1

Threat Isolation: Why You Can Now Browse Without Fear

Created on Jul 18 2017, 7:07 PM by Mark Urban

The battle between malicious hackers and enterprise security practitioners has become an ever escalating arms race.

Organizations would invest in ant-virus, anti-spam, and host intrusion prevention services to bolster their security. And it would work - for a time. Attackers reacted by upping their game and started to make progress again. Then, advanced malware sandboxes came along to catch more sophisticated attacks.

Before long, however, bad actors found new ways to slip their malware past even the most sophisticated network defenses, confounding beleaguered defenders with advanced persistent attacks, spear phishing and other exploits.

And now cybercriminals have started to use encrypted channels, multi-vector and multi-phased attacks.

When enterprise security practitioners use forensic tools to conduct breach investigations, they often trace breach sources back to employees who clicked on very clever phishing emails or have been led to a risky website that quickly downloads some zero-day malicious content to their devices. The bad guys have become experts at using techniques like social engineering to trick employees into making security mistakes. It can be subtle – a new, clever web site with a bit of bad JavaScript here, a malicious style sheets there, or maybe a document with just the last fragment malicious payload that activates after a day or two.

The arms race script will repeat and change in ways we can’t know today.  But we’re looking to drive innovation in a different way – for the good guys.  

Turning Point in the Malware Battle

The advent of web and email isolation technology provides enterprises with a powerful tool to seal off their networks from infection, approaching security in a dramatically different way.

The technology works by positioning itself between the users and the internet so that potentially malicious content gets executed in a secure, containerized environment, “isolating” the user from all code and content, good or bad. It works in the background, so there’s no impact on user experience.  They can interact with the website or the email content as if the isolation process was not even occurring.

Early adopters in the healthcare, finance, government and telecommunications sectors are already deploying the technology to combat malware-laden threats arriving over the internet. But it is still early in what’s shaping up to be a major transition in the way security organizations fight malware. Indeed, Gartner, which included web isolation as one of the 10 most important technologies in the information security field, expects about 50% of enterprises will adopt isolation technology by 2021.  

Since most attacks begin with malware delivered either through email, URL links or malicious websites carried over the internet, the very act of moving the browsing process directly from the end-user’s device and isolating it in a network container eliminates the threat of a potential infection.

“This is a fundamentally different approach where malware can't get to the users any longer,” said Mark Urban, Symantec’s VP of Product Strategy and Operations. “I think this can be a game-changing technology.”

It’s also why Symantec last week announced an agreement to acquire Israel-based Fireglass, whose leading edge technology creates virtualized websites that let users browse content without having to fear that viruses might infect their devices and corporate networks.

Fireglass's isolation technology deploys virtual containers which process web browsing sessions remotely. It delivers the end user a “visual stream” that is completely safe from malware. By placing traffic in a cloud or on-prem isolation container, no  ransomware or other malicious content and malware can wind up infecting endpoints or systems.

“There’s no ability for code or content to reach users,” Urban noted. “It’s just a visual stream. Users can see it, click it, and interact with it just like normal. But nothing actually gets downloaded into their computer or executed into a browser except the visual image, which is harmless. All the HTML, Java, CSS – all the code – gets executed in a safe virtual container.  In some ways, it’s the ultimate protection because bad stuff can’t reach the end user.”

The computing architecture in web and email isolation serves as a proxy that essentially isolates the users and devices inside the enterprise and carefully manages their connections to the outside world. It applies different technologies that analyze information and content to ensure that malware can’t get into the network.

“There is no silver bullet. But having a multi-layer approach to detection – with anti-virus scanning , advanced malware sandboxes, and behavioral analytics – is critically important,” Urban said. “ And isolation technology adds the latest high-impact capabilities to the mix, allowing employees to interact with higher-risk sites and emails which in a safe and secure manner.”                                                                       

Isolation offers organizations a way to strike a balance between IT’s desire to keep their computing environment safe and employees, who need to access information over the public internet. Millions of hosts - domains, subdomains, or IP addresses - pop up every day and many have life spans of less than 24 hours. Many organizations choose to set their Secure Web Gateways to block users from going to types of uncategorized sites because of the risk they represent, even though many are legitimate destinations for business purposes.

“The age-old challenge for security organizations is to find the right balance between keeping users happy and keeping their computing environment safe,” according to Urban.

“In a perfect world, these organizations would block everything that’s even a little bit risky, and users would be OK.” he continued, “but in the real world, users do complain and security has to strike a balance between risk and access.” With web and email isolation, Urban added, users can get to the information they need and the business is protected from any threats lurking in the shadows. “The isolation path gives them a lot more flexibility,” he said.

What Does Fireglass Do?

The core technology can be delivered on-premises or as a cloud-service. It intercepts and executes web requests in a remote secured environment and will offer users safe access to uncategorized websites, without risk of malware infection, since each website interaction is isolated from the network.  The same isolation benefits hold true for files delivered from the web - users access files through isolation instead of downloading them to their machines.

Businesses can then let their users interact with these sites and documents to accomplish their tasks, knowing that any malware introduced via these sessions will remain isolated from their network and not infect their environment.

The upshot: A more open environment, happier users and better threat prevention. Now that’s a winning combination.

  • Products
  • DigiCert Complete Website Security
  • Thought Leadership
  • Symantec Website Security