Latest news with #EtayMaor
Forbes
24-07-2025
- Business
- Forbes
Eliminating Blind Spots: How Browser-Based ZTNA Closes Security Gaps
Etay Maor is Chief Security Strategist for Cato Networks, a leader of advanced cloud-native cybersecurity technologies. Zero trust promised a fundamental shift: security where access depends not just on identity, but on full context—rigorous authentication, device posture, location and real-time risk assessment. Zero trust network access (ZTNA) became the engine driving this vision, replacing porous network perimeters with granular, policy-driven control. Yet, a critical blind spot persists in many implementations: the unmanaged device. Contractors, partners and BYOD users leverage unmanaged endpoints daily—essential for modern business, yet often outside IT's direct visibility and control. They lack agents and consistent configuration. For security leaders, this gap isn't an inconvenience; it's a direct threat to zero trust integrity. Unmanaged devices represent a glaring vulnerability, undermining the model's core principles. The Shortcomings Of Traditional ZTNA: Where The Perimeter Fades ZTNA dethroned legacy VPNs, offering stronger authentication, micro-segmentation (app-specific access) and superior visibility. However, its Achilles' heel is clear: It primarily serves managed devices running dedicated agents under IT's control. Unmanaged devices are left exposed, and common workarounds are flawed. Consider the following shortcomings: • Agent Deployment Hurdles: Installing clients on third-party or personal devices is often unscalable, invasive and blocked by user permissions or policies. • The VDI Burden: Virtual desktops (VDI) create a secure "bubble" but sacrifice performance and user experience—and add significant infrastructure complexity and cost. • Fragmented Tool Chains: Bolting on separate solutions (browser gateways, SWGs, reverse proxies, etc.) creates parallel access paths, inconsistent policy enforcement and siloed visibility—reintroducing complexity that zero trust aimed to solve. These approaches fail to deliver true zero trust for unmanaged devices and introduce new risks: policy gaps, visibility holes, operational overhead and user friction. We need a unified approach that can secure every user and device without multiplying complexity. The Imperative Of Consistency: No Exceptions Allowed Security effectiveness hinges on consistency. If managed users face stringent zero trust controls while unmanaged users operate through weaker exceptions, the entire model unravels. Uniform enforcement is impossible. This inconsistency has tangible consequences, especially for compliance (PCI-DSS, HIPAA, GDPR, SOC 2, etc.). These frameworks demand demonstrable, uniform security controls across all access points handling sensitive data. Gaps for unmanaged devices aren't just vulnerabilities; they are potential compliance violations with severe penalties. To address this, some organizations are turning to browser-based ZTNA. Unlike agent-based ZTNA models that require deep device integration, browser-based ZTNA delivers secure access directly through the user's standard web browser. This simple difference can be transformative. Contractors on home PCs, partners on their laptops and BYOD users can instantly fall under the exact same granular access policies, continuous risk assessment and inspection frameworks as managed users. Crucially, it achieves this without requiring device-level control, persistent software installs or intrusive endpoint changes. The browser becomes the universal conduit. Every access request undergoes rigorous verification, monitoring and filtering—true zero trust extended to the entire workforce ecosystem. Reducing Complexity, Not Just Risk Security leaders know the trade-off: more control often means more complexity. Accommodating unmanaged access historically meant buying new tools and managing parallel policy engines—draining resources and creating gaps. Browser-based ZTNA offers consolidation. It can eliminate the need for separate point products for external users. All traffic flows through a single, unified policy engine with common enforcement points. This ensures uniform access control, threat prevention, data protection and monitoring, reducing the overhead of managing siloed systems. In my experience, it streamlines multiple checkpoints into one efficient lane. Just as importantly, browser-based ZTNA respects the user experience. By supporting standard browsers (Chrome, Edge, Firefox, etc.), users access resources as they always have. No disruptive workflow changes, no specialized software installs or configuration changes. Adoption, I've found, is often frictionless. Use Case: Secure Access For Unmanaged Devices The most compelling application of this model is securing access from unmanaged devices, delivering core zero trust benefits universally. By focusing on these devices, you can: • Enforce identity and risk-based access policies. • Limit users to specific, authorized applications or data sets. • Prevent lateral movement within the network. • Log and audit access for compliance reporting and forensics. • Inspect web traffic for threats and data loss—no endpoint agent needed. In contrast to traditional VPNs or VDI setups, I've found that this model is lighter, faster, more scalable and simpler to manage. Getting Started Organizations beginning their zero trust journey should first address the critical vulnerability of unmanaged devices. Established, traditional ZTNA models often fail here, leaving contractors, partners and BYOD users outside consistent security controls. Agent deployment is impractical, while VDI introduces performance penalties and complexity. Fragmented solutions recreate the visibility gaps zero trust aims to eliminate. Prioritize implementing browser-based ZTNA for unmanaged access. This approach directly tackles the core weakness: It allows applying rigorous zero trust policies—strong authentication, granular access control, continuous inspection—to every user without agents or disruptive changes. The standard web browser becomes the secure conduit, delivering immediate risk reduction at the perimeter's weakest point. Ensure consistent policy enforcement across all users and access paths; security and compliance demand no exceptions. Base access decisions on rich context: identity, device posture (where feasible), location and real-time risk. Critically, reduce complexity by choosing solutions that unify access paths and policy management, avoiding fragmented tools that undermine zero trust. Start by securing high-value applications via this browser approach to demonstrate value and build momentum. Why This Matters Now Hybrid work and third-party collaboration are not temporary—they're the permanent operational fabric of our day-to-day efforts. Unmanaged devices are integral to this landscape. Half-measures are obsolete. A consistent, identity-centric, browser-based ZTNA approach can eliminate fragmented solutions and ensure comprehensive policy coverage. The same stringent rules apply to the CEO on a corporate laptop and the contractor on a personal device. It simplifies operations for security teams. For CISOs, this means fewer dangerous security exceptions, fewer exploitable gaps and more confidence in protecting data and meeting regulatory obligations—regardless of where work happens or which device is used. Browser-based ZTNA doesn't just close the blind spot; it provides the consistent control demanded by boundary-less work. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
26-03-2025
- Business
- Forbes
Decoding Hellcat: The Latest Nightmare In Ransomware Attackers
Etay Maor is Chief Security Strategist for Cato Networks, a leader of advanced cloud-native cybersecurity technologies. In the ever-evolving cyber underground, ransomware extortionists have grown to become perhaps the most sophisticated and formidable threat. Among the latest entrants to emerge in this whack-a-mole enterprise is the Hellcat ransomware gang. Since November 2024, with its sudden flurry of high-profile attacks, it has swiftly made a name for itself as a malicious actor in the ransomware-as-a-service (RaaS) business. In late 2024, Hellcat launched aggressive attacks against a range of industries and geographies. This included an exfiltration of over 40 gigabytes of sensitive information from Schneider Electric SE's Jira system, the leak of over 500,000 records containing personally identifiable information from Tanzania's College of Business Education and an attack against an Iraqi city government. Hellcat's blend of ignominy, coerciveness and global ambition makes them uniquely dangerous in the ransomware business. Notable characteristics of the ransomware group include: • Irreverent Communications Style: Hellcat incorporates cultural references and humor in its ransom notes, such as demanding "baguettes" from Schneider Electric. The group taunts victims through sarcastic remarks and public announcements. • Strategic Targeting: Hellcat prioritizes high-value targets, including governments, corporations and critical infrastructure. It operates internationally, attacking entities across the U.S., Europe, Africa and the Middle East, with a focus on exfiltrating sensitive data for maximum leverage. Its targeted sectors are also diverse, from energy to education to telecom to government. • Planning And Execution: The group meticulously plans its attacks, conducting extensive reconnaissance and exploiting niche vulnerabilities. It employs selective encryption to evade detection and accelerate attacks. • Humiliation Methods: Hellcat publicly shames victims to increase pressure and urgency, making them more likely to pay the ransom. The group uses dual extortion, both encrypting files and threatening to leak stolen data. It also imposes strict deadlines and escalates ransom demands over time. • Branding: Hellcat cultivates a strong identity within the cybercrime ecosystem. It maintains a polished, high-profile leak site and actively recruits affiliates on dark web forums. • Publicity-Seeking: Unlike many ransomware groups, Hellcat embraces a bold, attention-seeking approach. Its communications are deliberately crafted to attract media coverage, further increasing pressure on victims. Combating Hellcat and similar ransomware attacks requires a multifaceted defense. Below are mitigation strategies that can help: Prioritize timely patching of software, operating systems and firmware to close potential entry points. Enforce MFA across all accounts, making it harder for attackers to compromise credentials. Segment networks and isolate critical systems to limit lateral movement. Encrypt sensitive data to protect it from exfiltration. Maintain offline backups stored in a secure location to ensure data recovery in case of attack. Stand-alone security tools create blind spots, making it difficult to detect and block advanced threats. A more holistic approach involves integrating multiple security measures into a unified framework. For example, a cloud-native secure access service edge (SASE) architecture integrates SD-WAN, zero-trust network access (ZTNA) and converged security components to provide real-time threat monitoring, centralized control and unified protection across all attack surfaces, including users, devices, cloud environments, IoT systems and applications. Organizations can also consider using extended detection and response (XDR), which pulls in security data from endpoints, cloud workloads and email, also providing a holistic view of the threat landscape. XDR can correlate disparate security alerts to identify patterns indicative of a Hellcat attack, also helping security teams find and stop attacks before the ransomware can be deployed. Another tool to consider is security information and event management (SIEM) with user and entity behavior analytics (UEBA). Their capabilities can detect anomalous behaviors that might signal a compromised user account or insider job, helping to detect any unusual action before the ransomware is deployed. Threat actors are increasingly employing coercive methods such as fear, humiliation and ultimatums, to threaten and con individuals. Organizations must train their workforce, prepare for crises, establish policies, enforce protocols, and encourage collaboration and communication. The Hellcat ransomware gang represents an evolving breed of threat actors, blending technical prowess with emotional manipulation to maximize its impact. By adopting a proactive and comprehensive approach to cybersecurity by ramping up cybersecurity defenses, boosting preparedness and deploying end-to-end security for maximum visibility and control, organizations can mitigate the threat posed by ruthless operators and build a more resilient environment. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
