Cyber security

Get Sassy About SASE – Avoid The Dangers of Watering Hole Attacks!

During the dry season on the plains of Africa, water is scarce. Wild animals will flock to any place where they can get a drink – like a watering hole. But at the same time as saving their lives, coming to the watering hole also threatens their existence. Predatory animals like lions know that other beasts have to come there to drink, and that makes a watering hole a prime hunting ground. 

So how does all that relate to cybersecurity? For the watering hole, read external websites visited regularly by your staff, for the thirsty animals, read your hard-working employees, and for the predators, read hackers and cyber-attackers. 

In a cybersecurity watering hole attack, the goal of the predators is to identify any weaknesses in the target website, install malware there, and then lie in wait. Innocent visitors happily download software from the site, trusting that it’s valid, when in fact the opposite is true. 

The target website may be a popular blog, an industry-specific resource, or any website that is popular with your employees – and it may well be one where security isn’t taken very seriously. But the end result is always the same: once the malware is installed, the predator is ready to strike, and compromise your security.

Since the Covid Pandemic and the sharp rise in the numbers of staff working from home, the watering hole has taken on a new significance. Standard on-site network protection measures often don’t work as well for remote access, so what can companies do to stay safe from attack?

How To Protect Your Business From A Watering Hole Attack

Whilst there are many excellent technical solutions to help prevent watering hole attacks, there are some simple but effective procedures that all companies should follow. Strong communication is vital. All staff should be aware of the dangers of downloading software from any external site, even if it appears genuine and trustworthy. They should understand the importance of changing their passwords regularly. And they should be under no illusions about the potentially devastating impacts of a cybersecurity attack.

Above and beyond such common-sense advice, you can also stay safe by keeping your software up-to-date and carefully monitoring your network usage. Moreover, by keeping details of your employees’ browsing history private, you make it harder for predators to identify potential target websites.

And that was that until the Coronavirus struck. As remote coworking became the norm, companies could no longer rely on their tried and trusted network protection measures. As in so many areas, COVID-19 has completely changed the rules of the game.

Moving From Site-Centric To User-Centric Security

The model of cybersecurity used to be so much easier for IT professionals! Typically, security was organized on-site or on an office or network basis, with a clear set of parameters, metrics, and ins and outs. COVID-19 has changed all that. IT staff are now tasked with protecting employees as they work from home, connect remotely, and use infrastructure that’s often outside the safe boundaries of the old working practices.

But like the best motivational speakers always say, “every problem is an opportunity!”. As companies are forced to move from a site-centric to a user-centric model of protection, they have the opportunity to rethink the way they provide security and embrace the very latest technological developments.

And that’s exactly where SASE comes in.

Understanding SASE

SASE is a new cybersecurity model. The term was coined by the Gartner Group in 2019, and stands for Secure Access Service Edge. The E for Edge is important, because it implies that SASE provides network and security services from edge to edge – from the data center to decentralized offices, from the home worker to the roaming user. But how does SASE work in practice?

Essentially, SASE (pronounced “sassy”) is about combining all of a company’s cybersecurity measures into one place. WANs, networks, VPNs, users, company resources, applications, and devices are all covered by a single security service, delivered over the cloud. The benefits of such an approach are clear: simplicity, ease of use, improved protection, faster response times, and a single point of contact, as opposed to having to consolidate numerous different security services. 

SASE is less about hardware and more about services, and less about specific sites and more about universality. When you pitch it in those terms, SASE starts to offer a compelling business case. But is it reality or just a dream?

You may think that SASE sounds like something from the future but think again. Cutting-edge tech companies like Perimeter 81 are already implementing the first SASE-based solutions, offering network and security functionality in a unified package. Naturally, SASE can help to keep you safe from watering hole attacks, but the most exciting aspect about it is how it promises to revolutionize cybersecurity in the future. Predators beware!

Pricilla

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago