• SSL
    • WRAPPER
      • SSL Made Easy

        Need help finding the right certificate?
        Try this tool.

        CERTWIZARD
      • SSL Certificates
        • Standard SSL
        • Extended Validation SSL
        • Multi-Domain SSL
        • EV Multi-Domain SSL
        • Wildcard SSL
        • CertWizard
        • Compare Certificates
      • Certificate Management
        • CertCentral Managed PKI
      • Other Certificates
        • Code Signing
        • EV Code Signing
        • Document Signing
        • Client (S/MIME)
        • Direct/FBCA
        • Wi-Fi
        • Device
      • Submenu Footer - Buttons

        Buy Renew
  • Solutions
    • WRAPPER
      • PKI Solutions

        Use advanced authentication and encryption methods.

        Learn More
      • Enterprise
        Solutions
        • Enterprise SSL
        • Certificate Management Platform
        • Code Signing
        • EV Code Signing
        • Client (S/MIME)
        • Private PKI
        • Dedicated Intermediate
        • Custom Certificate Profiles
      • Small &
        Medium Business
        • SSL Certificates
        • Managed PKI
        • Code Signing
        • EV Code Signing
        • Client (S/MIME)
        • Custom Certificate Profiles
      • IoT & Connected
        Devices
        • IoT Security by Industry
          • Healthcare
          • Automotive
          • Industrial
          • Smart City
          • Home and Consumer
          • Transportation
          • Custom Certificate Profiles
      • Digital
        Certificates
        • SSL Certificates
        • Code Signing
        • EV Code Signing
        • Document Signing
        • Client (S/MIME)
        • Direct/FBCA
        • Wi-Fi
        • Device
      • Submenu Footer - Buttons

        Not sure which certificate you need? COMPARE ALL SSL CERTIFICATES
  • Partner
    • WRAPPER
      • Become a DigiCert Reseller Partner

        Start offering SSL products to your clients and increase your bottom line.

        Learn More
      • WRAPPER
        • Systems Integrators & MSPs
        • Independent Software Vendors
        • Technology Partners
        • Resellers & Affiliates
        • Cloud & CDN
        • Hosting Providers
      • Submenu Footer - Buttons

        Join our growing network of partners APPLY HERE
  • Company
    • WRAPPER
      • Company

        About
        Contact
        Careers
      • WRAPPER
        • About Us
        • Careers
        • Contact Us
        • Leadership
        • Newsroom
        • Blog
      • Submenu Footer - Buttons

        Why DigiCert? Watch Video
  • Support
    • WRAPPER
      • Get Help

        Talk to a support rep any time.

        Learn More
      • Tools
        • SSL Install Diagnostic
        • Certificate Utility for Windows
        • CSR Generator
        • CertWizard
      • Digital Certificate Support
        • SSL Support
          • CSR Creation
          • Certificate Installation
        • Code Signing Support
        • Document Signing Support
      • Submenu Footer - Buttons

        Not sure which certificate you need? COMPARE ALL SSL CERTIFICATES
  • Resources
  • 1.800.896.7973
  • Live Chat

    Talk to a support representative any time.

    Sales

    1.855.800.3444

    sales@digicert.com

    Support

    1.801.701.9600

    support@digicert.com

    Corporate Offices

    2801 North Thanksgiving Way
    Suite 500
    Lehi UT, 84043

    1.800.896.7973

    • English
    • Chinese (Taiwan)
    • Italian
    • French
    • Chinese (China)
    • German
    • Spanish
    • Dutch
    • Japanese
  • SSL
    • WRAPPER
      • SSL Made Easy
      • SSL Certificates
        • Standard SSL
        • Extended Validation SSL
        • Multi-Domain SSL
        • EV Multi-Domain SSL
        • Wildcard SSL
        • CertWizard
        • Compare Certificates
      • Certificate Management
        • CertCentral Managed PKI
      • Other Certificates
        • Code Signing
        • EV Code Signing
        • Document Signing
        • Client (S/MIME)
        • Direct/FBCA
        • Wi-Fi
        • Device
      • Submenu Footer – Buttons
  • Solutions
    • WRAPPER
      • PKI Solutions
      • Enterprise
        Solutions
        • Enterprise SSL
        • Certificate Management Platform
        • Code Signing
        • EV Code Signing
        • Client (S/MIME)
        • Private PKI
        • Dedicated Intermediate
        • Custom Certificate Profiles
      • Small &
        Medium Business
        • SSL Certificates
        • Managed PKI
        • Code Signing
        • EV Code Signing
        • Client (S/MIME)
        • Custom Certificate Profiles
      • IoT & Connected
        Devices
        • IoT Security by Industry
          • Healthcare
          • Automotive
          • Industrial
          • Smart City
          • Home and Consumer
          • Transportation
          • Custom Certificate Profiles
      • Digital
        Certificates
        • SSL Certificates
        • Code Signing
        • EV Code Signing
        • Document Signing
        • Client (S/MIME)
        • Direct/FBCA
        • Wi-Fi
        • Device
      • Submenu Footer – Sales
  • Partner
    • WRAPPER
      • Become a DigiCert Reseller Partner
      • WRAPPER
        • Systems Integrators & MSPs
        • Independent Software Vendors
        • Technology Partners
        • Resellers & Affiliates
        • Cloud & CDN
        • Hosting Providers
      • Submenu Footer – Partners
  • Company
    • WRAPPER
      • Company
      • WRAPPER
        • About Us
        • Careers
        • Contact Us
        • Leadership
        • Newsroom
        • Blog
      • Submenu Footer – Company
  • Support
    • WRAPPER
      • Get Help
      • Tools
        • SSL Install Diagnostic
        • Certificate Utility for Windows
        • CSR Generator
        • CertWizard
      • Digital Certificate Support
        • SSL Support
          • CSR Creation
          • Certificate Installation
        • Code Signing Support
        • Document Signing Support
      • Submenu Footer – Resources
  • Resources
  • Account Login
Communities
Communities
  1.  
  2. Profile

  • Profile
  • Activities
  • Badges

Profile Data

Mark Urban
  • My Activities
Member Action Date
Mark Urban Mark Urban Posted Threat Isolation: Why You Can Now Browse Without Fear on Blog

The battle between malicious hackers and enterprise security practitioners has become an ever escalating arms race.

Organizations would invest in ant-virus, anti-spam, and host intrusion prevention services to bolster their security. And it would work - for a time. Attackers reacted by upping their game and started to make progress again. Then, advanced malware sandboxes came along to catch more sophisticated attacks.

Before long, however, bad actors found new ways to slip their malware past even the most sophisticated network defenses, confounding beleaguered defenders with advanced persistent attacks, spear phishing and other exploits.

And now cybercriminals have started to use encrypted channels, multi-vector and multi-phased attacks.

When enterprise security practitioners use forensic tools to conduct breach investigations, they often trace breach sources back to employees who clicked on very clever phishing emails or have been led to a risky website that quickly downloads some zero-day malicious content to their devices. The bad guys have become experts at using techniques like social engineering to trick employees into making security mistakes. It can be subtle – a new, clever web site with a bit of bad JavaScript here, a malicious style sheets there, or maybe a document with just the last fragment malicious payload that activates after a day or two.

The arms race script will repeat and change in ways we can’t know today.  But we’re looking to drive innovation in a different way – for the good guys.  

Turning Point in the Malware Battle

The advent of web and email isolation technology provides enterprises with a powerful tool to seal off their networks from infection, approaching security in a dramatically different way.

The technology works by positioning itself between the users and the internet so that potentially malicious content gets executed in a secure, containerized environment, “isolating” the user from all code and content, good or bad. It works in the background, so there’s no impact on user experience.  They can interact with the website or the email content as if the isolation process was not even occurring.

Early adopters in the healthcare, finance, government and telecommunications sectors are already deploying the technology to combat malware-laden threats arriving over the internet. But it is still early in what’s shaping up to be a major transition in the way security organizations fight malware. Indeed, Gartner, which included web isolation as one of the 10 most important technologies in the information security field, expects about 50% of enterprises will adopt isolation technology by 2021.  

Since most attacks begin with malware delivered either through email, URL links or malicious websites carried over the internet, the very act of moving the browsing process directly from the end-user’s device and isolating it in a network container eliminates the threat of a potential infection.

“This is a fundamentally different approach where malware can't get to the users any longer,” said Mark Urban, Symantec’s VP of Product Strategy and Operations. “I think this can be a game-changing technology.”

It’s also why Symantec last week announced an agreement to acquire Israel-based Fireglass, whose leading edge technology creates virtualized websites that let users browse content without having to fear that viruses might infect their devices and corporate networks.

Fireglass's isolation technology deploys virtual containers which process web browsing sessions remotely. It delivers the end user a “visual stream” that is completely safe from malware. By placing traffic in a cloud or on-prem isolation container, no  ransomware or other malicious content and malware can wind up infecting endpoints or systems.

“There’s no ability for code or content to reach users,” Urban noted. “It’s just a visual stream. Users can see it, click it, and interact with it just like normal. But nothing actually gets downloaded into their computer or executed into a browser except the visual image, which is harmless. All the HTML, Java, CSS – all the code – gets executed in a safe virtual container.  In some ways, it’s the ultimate protection because bad stuff can’t reach the end user.”

The computing architecture in web and email isolation serves as a proxy that essentially isolates the users and devices inside the enterprise and carefully manages their connections to the outside world. It applies different technologies that analyze information and content to ensure that malware can’t get into the network.

“There is no silver bullet. But having a multi-layer approach to detection – with anti-virus scanning , advanced malware sandboxes, and behavioral analytics – is critically important,” Urban said. “ And isolation technology adds the latest high-impact capabilities to the mix, allowing employees to interact with higher-risk sites and emails which in a safe and secure manner.”                                                                       

Isolation offers organizations a way to strike a balance between IT’s desire to keep their computing environment safe and employees, who need to access information over the public internet. Millions of hosts - domains, subdomains, or IP addresses - pop up every day and many have life spans of less than 24 hours. Many organizations choose to set their Secure Web Gateways to block users from going to types of uncategorized sites because of the risk they represent, even though many are legitimate destinations for business purposes.

“The age-old challenge for security organizations is to find the right balance between keeping users happy and keeping their computing environment safe,” according to Urban.

“In a perfect world, these organizations would block everything that’s even a little bit risky, and users would be OK.” he continued, “but in the real world, users do complain and security has to strike a balance between risk and access.” With web and email isolation, Urban added, users can get to the information they need and the business is protected from any threats lurking in the shadows. “The isolation path gives them a lot more flexibility,” he said.

What Does Fireglass Do?

The core technology can be delivered on-premises or as a cloud-service. It intercepts and executes web requests in a remote secured environment and will offer users safe access to uncategorized websites, without risk of malware infection, since each website interaction is isolated from the network.  The same isolation benefits hold true for files delivered from the web - users access files through isolation instead of downloading them to their machines.

Businesses can then let their users interact with these sites and documents to accomplish their tasks, knowing that any malware introduced via these sessions will remain isolated from their network and not infect their environment.

The upshot: A more open environment, happier users and better threat prevention. Now that’s a winning combination.

Show more

Mar 07 2018, 9:10 AM

  • All Badges
  • All Assigned
  • All Earned

About

DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.

  • Resources
    • Support
    • Developers
    • Tools
    • Blog
    • FAQs
  • Company
    • Spanish Version
    • About Us
    • Newsroom
    • Contact Us
  • Legal
    • Terms of Use
    • Privacy Policy
    • Legal Repository
    • WebTrust Audits