Open service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names.

**STERLING, Va. – June 22, 2022** – Neustar Security Services, a leading provider of cloud-oriented security services that enable global businesses to thrive online, has launched an open and abridged version of its UltraDNS Health Check site at ultradnshealthcheck.com. Until now, UltraDNS Health Check had been reserved for customers subscribing to the company’s UltraDNS line of products, which delivers an enterprise-grade, cloud-based authoritative DNS service to securely deliver fast and accurate query responses to websites and vital online assets. Making this public-facing version of UltraDNS Health Check generally available enables any organization to leverage a powerful tool in assessing the hygiene of their domains and keep them safe, secure, optimized and in compliance.

The external UltraDNS Health Check site was designed with hundreds of industry standards and best practices in mind to help identify potential configuration and security issues. It runs more than 20 validations, enabling users to ensure that their domains are RFC-compliant and adhere to best practices. On-demand checks include those for Domains to validate core configurations for appropriate routing and security as well as Name Servers (NS) to flag misconfigurations that could impact security, performance, or query resolution. Additional checks are run for mail exchanges (MX), start of authority (SOA) and DNS Security (DNSSEC).

“Securing your DNS is easy to overlook and difficult to stay on top of, and we are excited to make a resource that has been invaluable to UltraDNS customers available to all,” said Enrique Somoza, Director of Product Management for DNS at Neustar Security Services. “With this external DNS Health Check site, future customers can now see a subset of the full functionality that current customers benefit from every day to assess the hygiene of their DNS and take appropriate action to maintain performance. It is just one of Neustar Security Services’ comprehensive offerings that contribute to the 95% customer satisfaction ratings we have achieved in recent periods.”

Taking advantage of the external UltraDNS Health Check site is simple. Users provide their domain names for analysis, alongside contact information to receive their personalized health check reports. The reports offer immediate results and standards-based recommendations on the state of various zones, providing feedback on whether zones are in good standing, in error, may have an issue or do not conform to best practices. The site is free to use regardless of who your DNS providers are.

DNS is a mission critical service responsible for keeping businesses accessible and available, and because it is foundational, it has likely evolved over time along with a company’s strategies, staff and systems. It can be one of the simplest ways into an organization, and cybercriminals doing reconnaissance find DNS a rich source of information. With DNS, bad actors can gather a domain’s subdomains to accurately map a target, and easily available tools can find hidden servers and reveal a host of different prospective targets. With UltraDNS Health Check, users have an effective platform at their disposal for identifying misconfigurations and potential security issues, gleaning valuable information for taking action to restore DNS hygiene and integrity. Access and more information are available at ultradnshealthcheck.com.

Neustar Security Services Launches Public UltraDNS Health Check Site

Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.

Russia’s notorious advanced persistent threat group APT28 is the latest in a growing number of attackers trying to exploit the “Follina” vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows.

Researchers from Malwarebytes this week observed the threat actor — aka Fancy Bear and Sofacy — sending out a malicious document with an exploit for the now-patched flaw (CVE-2022-30190) via phishing emails to users in Ukraine. The document was titled “Nuclear Terrorism A Very Real Threat.rtf" and appeared designed to prey on fears about the war in Ukraine spiraling into a nuclear holocaust. 

Malwarebytes identified the contents of the document as a May 10 article from the Atlantic Council on the potential for Russian President Vladimir Putin to use nuclear weapons in Ukraine.

Users who opened the document ended up having a new version of a previously known .Net credential stealer loaded on their systems via the Follina exploit, which made headlines as a zero-day earlier this month. The malware is designed to steal usernames, passwords, and URLs from Chrome and Microsoft Edge browsers. It can also grab all stored cookies in Chrome, Malwarebytes researchers say.

Ukraine’s Computer Emergency Response Team (CERT-UA) separately warned of the same threat. In an advisory, it said it had spotted APT28 using the same malicious document that Malwarebytes reported to try and distribute the CredoMap credential-stealing malware to users in Ukraine. 

Available telemetry suggests that the adversary has been using the document since at least June 10, CERT-UA says.

“The target, and the involvement of APT28, (a division of Russian military intelligence), suggests that campaign is a part of the conflict in Ukraine, or at the very least linked to the foreign policy and military objectives of the Russian state,” states Malwarebytes in a report Tuesday on the new activity.

**The Follina Feeding Frenzy**

The Follina bug in MSDT exists in all current versions of Windows and can be exploited via malicious Microsoft Office documents. To trigger it, all an attacker needs to do is call MSDT from an Office app, such as Word, using the URL protocol. Attackers can exploit the flaw to gain remote control of vulnerable systems and take a variety of malicious actions on them, including executing malicious code, installing programs, modifying data, and creating new accounts. 

Microsoft disclosed the flaw in late May amid widespread zero-day exploit activity. The company finally issued a fix for the vulnerability in its Patch Tuesday set of monthly security updates for June.

Malwarebytes describes the Ukrainian campaign as the first time it had observed APT28 exploiting Follina. But numerous other groups, including other state-backed actors, have been actively exploiting the vulnerability in recent weeks.

Many of the attacks have targeted Ukrainian entities. Earlier this month, for instance, CERT-UA warned about a threat actor — likely Russia’s Sandworm APT group — using a Follina exploit in a “massive cyberattack” targeting media organizations in Ukraine. 

And just this week, CERT-UA warned about a threat group it is tracking as UAC-0098, which is targeting critical infrastructure facilities in Ukraine with a tax-themed document carrying a Follina exploit. According to the CERT-UA, the attackers in this campaign are exploiting Follina to drop the Cobalt Strike Beacon post-compromise attack tool on compromised systems.

Other reports of Follina-related activity have emerged as well, suggesting the flaw is of high interest to attackers and needs to be addressed quickly. Earlier this month, Proofpoint reported that it had blocked a likely stated-backed phishing campaign involving a Follina exploit that targeted a handful of its customers. The phishing email masqueraded as a document about a salary increase, which if opened would have resulted in a PowerShell script being downloaded to the system.

Symantec, too, has reported observing a variety of threat actors exploiting Follina to distribute different malicious payloads, including the AsyncRAT remote access Trojan and another unnamed malware for stealing cookies and save login data from browsers such as Chrome, Edge and Firefox.

Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign

Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.

Although observed Magecart skimmer attacks have been less frequently reported in recent months, analysts have discovered fresh infrastructure they were able to trace to malicious domains behind an ongoing campaign.

The Malwarebytes Labs team connected the skimmers to activity dating back to May 2020. 

The attackers hid the skimmer behind three JavaScript library themes, the report said: 

*   hal-data\[.\]org/gre/code.js (Angular JS)
*   hal-data\[.\]org/data/ (Logger)
*   js.g-livestatic\[.\]com/theme/main.js (Modernizr)

The team added that a recent drop in Magecart activity could be because many threat actors may be pivoting from stealing credit-card numbers to more profitable targets.

"Crypto wallets and similar digital assets are extremely valuable and there is no doubt that clever schemes to rob those are in place beyond phishing for them," the team wrote.

But worryingly, the disappearance of Magecart from the radar could also be because the attacks have moved server-side and become harder to detect with simple scanners, the analysts said. 

"Perhaps we have been too focused on the Magento CMS, or our crawlers and sandboxes are being detected because of various checks including at the network level," the team said about waning detections of Magecart skimmer attacks.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts

Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Realizing the vast potential of the cloud enables organizations to innovate and undergo digital transformations. The last two years have demonstrated the importance of ensuring sound cybersecurity, especially as many enterprises have migrated to the cloud. A key part of the cloud, however, is ensuring that enterprises utilize proper identity management. Increased cloud adoption has resulted in a deluge of new human, and even non-human, identities that threat actors can compromise. Enterprises that don’t take this seriously can find themselves the latest victims of a breach.

One should look no further than Okta, a popular identity management platform used by many enterprises. Earlier this year, the Lapsus$ criminal organization claimed to be in possession of a super-user account at Okta. While the full extent of the breach isn't yet known, having these high-level credentials potentially means the criminal organization has the figurative "keys to the kingdom" regarding access, along with the ability to obtain the data of users who rely on the Okta platform. When an identity and access management (IAM) provider is the victim of an identity-based attack, you know that threat actors are playing hard.

That said, IAM isn't a new issue and will certainly become more important in the foreseeable future. A report from Cider Security ranked IAM as the second biggest problem in continuous integration/continuous delivery environments. These concerns relate to both the permissions granted to identities across an enterprise and ensuring that permissions are deprovisioned in a timely manner.

**Difficulties of Managing Identities in the Cloud**

Managing identities in the cloud is difficult due to a confluence of factors. Often the structure of a cloud provider's notions of projects and organizations don't map well to how an enterprise structures itself. This can lead to things like a single enterprise user trying to manage multiple "identities" within the cloud in order to do their job. Downstream, this results in few, if any, people having any real visibility into who has access to what within the cloud.

As problems like this grow, they're further exacerbated as the company hires employees and then experiences turnover. Also, moving from on-premises to the cloud can create similar challenges. Enterprises spend years operating in one way that works for them with their own hardware, and then as they move to the cloud, they need to adjust that older way of working to the cloud provider's structures.

**Consequences of Improperly Managed Identities**

From a security perspective, failure to properly manage IDs in the cloud opens up enterprises to a lack of command and control of who can do what within their infrastructure. It also makes it very difficult to recognize when something is askew with IDs or permissions for those identities.

From a non-security perspective, poorly managed identities can lead to friction in an enterprise's processes and then may lead to undesirable outcomes. These outcomes could include employees having to log in to cloud assets using multiple identities, or employees continually finding that they must request new permissions that they should have had from the outset. Ultimately, this slows down an enterprise's processes.

**Two Common IAM Missteps**

Customers regularly fail to build out cloud-based solutions where identity management is concerned. Ultimately, the cloud resources being accessed by identity holders don't care if you're a person, a machine, or a dog. If you have the right credentials, you're authenticated and authorized. Before they know it, a mission-critical service is running 24/7/365, and some key piece of that service is talking to other critical services via a human employee's identity. What happens when that employee leaves? Ensuring the continuity of services is imperative for enterprises and their identity and access management in the cloud.

Another potential pitfall comes with users sharing credentials. It doesn't take long for that key to get used without anyone having any capability to track down exactly who is really accessing the cloud resources. This lack of accountability can lead to big problems, including security concerns, for enterprises.

**How Organizations Can Mitigate Security Concerns**

First and foremost, treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud. Create your own well defined policies on identity management with an eye toward ensuring the principle of least privilege, in which identities can only access what they need.

Don't let the tools from cloud providers determine how you run your business. A great way to ensure that your enterprise is in the driver's seat is to find people that know the cloud and know it well. Bringing in outside assistance from those who know it best not only puts it in the hands of those who are the most qualified to do so, but it can also help to mitigate common IAM problems that you may not even have on your radar. Additionally, it's important to gain organizationwide visibility into your cloud infrastructure. This valuable insight into your cloud infrastructure provides numerous benefits, not just for IAM but for compliance and financial management as well.

Getting a Better Handle on Identity Management in the Cloud

partnership lets users access one-click ScreenMeet sessions from the Tanium platform.

**KIRKLAND, Wash., and SAN FRANCISCO, June 22, 2022** – Tanium, the industry’s only provider of converged endpoint management (XEM), and ScreenMeet, the only cloud-native, remote support solution that’s fully integrated with leading ITSM service providers, today announced a strategic partnership to deliver one-click ScreenMeet sessions from the Tanium platform.

Tanium will resell ScreenMeet’s software as an add-on capability to the robust Tanium XEM platform, offering 99 percent cloud reliability and a seamless remote-desktop experience that doesn’t require toggling between multiple solutions. Tanium architecture makes ScreenMeet software available on demand from every endpoint.

“ScreenMeet takes advantage of the Tanium platform to deliver an instant remote-desktop solution without adding another agent to the customer environment,” said Rob Jenks, SVP of corporate strategy at Tanium. “And because Tanium has complete control over the endpoint, ScreenMeet can be launched securely with elevated privileges, improving security and help desk time-to-resolution simultaneously.”

The integrated solution will offer customers attended (user-approved) and unattended (no user present) remote desktop capabilities. Many vendors require additional centralized infrastructure for unattended remote desktop capabilities, but the Tanium + ScreenMeet partnership enables unattended capabilities that do not need additional technology investments to work.

"The continued rise in distributed workforces makes providing efficient remote-desktop support to all endpoints critical to IT operations and security success,” said Lou Guercia, COO at ScreenMeet. "Partnering with Tanium enables us to offer seamless service and secure access anywhere for our customers.”

Joint Tanium and ScreenMeet customers can expect to see significant productivity gains in their help desk processes. Early adopters have already experienced:

*   A 30 percent increase in level one first‐call resolutions
*   Reductions in case handling time from one or more days to less than half a day
*   Significant operational cost reduction
*   A simplified experience for both the agent and the employee being supported

“Tanium and ScreenMeet have created the best remote desktop experience I’ve ever seen,” said a desktop administrator at IT and cloud solutions provider AHEAD. Existing Tanium customers can find out why by contacting their account teams to learn more and new ones can test drive the solution at https://try.tanium.com.

**About Tanium**  
Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium is included among the Fortune 100 Best Companies to Work For and has been named to the Forbes Cloud 100 list for six consecutive years. In fact, more than half of the Fortune 100 and the U.S. Armed Forces trust Tanium to protect people, defend data, secure systems, and see and control every endpoint everywhere. That’s the power of certainty. Visit www.tanium.com and follow us on LinkedIn and Twitter.

**About ScreenMeet**  
ScreenMeet was founded in 2015 by online meeting and customer support veterans to build a new generation of cloud-based, enterprise tools for customer support and IT help desk for industry-leading, globally recognized brands. For enterprises seeking to deliver exceptional person-to-person customer support experiences, ScreenMeet provides purpose-built support software that integrates with CRM and ITSM platforms made with the latest cloud technologies. For more information, please visit www.screenmeet.com.

Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops

Zscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS.

San Jose, California, June 22, 2022 / Las Vegas, Nevada, June 22, 2022

Zscaler, Inc. (NASDAQ: ZS) today announced an extension to its relationship with Amazon Web Services (AWS), a preferred cloud provider. In addition, Zscaler announced innovations built on Zscaler’s Zero Trust architecture and AWS to help enterprises securely accelerate their transition to the cloud. Working together, the companies will deliver customers a unified solution to consolidate and simplify cloud security operations while helping organizations advance their security architecture from ineffective legacy models to a modern Zero Trust approach designed for the cloud.

Today, enterprises are often left to purchase, implement, and manage dozens of disparate point products, which has resulted in operational complexity and higher overhead costs. As the cloud continues to mature, enterprises are looking for a holistic cloud-based platform with integrated services, including, Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlements Management (CIEM), Cloud Workload Protection Platforms (CWPP), Data Loss Protection (DLP), Configuration Management Database (CMDB), and Infrastructure as a Code (IaC) scanning, to protect their globally distributed workloads.

To help enterprises advance their deployment of Zero Trust to secure their cloud applications and improve the security of their 5G connections, Zscaler and AWS have extended their relationship to deliver simple, yet powerful, solutions built on AWS. These solutions are designed to help identify, prioritize, mitigate, and remediate cloud workload risks for the applications and the cloud infrastructure, while also extending Zero Trust to Private 5G connections. In cooperation with AWS, Zscaler's three innovations designed to advance cloud security and cloud connections include:

1.  **Delivering Cloud-Native Application Protection Platform (CNAPP), Built on AWS**: Built and operated on AWS, Zscaler’s new Posture Control™ solution helps DevOps and security teams accelerate cloud adoption by efficiently implementing their portion of the AWS Shared Responsibility Model. The platform reduces operational complexity and overhead by replacing multiple point security products–CSPM, CIEM, CWPP, IaC scanning, DLP, CMDB – with a single, unified platform that analyzes millions of attributes to prioritize the critical issues that the security team should focus on first. AWS was chosen for its breadth of services, scale, reliability, and prevalence as a primary cloud provider in a large portion of Zscaler’s customer base.
2.  **Extending Zero Trust Security to Workloads on AWS**: In cooperation with AWS, Zscaler is extending the Zscaler Zero Trust Exchange™cloud security platform to protect cloud workloads against malware and data breaches as enterprises continue to migrate and refactor their applications and workloads on AWS. Zscaler delivers customers the benefits of inline inspection for internet traffic from cloud workloads at a carrier-grade scale using deep integration with AWS native technologies, such as Gateway Load Balancer, AWS Secrets Manager, AWS CloudFormation, and AWS Auto Scaling. It also extends the app-to-app segmentation capabilities of the platform, significantly reducing the enterprise attack surface and risk associated with lateral threat movement.
3.  **Enabling Zero Trust for Private 5G with AWS Wavelength -** The Zscaler Zero Trust Exchange protects workloads running on AWS Wavelength by providing user-granular, Zero Trust access directly to the devices connected to the mobile network. The service is delivered using Zscaler Private Access™ (ZPA)–a Zero Trust architecture built on AWS that supports both cloud and hybrid infrastructure control and deployment.

“Zscaler, in collaboration with AWS, provides an innovative and highly-scalable solution for securing cloud workloads,” said Rui Cabeço, IT Service Group Manager & Global Outbound Connectivity Lead at Siemens. “We look forward to leveraging the powerful capabilities of Zscaler and the AWS Marketplace to drive business agility as we continue our cloud transformation.”

“Many organizations struggle with the notion of Zero Trust for cloud security,” said Punit Minocha, Executive Vice President, Business and Corporate Development at Zscaler. “Zscaler’s latest innovations– our Posture Control solution and new cloud workload protection services–built on AWS as a preferred cloud provider, offer our joint customers simplified and efficient solutions to effectively remediate cloud workload risk, delivered via the Zscaler Zero Trust Exchange cloud security platform.”

**“**Zscaler and AWS share a common vision to deliver the highest quality security solutions to our joint customers and help them navigate the latest cloud security requirements,” said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. “This expanded relationship will offer organizations across the world simple yet powerful solutions built on and tightly integrated with AWS security, observability and data protection services.”

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler and AWS Expand Relationship

Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.

San Jose, California, June 22, 2022 / Las Vegas, Nevada, June 22, 2022

Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its new Posture Control™ solution, designed to give organizations unified Cloud-Native Application Protection Platform (CNAPP) functionality tailor-made to secure cloud workloads. Integrated into the Zscaler Zero Trust Exchange™, the Posture Control solution enables DevOps and security teams to efficiently prioritize and remediate risks in cloud-native applications earlier in the development lifecycle. The completely agentless solution correlates and prioritizes risks, such as unpatched vulnerabilities in containers and VMs, excessive entitlements and permissions, and cloud service misconfigurations.

“The cybersecurity landscape continues to evolve as more applications reside across multi-cloud footprints, making it more difficult than ever for security, IT, and DevOps teams to keep up with new types of attacks and efficiently prioritize and then remediate cloud risks,” said Amit Sinha, President, Zscaler. “Unlike point cloud security tools, which lack context and overburden operators with alerts while missing the full picture, Zscaler’s new Posture Control solution correlates signals across several cloud security disciplines to identify and prioritize real risk drivers and high priority security incidents. Also, by extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier in the development lifecycle.”

Today, most enterprises are forced to implement and manage dozens of point security tools to achieve complete security coverage. These tools operate in silos and are not integrated, leading to visibility challenges, security gaps, and friction among cross-functional teams. However, due to the dynamic nature of the cloud, security risks are made up of a combination of several complex issues that are interconnected across multiple layers. To address them, security teams need a consolidated platform that prioritizes risk across all their cloud environments.

To meet the scale and speed required for cloud-native application development, organizations need a unified approach that envelops the entire Continuous Integration and Continuous Delivery (CI/CD) lifecycle, integrating seamlessly with developer and DevOps workflows. They also need a simplified architecture that correlates issues across multi-cloud environments to better identify high priority security risks and deliver remediation via each stakeholder’s preferred workflows earlier in the development process.

“As organizations increasingly move their applications to the cloud, security teams struggle to keep up with cloud-native development because multiple siloed tools create too many alerts that are difficult to manage and prioritize,” said Melinda Marks, Senior Analyst, Enterprise Strategy Group (ESG). “With its integrated approach, Zscaler’s Posture Control solution can help security and DevOps teams better identify, prioritize, and remediate risks. With solutions like this, organizations can focus on the top issues to greatly reduce their overall risk.”

Zscaler’s new Posture Control solution builds on the security capabilities of Zscaler’s proven Workload Communications solution, which is designed to secure cloud applications at runtime. Integrated with the Zscaler for Workloads service, the Posture Control solution and Workload Communications are combined to unify development and runtime security of cloud-native and VM-based applications running on any service in any cloud. The Posture Control solution delivers comprehensive coverage of all cloud environments in a singular view and a unified data model to enable security, IT, and DevOps teams to secure cloud apps without disrupting the development processes. Following are key features of the Posture Control solution:

*   **Advanced Threat and Risk Correlation:** Identify and assess the combination of multiple security issues that may appear to be low-risk individually, but have the potential to create larger, more malicious risks across cloud environments when combined. These correlated risks are unified in a singular view, giving security teams the context they need to properly explore and prioritize risks in the cloud.
*   **Agentless Workload Scanning:** Avoid developer friction and eliminate blind spots due to incomplete coverage of security tools with a 100% agentless, API-based approach. VMs and containers are scanned in both registries and in production environments, correlating vulnerabilities with other cloud weaknesses to prioritize actions based on risk rather than on CVSS score alone.
*   **Full Lifecycle Cloud Security:** Detect and resolve security issues early in the development phase before they become production incidents with “shift left” security. Zscaler monitors automated deployment processes and sends alerts when critical security issues are found.
*   **Risk and Compliance Visualizations Across the Entire Cloud:** Gain 360-degree visibility into risks across the entire multi-cloud footprint, including VMs, containers, and serverless workloads. Zscaler integrates with development platforms like VS Code, DevOps tools such as GitHub and Jenkins, and all major cloud providers to enable visibility and control “from build to run.”
*   **Simplified, Fast Deployment** **and Operations** - Zscaler and HashiCorp, a leader in multi-cloud infrastructure automation, have extended their integrations to secure cloud-native workloads in multi-cloud environments. The Posture Control solution can now easily scan infrastructure-as-a-code templates written in Terraform in the development environment. This shift-left approach provides the ability to build security in the CI/CD process, thereby reducing friction between development and security teams, and providing rapid application deployment and better security posture of cloud workloads.

For more details about Zscaler’s Posture Control solution, please see here.

About Zscaler  

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler Launches Posture Control Solution

Organizations can strengthen their network defense with a number of intelligent security innovations.

San Jose, California, June 22, 2022 / Las Vegas, Nevada, June 22, 2022

Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced newly advanced AI/ML innovations powered by the largest security cloud in the world for unparalleled user protection and digital experience monitoring. The new capabilities further enhance Zscaler’s Zero Trust Exchange™ security platform to enable organizations to implement a Security Service Edge (SSE) that protects against the most advanced cyberattacks, while delivering an exceptional digital experience to users, and simplifying adoption of a zero trust architecture.

Organizations are facing a 314 percent increase in cyberattacks on encrypted internet traffic and an 80 percent increase in ransomware with nearly a 120 percent increase in double extortion attacks. Phishing is also on the rise with industries like financial services, government and retail seeing annual increases in attacks of over 100 percent in 2021. To combat advancing threats, organizations need to adapt their defenses to real-time changes in risk. However, lean-running IT and security teams are experiencing security alert fatigue with increasing exposure to real-time threats and often don’t have the resources or skills to effectively investigate and respond to the mounting volume of threats. Zscaler is addressing these challenges by providing one-click root cause analysis to instantly identify the issues behind poor digital experience, freeing up IT and security teams from troubleshooting to focus on preventing attacks. AI-powered security helps IT professionals by automating threat detection to deliver better and faster protection.

Zscaler operates the largest in-line security cloud, which inspects over 240 billion data transactions daily and blocks 150 million daily attacks across the globe to dramatically expedite investigation, response and resolution times, and pinpoint potential malware to stop breaches and data loss. Zscaler is uniquely equipped to train its AI/ML models for superior accuracy in automating threat responses and making policy recommendations to security teams. From faster threat detection to freeing up resources, Zscaler’s Zero Trust platform enables IT and security teams to reduce the constant fire drill of manually chasing alerts and trying to identify new threats.

“Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before,” said Amit Sinha, President, Zscaler. “To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.”

Utilizing Zscaler’s AI-powered Zero Trust platform, organizations can now strengthen their network defense with the following intelligent security innovations:

*   **AI-powered phishing prevention:** Detect and stop credential theft and browser exploitation from phishing pages with real-time analytics on threat intelligence from 300 trillion daily signals, expert ThreatLabz research, and dynamic browser isolation.
*   **AI-powered segmentation:** Simplify user-to-app segmentation to minimize the attack surface and stop lateral movement with AI-based policy recommendations trained by millions of cross-customer signals across private app telemetry, user context, behavior, and location.
*   **Autonomous risk-based policy engine:** Dynamically adapt security and access policies in real-time across the Zscaler™ Zero Trust Exchange to maintain network integrity against rapidly-evolving cyber threats. The new capabilities also allow security teams to customize policies based on risk scoring for users, devices, apps, and content.
*   **AI-powered root cause analysis:** Accelerate mean time to resolution putting impacted end users back to work in a matter of seconds by identifying root causes of poor user experiences 180 times faster, freeing IT from time-consuming troubleshooting and analysis.

“Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides,” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.”

“With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort. “The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers.”

For more details about Zscaler’s AI-powered Security Service Edge (SSE) platform, please see here.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange

Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)

_The first article of this two-part series examined ways to improve multifactor authentication (MFA) and boost adoption. This story takes a look at how organizations can adopt more advanced passwordless MFA and true passwordless systems._

Getting to passwordless won't be easy, but the concept is finally gaining momentum. Although several vendors have offered passwordless MFA and true passwordless technology for a few years — mostly relegated to enterprise use — a more comprehensive framework is now taking shape. Apple, Google, and Microsoft have jointly agreed to adopt passwordless in earnest.

For example, Apple will be introducing Passkeys, which completely replace passwords used to log into websites, in a few months. The framework, based on the FIDO Alliance standard, uses biometrics such as Face ID to generate a unique, encrypted digital key that resides only on the device and within an encrypted keychain used for other Apple devices, including the iPhone, iPad, Mac, and Apple TV. This makes it impervious to phishing and other forms of data extraction.

In 2020, Microsoft turned to biometrics for authentication in Windows 10 and Windows 365 — and the company is also expanding passwordless to websites. In addition, all three companies are adding the ability to transfer this identity data across authenticated devices and systems. In the past, changing phones or other devices typically meant reinstalling credentials — a time-consuming and irritating task.

In addition to building biometrics and other security mechanisms into their operating systems, the Big Three are introducing software development kits (SDKs) that companies can use to build passwordless websites. As a result, it will soon be possible for consumers to begin ditching passwords for compliant sites and services. Like Apple's Passkey, a mobile phone or other registered device authenticates the person and then sends the request to the server without sending the biometric data.

"Where the big vendors lead, everyone else follows," says Don Tait, a senior analyst for Omdia.

At the heart of this transformation is the FIDO Alliance. "It is a classic example of the impact of consumerization on technology," adds Rik Turner, a senior analyst at Omdia. "As people begin to use tools in their private lives, they begin to seep into the workplace."

**A Matter of Identity**

Security experts say that the first step in building a better authentication framework is to stop using outdated methods like secret words and one-time codes to verify users. Even push apps are vulnerable to exploits. For example, crooks who gain access to a company's network or an MFA system can generate fake authentication requests that someone might authorize in a moment of distraction or inattentiveness.

Even highly secure YubiKeys and other U2F tokens aren't exempt from vulnerabilities and workarounds. For example, if a user forgets the key or can't use it for some reason, the typical workaround is to revert to a text code or less secure form of MFA as the backup. At that point, even an ultra-secure digital token can't provide protection.

A deeper and broader use of biometrics and user verification methods, including presence-based authentication and behavioral or activity-based models, is key. This includes the use of the FIDO protocol WebAuthn, which delivers an API that supports strong, public-key cryptography registration and authentication. It can be combined with a continuous authentication method that reverifies the identity of the session through a persistent token.

Several companies, including Beyond Identity, Veriff, 1Kosmos, and Jumio, have adopted this type of approach. They rely on FIDO standards that tie into biometrics, along with a highly secure identity proofing method. Typically, they ask users to provide a document such as a driver's license or a passport, which is securely stored in an app on the device. A selfie or face scan ensures that everything matches and authenticates the user.

For example, Veriff, which works in 190 countries, in 35 languages, and with 8,000 IDs, runs an online blockchain-based identity verification within a few seconds. It uses an AI-supported decision engine that incorporates real-time feedback through a document check, biometric scan, face comparison, background video, and device and network analytics. Financial institutions, healthcare providers, and others that use the technology can also reduce fake accounts and fraud.

"This creates a barrier that is much more difficult for an intelligent and determined bad actor to bypass," says Kalev Rundu, senior product manager at Veriff. "People today are much more willing to use biometrics for authentication, but they are only ready to do it if they receive real value in return and they can maintain control over how and where their data is used."

**Forward Thinking**

The move to passwordless MFA and true passwordless remains a slow march. For now, advanced authentication is more viable within the enterprise, where it's a closed and controlled environment. Michael Engle, co-founder and CSO at passwordless MFA solutions vendor 1kosmos, estimates that 80% of passwords can be eliminated almost immediately with the right strategy and tools.

For now, Omdia analysts Tait and Turner recommend migrating to passwordless MFA without delay. Not only does the framework deliver a better and safer customer experience, but it can also drive revenue growth, they argue. In addition, it's wise to phase in true passwordless systems and build on them through the FIDO Alliance, as well through Apple Passkeys and the equivalent passwordless systems at Google and Microsoft.

Along the way, it's also essential to educate customers and employees about passwordless authentication and ensure that people understand that their biometric data is being used as their gateway to apps and the Internet. The combination of better UX, incentives, and more streamlined processes can, over the long term, boost security, improve trust, and trim security costs.

Says Jasson Casey, CTO for Beyond Identity: "In the end, the objective isn't to eliminate passwords, though that's a noble cause. It's to create better security and a safer computing environment for everyone."

Evolving Beyond the Password: Vanquishing the Password

The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

As security conferences return to in-person venues, the cybersecurity community is buzzing with concerns over multichannel phishing attacks, with mobile phishing the biggest concern as hackers turn to mobile to launch smishing and business text compromise attacks.

By moving completely to the cloud, apps and browsers are all we need to communicate with work, family, and friends. While most of us are aware of the cybersecurity guardrails, we are not infallible. We can be lured into providing personal information and credentials or installing malicious apps that can undermine even the most sophisticated cybersecurity defenses. Our reliance on mobile devices with little or no protection from malicious attacks leaves personal and company data at risk.

Multichannel phishing attacks are on the rise, and more breaches are successful because hackers are delivering very targeted attacks on massive scales — powered by automation technology, taking advantage of human psychology, and exploiting our use of apps, browsers, and multiple communications channels.

Humans are the most strategic cybersecurity entry points into an organization because criminals can use psychology to fool us into overriding or undermining even the most sophisticated cybersecurity protection setups. And today's sophisticated attacks are essentially invisible to the human eye. Gone are the poorly spelled phishing emails of yesterday. Today's human hacking can fool even the most security-aware professional to follow a malicious URL or log in to an illegitimate site and expose data and a network. For the attacker, it's much more straightforward and a lower cost to attack a human than a network or a well-defended machine.

'Furthermore, our world — and the way we use technology — has been dramatically altered. This has further increased the danger of human hacking attacks. Post-pandemic, a large percentage of the workforce will continue to have some hybrid remote/office working arrangements — meaning that we're mixing our personal and professional worlds online more than ever. That opens us to more threats, especially when human hacking attacks are coming from legitimate infrastructure. We've turned to interacting through apps and working on browsers. Using collaboration channels like Zoom and Slack and doing nearly everything through our smartphones has opened more attack vectors.

Gone are the days when phishing emails were easily spotted due to low-quality logos, poor grammar, or just the totally unbelievable nature of the email. Now, attackers are well-equipped and very strategic about their attacks, and the believable SMS text or social media invite from a cybercriminal is far more dangerous.

Then, the sheer number of these channel users multiplies the risk equation for enterprises. Add to this the fact that attacks have evolved to the point where a single attack will use multiple channels to convince the users that they are legitimate. There is also the major issue of underestimating the risk of the human factor — today's attacks are simply impossible to detect with human-only views, assessments, and forensics.

**What to Watch For**

Now, especially as the browser is becoming the operating system of the enterprise, the number of channels for attack has increased. Browser extensions and plug-ins are available through very respected big brands, including Android and Apple, but they are not always safe. Also, browser search results can become embedded with attacks, attracting the attention of the user with something that they care about and are more likely to click on. And of course, common Microsoft 365 apps and enterprise productivity apps such as LinkedIn, Dropbox, and WhatsApp are open to phishing abuse.

Since human hacking is a unique problem, we need to focus on people in order to resolve it. Training people to recognize threats is important, but the attacks are too hard to spot by users for training employees to be cautious to be enough security. Asking people to forward suspicious requests to IT is a help but not a cure. There are simply too many convincing attacks coming in on all channels for IT to keep up with those that are forwarded.

There are better ways. One, recognize that cybercriminals are pointing attacks at the people inside organizations and then defend them — on every single digital channel. Two, take advantage of AI and machine learning to identify threats and then use that protection on endpoints in an organization's network — from employee smartphones to Zoom accounts.

In a world where we're trying to stay one step ahead of the hackers, it's time to adequately recognize the magnitude of the multichannel challenge on the horizon — and a new approach that bolsters the people who are under attack.  
**  
About the Author**

    

Patrick Harr is CEO of SlashNext, the authority in multichannel phishing and human hacking protection across email, Web, and mobile.

Source

DARKReading