Menlo Security HEAT Security Assessment Toolkit provides insight into current exposure to HEAT attacks

Menlo Security has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their protection levels and current exposure to Highly Evasive Adaptive Threats (HEAT).

Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the device by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT verification test and HEAT analyzer that run on the Splunk platform.

The HEAT check allows customers to perform a light penetration test to identify if they are susceptible to HEAT attacks. The Menlo Security HEAT Analyzer app for Splunk gives organizations visibility into HEAT attacks their network may have been exposed to in the last 30 days.

What is a HEAT attack?

Highly Evasive Adaptive Threats (HEAT) are a class of cyber threats that target web browsers as an attack vector and use techniques to evade multiple layers of detection in today’s security stacks, including firewalls, gateways web security, sandbox analysis, URL reputation and phishing detection. HEAT attacks are used as an initial entry point to spread malware or compromise credentials, which in many cases leads to ransomware attacks.

“Ransomware, data and credential theft and other malware are on the rise. Add to that the Log4J vulnerability, the Lazarus and Conti groups have increased attacks targeting web browsers and the result is that security teams around the world face an almost non-stop barrage of incidents,” said analyst John Grady. Principal, ESG. “Tools like the HEAT Security Assessment can help ensure organizations are aware of potential attacks before they have a chance to occur.”

HEAT Security Assessment Toolkit

The HEAT Security Assessment Toolkit provides a lightweight penetration and exposure assessment to help an organization better understand its vulnerability to HEAT attacks.

“HEAT attacks are defined by the techniques that adversaries are increasingly using to evade detection by traditional security tools,” said Mark Guntrip, senior director of cybersecurity strategy, Menlo Security. “HEAT techniques can be used individually or in combination for any type of attack targeting the user, device or applications, including ransomware. The HEAT Security Assessment Toolkit is essential to help organizations ensure they are protected against these attacks. »

HEAT check

The HEAT check allows customers to perform a light penetration test to determine if they are susceptible to HEAT attacks. The assessment is based on several real HEAT attacks currently used by threat actors, allowing the user to safely determine their exposure.

The HEAT check does not deliver actual malicious content. It uses an industry standard EICAR file to test an organization’s existing HEAT exposure. If the EICAR file is delivered without triggering an alert in an organization’s current security stack, the security technology is not providing the level of protection required to defend against HEAT attacks.

Menlo Security HEAT Analyzer app for Splunk

To assess current exposure to HEAT, the HEAT Analyzer, now available on Splunkbase, gives organizations visibility into HEAT attacks their network may have been exposed to over the past 30 days. This assessment tool analyzes a company’s web traffic to determine the extent of HEAT exposure currently in its network and identifies related websites that have been viewed.

The Menlo Security HEAT Analyzer provides organizations with a simple and effective way to perform URL and category analysis of visited websites. The HEAT Analyzer report will highlight a client’s exposure to HEAT attacks as well as the number of legacy URL reputation evasions, including click-time categorization errors, specific categories serving legacy URL reputation evasion techniques (LURE), as well as frequently viewed domains.

Comments are closed.