Schließen
Schließen
Ihr Netzwerk von morgen
Ihr Netzwerk von morgen
Planen Sie Ihren Weg zu einem schnelleren, sichereren und widerstandsfähigeren Netzwerk, das auf die von Ihnen unterstützten Anwendungen und Benutzer zugeschnitten ist.
          Erleben Sie Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.
            Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.
            Netskope debütiert als Leader im Gartner ® Magic Quadrant ™ für Single-Vendor SASE
              Generative KI für Dummies sichern
              Generative KI für Dummies sichern
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Moderne Data Loss Prevention (DLP) für Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modernes SD-WAN für SASE Dummies-Buch
                  Modern SD-WAN for SASE Dummies
                  Hören Sie auf, mit Ihrer Netzwerkarchitektur Schritt zu halten
                    Verstehen, wo die Risiken liegen
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        Die 6 überzeugendsten Anwendungsfälle für den vollständigen Ersatz älterer VPNs
                        Die 6 überzeugendsten Anwendungsfälle für den vollständigen Ersatz älterer VPNs
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive schützt sein "geistiges Eigentum" mit intelligentem und anpassungsfähigem Datenschutz
                          Colgate-Palmolive schützt sein "geistiges Eigentum" mit intelligentem und anpassungsfähigem Datenschutz
                            Netskope GovCloud
                            Netskope erhält die FedRAMP High Authorization
                            Wählen Sie Netskope GovCloud, um die Transformation Ihrer Agentur zu beschleunigen.
                              Let's Do Great Things Together
                              Die partnerorientierte Markteinführungsstrategie von Netskope ermöglicht es unseren Partnern, ihr Wachstum und ihre Rentabilität zu maximieren und gleichzeitig die Unternehmenssicherheit an neue Anforderungen anzupassen.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Technischer Support von Netskope
                                  Technischer Support von Netskope
                                  Überall auf der Welt sorgen unsere qualifizierten Support-Ingenieure mit verschiedensten Erfahrungen in den Bereichen Cloud-Sicherheit, Netzwerke, Virtualisierung, Content Delivery und Software-Entwicklung für zeitnahen und qualitativ hochwertigen technischen Support.
                                    Netskope-Video
                                    Netskope-Schulung
                                    Netskope-Schulungen helfen Ihnen, ein Experte für Cloud-Sicherheit zu werden. Wir sind hier, um Ihnen zu helfen, Ihre digitale Transformation abzusichern und das Beste aus Ihrer Cloud, dem Web und Ihren privaten Anwendungen zu machen.

                                      Dyre need to secure what matters

                                      Sep 08 2014
                                      Tags
                                      Cloud Data Protection
                                      Cloud Security
                                      Issues and Concerns
                                      Risks

                                      With the iCloud hack in the backdrop raising issues around authentication, another problem has come to the fore – this one affecting Salesforce and going by the name Dyre (alternatively Dyreza). More details are available here – http://goo.gl/s8BSdY.

                                      The first signals of Dyre being circulated on the Internet were seen by researchers back in June, 2014. The vector for spreading this malware has been a phishing email in which the user was lured to click on a link to ostensibly download a file – typically an .exe or a .scr file that is zipped. Once installed, the malware applies a browser hooking technique to intercept traffic before it is encrypted, thereby enabling it to redirect that traffic to a different website than the user intends.

                                      Hackers have set up web pages that look just like that of the intended website and are able to harvest users’ login credentials when they provide them. Since all traffic over an extended period of time is sent to the page put up by the hacker, even information from two-factor auth tokens is available to these malicious actors to use to access targeted cloud apps in real-time. The known variants of the attacks still seem to be bit basic and will most likely be refined further in the future.

                                      Our research team has been monitoring for potential infections related to this malware; none of our customers has yet been affected. What we have seen is growing activity related to getting access to cloud apps through vulnerabilities (https://www.netskope.com/netskope-threat-labs/). This is entirely unsurprising; attackers will go where valuables reside. Since enterprises are increasingly using the cloud for variety of reasons – some officially sanctioned by corporate IT and many others not so much – this can put important business data at risk.

                                      With a huge number of devices accessing a growing number of cloud resourced apps from locations no longer within a tightly managed environment, the need for constant monitoring and thoughtful control of these apps is must-have for the enterprise today. Although the observed phishing emails contained links to files in LogMeIn’s Cubby.com file storage service, there is nothing special about Cubby.com; this could have been any of the thousands of  apps that provide file sharing; there are nearly 200 cloud storage apps that we track in the Netskope Cloud Confidence Index™, but one out of five apps across nearly every category we track enables some type of sharing.

                                      It is worth noting that this is not per se a vulnerability in Salesforce nor a flaw in the 2-factor authentication that Salesforce rightly encourages its customers to follow. It’s more about enterprises being responsible for their own users and their own data even when using a cloud app. In this scenario, even encrypting the content stored in app would not protect the data since the authenticated user would have access to the unencrypted data as per policy.

                                      By monitoring all cloud apps that store content – not just a handful of sanctioned ones – and tracking what activities are performed, would an enterprise get a true picture of usage and risk and then looking for anomalous activity? The answer is yes. For example, on a run rate basis, a few users may have been using Cubby.com from a couple of geolocations, but if you suddenly started seeing an increasing number of downloads of zipped files containing .exe and .scr files from this app, that would be considered anomalous behavior and spur you to take immediate action.

                                      The context of who accessed an app from which device and location at what time with what credentials would not only be useful in identifying the infection, but also pinpoint where the remediation needs to be targeted. In addition, you can extend Salesforce’s guidance to customer admins and restrict access from only IP address that are a trusted source for all of your apps that provide content sharing. This would thwart any access attackers may attempt on Salesforce, or any other app, from their own servers.

                                      To determine the current risk and how to best eliminate it in order to safely enable the productive use of cloud apps in your enterprise, contact us for a complimentary cloud risk assessment.

                                      Bleiben Sie informiert!

                                      Abonnieren Sie den Netskope-Blog