One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2028917 |
| Date de publication | 2020-11-11 12:00:00 (vue: 2020-11-11 12:05:52) |
| Titre | The Netflix streaming model can obviate your employee\'s computer security |
| Texte | This blog was written by an independent guest blogger. Someone you don’t know walks into your office and sits down at a computer. Maybe that computer is a corporate desktop assigned to a mid-level manager or to a member of your IT department. Maybe it’s a personally owned laptop used by a contractor. That unknown person plugs a USB dongle into that computer, installs some software (typing in the correct password, if requested), runs that software, and walks away. No problem, right? Of course, that’s a problem. Yet that’s what happens every minute of every hour of every day when your workers use the Internet. Every animation from a Web-based business application is, in fact, software that’s downloaded and executed on that laptop or desktop. Each advertising network installs and runs software on the local computer. Every browser plug-in is actually software that runs locally. Some of those foreign applications are benign, harmless, maybe beneficial. Yet those apps can also dig deep into the end-user’s computer, perhaps accessing the file system and your intellectual property. Or maybe installing malware that can capture user identity information, including passwords and administrative credentials that an attacker can use to access network-based resources — and then launch a ransomware attack that can cripple your servers and cost your business millions. Remember, when your employees access cloud-based applications, such as ERP or CRM, everything is being delivered right to the desktop… where, potentially, an attacker might see what’s going on. The Internet has become vital for delivering the things your business needs, like Microsoft Office 365™, Google G-Suite™, Slack™, Salesforce™, NetSuite™, or Workday™. But it also subjects your office computers with risks due to device vulnerabilities, browser flaws, network interception, uncontrolled data access, or corruption of third-party websites via advertising networks or other malicious code. So, of course you’re not letting some unknown person sit down and access an employee’s endpoint device in person. That’s Cybersecurity 101. But in reality, your employees and contractors are inviting and authorizing foreign attacks by using a Web browser -- any Web browser – and when the malware is installed, nobody even knows. You can’t rely on anti-virus, firewalls, intrusion detection/prevention systems, or deep packet inspection to catch that malware because it came in via a trusted browser app. To reiterate: Every time your users open a browser and load a web page, they execute third-party code on your computers and internal resources. That’s a wide-open door for every attacker and every exploit they can think of. What can you do? Stream. Let me try an analogy. Remember when you got VHS tapes from your local Blockbuster™, or DVDs by mail from Netflix™? You brought the media home and ran it on your local endpoint device – that is, your VHS or DVD player. We don’t do that anymore; we stream instead. We can see the proliferation of streaming video, not only with Netflix, but with Hulu™, Disney+™, HBO™, Amazon Prime™, CBS All-Access™, and more. Streaming movie services don’t actually send the movie to your big-screen TV. Instead, they send an image of the movie, frame by frame, custom-formatted to your endpoint specifications. If you can handle 4K, they send 4K frames. If your TV is 1080p, they send 1080p frames. Easy. To summarize that, you are watching a stream of pictures playing in real time, which are sent by the movie service to be displayed on your TV. The only software involved is the secure Netflix or Hulu app running on your smart TV or set-top box. Let’s bring that streaming model into the business computing rea |
| Envoyé | Oui |
| Condensat | “zero 101 1080p 365™ access access™ accessing accordingly actors actually administrative ads advertisements advertising all allow also amazon an image of analogy and authorizing foreign animation anti any anymore; app application applications applications: approved apps are assigned assumes attack attacker attacks away back back images of bad bandwidth based because become behalf being beneficial benign big block blockbuster™ blog blogger box bring brings brought browser business but calls came can can’t capture catch cbs center client cloud code code is dangerous competitive complete computer computer’s computers computing contractor contractor’s contractors control corporate correct corruption cost counter course credentials cripple crm custom cybersecurity dark data day deep defends delivered delivering department desktop desktop… detection/prevention device dig disney+™ displayed don’t done dongle door down downloaded drives due dvd dvds each easy embraced employee employee’s employees employees’ enables end endpoint environment erp espionage even ever every everything excellent execute executed exploit fact fake far file firewalls flaws foreign formatted frame frames from going google got guest handle happens harmless has have hbo™ home horsepower hour hulu hulu™ identity images including independent industry information input inspection install installed installing installs instead intellectual interception internal internet intrusion investigations inviting involved it’s key know knowing knows laptop launch let let’s letting level like like authentic8’s load local locally loggers machines mail malicious malware manager managers maybe means media member memory microsoft mid might millions minute model more most movie movies much need needs netflix netflix™ netsuite™ network networks nobody none not obviate office only onto open operation other over owned packet page party password passwords performance perhaps person personally pictures piece platforms player players playing plug plugs potentially prime™ problem proliferation property provide putting ran ransomware real reality realm: reiterate: rely remember requested resources right risk risks run running runs safe safely salesforce™ same: say screen secure security see send sends sent servers service services session set shows silo sit sits slack™ smart society software some someone specifications stop stream streaming subjects such suite™ summarize system systems take tapes than that’s them then things think third those time top touch track trust trust” trusted try typing uncontrolled unknown untrusted usb use used user user’s users using vhs video virus vital vulnerabilities walks want watching way web websites what what’s when where which wide will work workday™ worker’s workers worm written yet you’re your zero |
| Tags | Ransomware Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.