I would rate this solution a ten out of ten. My advice is that it's best to experience this solution on your own and compare it to what you have. When I first learned about Menlo, the use case didn't fit me at that time because I didn't need remote proxy access. I said, "With isolation, my other tool should be able to detect any malicious site that my users will be connecting to, and we should be able to manually do that mitigation." If I were to suggest this solution to a colleague, I would ask them to test and really compare it with their existing solution to have a hands-on feel or experience with the product so they can find out for themselves how good it is. I'm still exploring the other features, but I've checked what MPA is doing. It can do reverse isolation, and it will probably be a tool that will eliminate VPN and provide secure internal application access. Moving forward, Menlo has the potential to offer a lot more.
My advice is to pay attention to all of the use cases you have and try to understand what Menlo is or isn't addressing so that you don't discover that you still need to keep an old technology that may even be outdated. To do that, you need to be very clear about your use cases and how you will cover them with Menlo or if Menlo will not cover them. While the solution provides a single console for security policy and management, which is an interesting feature, as long as you're able to connect through APIs to all your SaaS solutions, the fact that you use the very same SaaS solution or not is probably less important. I'm not saying it is not important that Menlo has a console, but it's a bit less important if you're using an orchestration automation solution. We also have Palo Alto Cortex XSOAR that we are using to automate and orchestrate. Regarding the fact that Menlo secures the web, email, SaaS, and private applications, the latter, private applications, is very important, as is email although probably less so. The magnitude of risk is higher for private applications that are exposed without protection on internet. It depends on the use cases that you are looking to cover. If, for example, you don't have any private applications that you need to expose, then of course that type of protection is not important at all, but you still receive emails within which you need to rewrite the links. If you have both requirements, meaning a bunch of private applications that are exposed plus emails for which you need to rewrite links, in that case, rewriting the links is probably less important than ensuring the protection of your private applications. It doesn't make sense to only perform partial protection. Everything you implement to secure the connections and the assets you are responsible for should, at some point, merge together. It should be SD-WAN and web gateways and probably even CASBs and email protection. All of that probably will tend to merge together and you can look forward to reducing costs and the number of partners. Don't look at it as: "I have a new need, I want a new solution," because if you do that, you will end up with a huge number of vendors and solutions on your systems and it's going to be super difficult to ensure that you manage all of that consistently. Whereas if you really have a vendor that is at least addressing, if not all the possible needs, at least all of your needs, and you are able to manage that in a consistent way, even if you have to program something in your orchestration solution, you will be able to manage all of it in a consistent way and in a timely manner.
To those who are evaluating the solution, I would certainly recommend that they move forward. If they were undecided, I would certainly nudge them towards acquiring a solution. I've seen the proven benefits of it. So, I would just recommend that they move forward, but obviously, do their due diligence and get a demo. To a security colleague who says that Menlo only provides private isolation rather than a full stack of security, I would say that they need to consider a layered approach to their security, and this is one piece. They should definitely consider adding it to their stack in their facilities. We are looking to pick up some other pieces that we just don't have right now. They have DLP, and that's a piece I'm adding on later this year, along with CASB. So, the quality of the gateway is just going to get better, and the quality of information is going to get better. I would rate Menlo a 10 out of 10.
Isolating web sessions couldn't be done any better than it currently is being done. We haven't engaged the email and SaaS application use cases yet. This is something that we are looking at. There is some protection in email since a lot of the phishing emails have links out to web servers, which then get shielded by Menlo Security. It is the attachment isolation piece that we haven't yet onboarded. We are not yet using the Menlo Private Access feature, but we are looking at it. They provide other services that we don't happen to yet engage. We just started with their initial use case and stuck with that. I would rate it as 10 out of 10. It is the cornerstone of our security posture. It keeps the noise out. If you have too much noise, then all the processes that you have to invoke to deal with that are expensive, requiring resources that are hard to find and maintain, in terms of humans. It just prevents so much of that need.
Menlo Security Secure Application Access
Menlo Security Secure Application Access makes zero trust access easy, giving users secure connectivity to private applications, including web and legacy applications. At the core of Secure Application Access is the Menlo Secure Cloud Browser, which fetches, secures and delivers the content for users.
In addition to providing simple-to-deploy, clientless ZTA, Secure Application Access and the Menlo Secure Cloud Browser protect applications from...
I would rate this solution a ten out of ten. My advice is that it's best to experience this solution on your own and compare it to what you have. When I first learned about Menlo, the use case didn't fit me at that time because I didn't need remote proxy access. I said, "With isolation, my other tool should be able to detect any malicious site that my users will be connecting to, and we should be able to manually do that mitigation." If I were to suggest this solution to a colleague, I would ask them to test and really compare it with their existing solution to have a hands-on feel or experience with the product so they can find out for themselves how good it is. I'm still exploring the other features, but I've checked what MPA is doing. It can do reverse isolation, and it will probably be a tool that will eliminate VPN and provide secure internal application access. Moving forward, Menlo has the potential to offer a lot more.
My advice is to pay attention to all of the use cases you have and try to understand what Menlo is or isn't addressing so that you don't discover that you still need to keep an old technology that may even be outdated. To do that, you need to be very clear about your use cases and how you will cover them with Menlo or if Menlo will not cover them. While the solution provides a single console for security policy and management, which is an interesting feature, as long as you're able to connect through APIs to all your SaaS solutions, the fact that you use the very same SaaS solution or not is probably less important. I'm not saying it is not important that Menlo has a console, but it's a bit less important if you're using an orchestration automation solution. We also have Palo Alto Cortex XSOAR that we are using to automate and orchestrate. Regarding the fact that Menlo secures the web, email, SaaS, and private applications, the latter, private applications, is very important, as is email although probably less so. The magnitude of risk is higher for private applications that are exposed without protection on internet. It depends on the use cases that you are looking to cover. If, for example, you don't have any private applications that you need to expose, then of course that type of protection is not important at all, but you still receive emails within which you need to rewrite the links. If you have both requirements, meaning a bunch of private applications that are exposed plus emails for which you need to rewrite links, in that case, rewriting the links is probably less important than ensuring the protection of your private applications. It doesn't make sense to only perform partial protection. Everything you implement to secure the connections and the assets you are responsible for should, at some point, merge together. It should be SD-WAN and web gateways and probably even CASBs and email protection. All of that probably will tend to merge together and you can look forward to reducing costs and the number of partners. Don't look at it as: "I have a new need, I want a new solution," because if you do that, you will end up with a huge number of vendors and solutions on your systems and it's going to be super difficult to ensure that you manage all of that consistently. Whereas if you really have a vendor that is at least addressing, if not all the possible needs, at least all of your needs, and you are able to manage that in a consistent way, even if you have to program something in your orchestration solution, you will be able to manage all of it in a consistent way and in a timely manner.
To those who are evaluating the solution, I would certainly recommend that they move forward. If they were undecided, I would certainly nudge them towards acquiring a solution. I've seen the proven benefits of it. So, I would just recommend that they move forward, but obviously, do their due diligence and get a demo. To a security colleague who says that Menlo only provides private isolation rather than a full stack of security, I would say that they need to consider a layered approach to their security, and this is one piece. They should definitely consider adding it to their stack in their facilities. We are looking to pick up some other pieces that we just don't have right now. They have DLP, and that's a piece I'm adding on later this year, along with CASB. So, the quality of the gateway is just going to get better, and the quality of information is going to get better. I would rate Menlo a 10 out of 10.
Isolating web sessions couldn't be done any better than it currently is being done. We haven't engaged the email and SaaS application use cases yet. This is something that we are looking at. There is some protection in email since a lot of the phishing emails have links out to web servers, which then get shielded by Menlo Security. It is the attachment isolation piece that we haven't yet onboarded. We are not yet using the Menlo Private Access feature, but we are looking at it. They provide other services that we don't happen to yet engage. We just started with their initial use case and stuck with that. I would rate it as 10 out of 10. It is the cornerstone of our security posture. It keeps the noise out. If you have too much noise, then all the processes that you have to invoke to deal with that are expensive, requiring resources that are hard to find and maintain, in terms of humans. It just prevents so much of that need.