Protection by isolation: An elegant blend of security and usability at last?
(Caption for above pic: Menlo Security’s CEO, Amir Ben-Efraim, was recently in town to talk about his isolation platform)
Up until recent years, cybersecurity solutions have been reactive to threats and attacks. But being reactive is a bad way to address the unknown threats that are circulating out there in cyberspace.
And yes, unknown threats do exist. The Internet being fraught with unknown and as yet undetected risks, has become like the Wild Wild West, as a result.
Proactive security solutions came around to try and address the gaps left by reactive solutions, by actively hunting instead of waiting for something bad to happen.
But despite big investments in beefing up security, events of the past few years have shown that big organisations are still being compromised.
And then, along comes cybersecurity solutions, based on isolation methods and technologies. In 2016, Gartner had stated that one of the strategies organisations can take in terms of prevention, is by exploring something called isolation.
If anything, isolation, can help to reduce the attack surfaces that bad guys take advantage of.
Reducing the attack surface
According to Menlo Security’s APAC MD, Stephanie Boo, “Reactive technologies have helped to mitigate risks at best. That has worked well for the past 15 years, but they have started to succumb to zero-day malware and the unknown threats.
“Ten-percent of threats still come through our defences,” Boo said, adding that advanced protection cannot block active content that is found in web pages and emails.
Sometime last year when Menlo tested the top websites on the WWW, they discovered that one in every three websites is running vulnerable software.
Besides that, many websites also pull content from third-party content providers in order to offer a rich and active content experience to their visitors. The trouble arises because these third-party content providers or backgrounds are risky; 46-percent of the top one million websites on the WWW, are found to be risk because of this.
When the same test was replicated for Malaysia last September, and the top 50 sites here were tested, it was found that all of them were pulling content from a total of 182 background sites which are not safe.
With this knowledge, attackers are leveraging ‘safe’ and legitimate websites by big and trusted brands, to do phishing attacks, Boo had shared.
Active web content makes it easy to embed malware and other bad code.
During a breakfast briefing, Menlo held a demonstration of how the Menlo Security Isolation Platform (MSIP) protects users from risky websites and emails.
“Malware becomes headless without active content,” Boo explained.
Menlo’s proprietary ACR, or Adaptive Clientless Rendering, would fetch content, execute it on a remote virtual browser, and render it seamlessly on any device screen, without any latency, and without any malware code.
The user experience is preserved, leaving no trace of the complex process that has had to happen in the background.
Director of Solution Architecture, Lau Boon Peng, said, “The rendered page is still interactive, and the native end user experience is still preserved, with no change in the bandwidth (usage).”
In a similar way, URL links in emails are also rendered safe to use with this solution.
According to Boo, never has security and usability been in such harmony now that there is isolation technologies. “(MSIP) is an elegant way of isolation,” she said, adding also that Menlo’s isolation solution is the only one that has been patented.
With Menlo’s MSIP, they suggest that sandbox and web gateway solutions could potentially be replaced. Training dollars could also be saved, because of MSIP’s features that track users’ behaviours and pops up warning prompts before potentially risky actions are taken.
Being able to integrate logs with existing SIEM (security incidents event management) solutions, also help to drive down compliance costs, Boo concluded.