Thursday, March 28, 2024

Get Sassy About SASE – Avoid The Dangers of Watering Hole Attacks!

During the dry season on the plains of Africa, water is scarce. Wild animals will flock to any place where they can get a drink – like a watering hole. But at the same time as saving their lives, coming to the watering hole also threatens their existence. Predatory animals like lions know that other beasts have to come there to drink, and that makes a watering hole a prime hunting ground. 

So how does all that relate to cybersecurity? For the watering hole, read external websites visited regularly by your staff, for the thirsty animals, read your hard-working employees, and for the predators, read hackers and cyber-attackers. 

In a cybersecurity watering hole attack, the goal of the predators is to identify any weaknesses in the target website, install malware there, and then lie in wait. Innocent visitors happily download software from the site, trusting that it’s valid, when in fact the opposite is true. 

The target website may be a popular blog, an industry-specific resource, or any website that is popular with your employees – and it may well be one where security isn’t taken very seriously. But the end result is always the same: once the malware is installed, the predator is ready to strike, and compromise your security.

Since the Covid Pandemic and the sharp rise in the numbers of staff working from home, the watering hole has taken on a new significance. Standard on-site network protection measures often don’t work as well for remote access, so what can companies do to stay safe from attack?

How To Protect Your Business From A Watering Hole Attack

Whilst there are many excellent technical solutions to help prevent watering hole attacks, there are some simple but effective procedures that all companies should follow. Strong communication is vital. All staff should be aware of the dangers of downloading software from any external site, even if it appears genuine and trustworthy. They should understand the importance of changing their passwords regularly. And they should be under no illusions about the potentially devastating impacts of a cybersecurity attack.

Above and beyond such common-sense advice, you can also stay safe by keeping your software up-to-date and carefully monitoring your network usage. Moreover, by keeping details of your employees’ browsing history private, you make it harder for predators to identify potential target websites.

And that was that until the Coronavirus struck. As remote coworking became the norm, companies could no longer rely on their tried and trusted network protection measures. As in so many areas, COVID-19 has completely changed the rules of the game.

Moving From Site-Centric To User-Centric Security

The model of cybersecurity used to be so much easier for IT professionals! Typically, security was organized on-site or on an office or network basis, with a clear set of parameters, metrics, and ins and outs. COVID-19 has changed all that. IT staff are now tasked with protecting employees as they work from home, connect remotely, and use infrastructure that’s often outside the safe boundaries of the old working practices.

But like the best motivational speakers always say, “every problem is an opportunity!”. As companies are forced to move from a site-centric to a user-centric model of protection, they have the opportunity to rethink the way they provide security and embrace the very latest technological developments.

And that’s exactly where SASE comes in.

Understanding SASE

SASE is a new cybersecurity model. The term was coined by the Gartner Group in 2019, and stands for Secure Access Service Edge. The E for Edge is important, because it implies that SASE provides network and security services from edge to edge – from the data center to decentralized offices, from the home worker to the roaming user. But how does SASE work in practice?

Essentially, SASE (pronounced “sassy”) is about combining all of a company’s cybersecurity measures into one place. WANs, networks, VPNs, users, company resources, applications, and devices are all covered by a single security service, delivered over the cloud. The benefits of such an approach are clear: simplicity, ease of use, improved protection, faster response times, and a single point of contact, as opposed to having to consolidate numerous different security services. 

SASE is less about hardware and more about services, and less about specific sites and more about universality. When you pitch it in those terms, SASE starts to offer a compelling business case. But is it reality or just a dream?

You may think that SASE sounds like something from the future but think again. Cutting-edge tech companies like Perimeter 81 are already implementing the first SASE-based solutions, offering network and security functionality in a unified package. Naturally, SASE can help to keep you safe from watering hole attacks, but the most exciting aspect about it is how it promises to revolutionize cybersecurity in the future. Predators beware!

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles