A single click. That is all it takes for today's malware to create havoc in a well-secured, enterprise environment. For CDOs, it creates a huge hurdle. Every time they integrate, interface, and share data across networks, they gamble.
The traditional approach was to detect threats ever faster. Problem with this approach is the relentless speed in which malware is created. Like a biological virus, single strains are now morphing into many variants. Each requires a different signature to detect. It makes detection a neverending catch-up game.
"Detection is old news. If it had worked, we wouldn't continue to see the headlines [about breaches[. The reason why detection is not working is that the technology cannot catch every single attack when hundreds of thousands are being launched every day. And all it takes is only one attack,” said Stephanie Boo, managing director for Asia Pacific, Menlo Security.
Some are resorting to physical isolation or containment strategies. It is not new but involved pretty drastic measures in the past. For example, governments often “air gap” their networks. The idea is to have their enterprise networks physically isolated from unsecured networks.
The problem is that modern enterprise users do not work that way. They are often mobile, accessing data, and connecting with cloud-native applications remotely. They are also continually receiving requests, data and information from outside their enterprises. Physical air gaps drain resources and productivity.
So, Menlo Security is making air gaps virtual. Their solution, a web isolation platform, follows what Gartner called remote browser isolation. All web traffic is passed through an isolated platform. Solutions like Secure Web Gateway (SWG), Data Loss Protection (DLP), and other security solutions then sanitize the traffic before it is sent to the user.
"In general, security solutions are very reactive. First, they will detect the threat, and then they will deal with it. Today's threats are too sophisticated and too dynamic. Isolation is different. We do not detect threats but eliminate them. And elimination is a powerful word,” said Boo.
Cloud advancements have made web isolation possible. Increase in cloud infrastructure speeds and easy access to compute resources allow companies like Menlo Security to reduce the lag. So, for users, it is business as usual. And for remote users, who have downloaded a lightweight PAC, Boo noted that the lag is negligible.
However, not all web isolation offerings are the same. With the success of this new tool, many major security vendors have jumped on the bandwagon.
So, Boo advised CDOs to look at six areas when choosing the right platform. The first three examines the solution promise. “First, it needs to preserve the native user experience. Second, you need to provide a clientless endpoint for easy deployment. And third, you need to be scale fast,” she said.
A good track record on securing active endpoints and offering a secure platform are important fourth and fifth criteria, said Boo. Lastly, a web isolation platform needs to integrate with other platforms. “We understand that no security solution is an island. So, it is important to integrate and interoperate with other security vendor solutions,” she said.
Menlo Security is not stopping at isolating traffic either. The company is now looking to tackle insider threats with unique recording technology.
“It records browsing sessions and [the files] are kept within the enterprise itself so there is no concern about privacy. It gives an accurate replay of browser activity. So, any suspicious behavior can be replayed," Boo said.