cloud, and endpoints and work together to respond more quickly and effectively to those threats. By sharing threat intelligence and investigation artifacts Netskope and CrowdStrike can ensure newly discovered threats are quickly identified, endpoints protected, and the threat neutralized across the organization. Additionally, Netskope is able to identify those endpoint devices that are secured by CrowdStrike and granularly control cloud access and activities of any endpoints where the CrowdStrike agent is not installed.

5 Top Tips for Cloud Security from Enterprise CISOs

The Financial Times hosted an excellent event recently, at which I joined Naina Bhattacharya, CISO for Danone; Manish Chandela, Group CISO for Unipart and Florence Mottay, Global CISO for Ahold Delhaize, to discuss cloud security. The FT’s Dan Thomas moderated and the panellists all shared some excellent and candid insights into cloud threats and security strategies within their organisations.

Cloud Threats Memo: Beware of Leaky Buckets and Cloud Apps

Another memo, another leaky cloud app compromising the personal information of hundreds of thousands of individuals (and yes, you can easily guess the app that exposed the data so no spoiler alert needed—it was an S3 bucket). The latest organization to join the long list of victims of cloud misconfigurations is Cosmolog Kozmetik, a popular Turkish online retailer that exposed more than 9,500 files, totaling nearly 20 GB of data.

The SASE Solution to Network and Security's Complicated Relationship Status

If our friends Security and Networking were on Facebook, they would probably both list their relationship status as “It’s Complicated.” Sometimes everything’s great, but now and then things can get a little weird, unclear, or uncomfortable. At many organizations, there has traditionally been a barrier between the security and networking teams. Each team has its own objectives — and at times, those objectives can be at cross-purposes.

Cloud Threats Memo: Illustrating Big Risks in the Shift to Remote Working

The exploitation of traditional remote access technologies is reaching new records. That, in a nutshell, is the main finding of Nuspire’s Threat Landscape Report Q1 2021. The report, sourced from 90 billion traffic logs during Q1 2021, looks at a range of events such as malware activity, botnet activity, exploitation activity, and remote access. The remote access section probably best illustrates the risks posed by the sudden shift to remote working.

Bridging the Network-Security Divide with SASE Thinking

The many business benefits made possible by digital transformation are undoubtedly making waves across industries. Data is the raw material that drives smarter decision-making, and as such, drives value for organizations, but things quickly get challenging when you start to consider how all that data will be used—and who has access to it, when.

The Right Steps to SASE: Extend Zero Trust to Data Protection and Private Access

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the fifth in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture. Now that your organization is smarter about its traffic, able to see what’s going on, and able to enforce policies to secure its data, you can realize the promise of a remote-first workforce.

Netskope Named a 2021 Gartner Peer Insights Customers' Choice for Secure Web Gateway

At Netskope, one of our core values as a company is that customers are always our number one priority. We know that technology projects are rarely easy undertakings and it’s our job to be there for our customers and for them to know we have their backs. With that in mind, we are excited to announce that Netskope has been recognized as a Customers’ Choice in the June 2021 Gartner Peer Insights ‘Voice of the Customer’: Secure Web Gateway.

Who Do You Trust? OAuth Client Application Trends

Federated identity systems, such as Google Identity, bring security and convenience in the form of SSO for Internet or cloud applications. It is common to be prompted for authentication in order to grant various levels of access or permissions for applications ranging from Google Drive, Google Cloud SDK, Google Chrome plugins, Slack, Adobe, Dropbox, or Atlassian to numerous third-party apps.

Cloud Threats Memo: Takeaways From the Q1 2021 Phishing Activity Trend Report

The Anti-Phishing Working Group (APWG) has just released its Phishing Activity Trend Report for Q1 2021. The first findings are easily predictable; the dispersion of the workforce is pushing phishing attacks to new records: just in January 2021, the APWG detected 245,771 unique phishing sites, the highest number reported so far.

The Right Steps to SASE: Introduce Zero Trust Principles to Web, Cloud, and Activity Access

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the fourth in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture. This is when you’ll begin to put NG-SWG to work as you lay the foundation of your SASE. Fortunately, the capabilities needed to set things right are built into NG-SWG.

Key Considerations for the Future of Work

In summer 2020, as it became abundantly clear that remote working in response to the COVID-19 pandemic was here to stay, Netskope surveyed more than 400 end-users in the US from across many industries, including telecommunications, IT, government healthcare, finance, nonprofit, and education, about their thoughts related to remote working.

Operationalizing IP Allow Lists for Cloud Environments

If applying IP allow lists to the cloud excites you as much Another One Bites the Dust on volume 11, read on. In this blog, I’ll discuss some considerations regarding operationalizing, automating, and increasing the efficacy of IP allow lists in your cloud infrastructure. Although this discussion will be in the context of cloud infrastructure providers such as AWS, GCP, and Azure, it should also be applicable to other cloud infrastructure and application environments.

Cloud Threats Memo: RDP Misconfigurations and Initial Access Brokers

A recent study by Sophos has added more fuel to the RDP fire, confirming that the exploitation of this service, when not adequately protected, remains one of the preferred techniques to compromise an organization. Not only has the exposure of RDP servers, driven by the pandemic, led to an exponential increase of brute-force attacks against this service, but it has also encouraged a flourishing market of initial access brokers.

A Real-World Look at AWS Best Practices: Password Policies

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

The Right Steps to SASE: Place Core Inspection Points Between Users and Apps

This is the third in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture. With a Next Generation Secure Web Gateway (NG-SWG) firmly in place and your visibility into all your traffic dramatically increased, one thing is certain: You may not like what you see next. Are your people using Microsoft Office 365? Salesforce? Workday? Box? The answer is almost certainly, yes.

3 Key Observations on Network and Security Transformation

Recently I attended another great Evanta CIO event, and in the course of a day packed with excellent talks and knowledge-sharing opportunities, I had the opportunity to sit down and discuss the topic of network and security transformation with Stuart Hughes, the CIDO at Rolls Royce. Stuart shared his experiences over the past 18 months, discussing how the pandemic—among other things—had changed his strategic approach to security.