Web security teams can use a cloud-based browser isolation service to avoid bothering over what active content to filter out.
The internet is a dynamic and interactive source of information, education and entertainment. What makes it so appealing and interesting is active content delivered in the form of JavaScript and Adobe Flash. Unfortunately, active content is also the very thing that can open up opportunities for malware and infections into computers.
Security administrators find themselves in a bind as they battle to implement and enforce web security policies. Their primary line of defense involves secure web gateway (SWG) appliances and cloud-based services. However, SWGs can only protect against what is known. Policies are largely based on websites categories, such as news or entertainment. However, if the SWG does not recognize a site, and it does not come under a known category, and administrators have to decide whether to allow access to these uncategorized sites (thus increasing malware risk), or whether to deny access and deprive employees of information and data they may need.
Conventional security measures force Security Operations Centre (SOC) staff into making these invidious choices every day. In contrast, isolation security delivers the confidence that all active content is contained before it can reach a user’s endpoint device, meaning that SOC staff would no longer have to make difficult choices and users can safely access any website.
Malware risks are growing
The risk of malware infecting an organisation’s system is enormous. According to the AV-TEST Institute, there are close to one billion malware variants as of today, with 350,000 new potentially unwanted applications (PUA) and malware types being registered every single day. Malware has played a critical role in many of the world’s recent, high-profile cyber breaches—the cost of which are well-known to be potentially devastating.
Enterprises also face serious hidden costs—including sanitizing infected machines, managing security alerts and manually handling recategorisation requests—as they fight to ensure such attacks do not succeed. All of these reactive procedures place tremendous strain on SOC staff, leading to high turnover, and indirect costs associated with replacing staff and training new employees.
It is clear that the traditional incident response approach is not adequate to deal with the mounting challenges to network security. IT departments need to move on to an approach that puts preventive measures, such as isolation, in a framework for continuous system monitoring. One approach, called isolation security, has been shown to insert a secure, scalable and transparent platform between users and potential sources of attack or infection.
Rather than constantly distinguishing between “good” and “bad” content, links, and websites, isolation technology contains all active content in the platform. No active content leaves the platform, meaning that only safe rendering information is delivered and malware has no path to reach a user’s endpoint device. The benefits of isolation security to an organisation are substantial and do not impact the user experience. Consider how these four benefits can impact your business.
1. Reduction of web-based threats, compromises and infections
Every attack has multiple discrete stages. In the context of web-based attacks such as ransomware and malvertising, isolation stops a significant number of web-based infections early in the ‘kill chain’ model, since it prevents active code from being delivered to the user’s local browser. This has an immediate and significant impact on the security posture of an organization. All email links are opened in the isolation platform and rendered in “read only” mode so that, even if a user clicks on a malicious email link, the organization is protected against phishing attacks and ransomware, spear-phishing attacks, and drive-by malware exploits.
2. Fewer web-based alerts to investigate
The huge amount of network traffic generated every day means that SOCs investigate the source and determine the risk of a massive volume of content. Isolation ensures that these web-based risks are mitigated by ensuring that content, such as Javascript and Flash that constantly run in the background or as requested by users, is not delivered directly to the end user. Thus there is a significant reduction in web-based alerts to review, freeing analysts to spend more time on other alerts from non-web-based attacks.
3. Removal of risky browser plugins
Patching the vulnerabilities in Flash and Java browser plugins does not go far enough in fixing the problem, and it is an unnecessary distraction to the security team. Isolation enables organizations to disable Flash and Java in their employees’ browsers ensuring that only safe, transcoded content is delivered, mitigating the vulnerabilities that attackers constantly exploit. The isolation approach executes potentially harmful dynamic content within the isolation platform, and sends only safe rendering information to the user’s endpoint device—ultimately protecting an organization’s entire network.
4. Increased productivity and competitive advantage
CIOs and their security teams must constantly deal with the trade-off between the risk of allowing their organizations access to the web to do research, collaborate across the organization and communicate with co-workers, and the productivity gains and employee satisfaction associated with access. Isolation lets enterprises enable access while significantly eliminating risk. The user experience remains consistent and nearly indistinguishable from direct web browsing, and the isolation platform introduces no noticeable latency or impact to browser functionality.
What isolation security means for business
The web remains a dangerous place for users, and it pays to have a healthy distrust of even the most popular, trusted websites on the internet. Strong precautions are needed to ensure that users, their devices, and the networks, apps, and clouds used by organizations are not infected and infiltrated by attackers.
Every day, organizations are engaged in a serious battle to maintain the security of their networks, while at the same time enabling their staff to take the maximum advantage of the internet’s benefit. It could be time to think twice about conventional security models and consider isolation technology—a proven way of securing the web for enterprises without compromising the user experience.