ISOLATION: A key component in a modern information security architecture
Cyber-attacks are a worldwide problem that every person, government, and organization that uses the Internet needs to be aware of. Reports indicate that the number of cyber attacks worldwide is forecast to increase significantly in the near term. Most attacks take advantage of the popular web traffic data channel to increase their numbers. In the past when the number of attacks was always a challenge to individuals, countries and organizations, now it is not a real problem. It is the increase in the “quality” of the attacks that is the most damaging factor.
As the number of attacks increases, unfortunately their quality also increases exponentially. Today’s attacks can be specialized, with a very clear set of targets and intentions. In their increasingly sophisticated form, these attacks were able to evade the detection mechanisms of anti-virus / malware software, or even hide themselves from being detected by Sandbox analysis mechanisms. They can completely bypass detection mechanisms to smuggle data out of the system. Lots of new types of Fileless attacks – do not use files or any executables, make them completely invisible to regular AV programs / tools, and close to but impossible to prevent until they have committed malicious behavior to the system. It is also because of the increasing number of cyber attacks in terms of quantity and quality, leading to them becoming easier and easier to execute. As-a-service attack methods, such as Ransomware as a service, allow even novice hackers to execute complex code to execute attacks. dangerous, professional.
Modern information security framework
There is no shortage of recognized information security frameworks today. These frameworks provide best practices that guide businesses in securing networks & data. It also covers how to protect corporate network users from the latest information security attacks & threats.
Most of these frameworks share a number of methods and techniques to protect the network, users and data, especially the security of the web and email. The only difference between them is commitment and success in implementation, demonstrated by the strength of the enterprise information security team in implementing, implementing, and maintaining the framework.
However, some frameworks are difficult to deploy, while others put too much emphasis on security at the expense of user usability and experience. An easy-to-see example is email and web security. Some frameworks suggest that in order to achieve the maximum level of security for web access, users must use two separate browsers: One has all unnecessary plug-ins and scripts disabled, as well as certain browser features are limited; The other browser is configured to use plug-ins, scripts … The first browser is used to access important websites: professional websites, banking…The second browser is used for web access. general.
This concept has been around for a while, but it is an impractical and ineffective approach to solving the problem of malicious code spreading via web / email. In fact, users may feel confused about when to use a browser to suit business goals or personal preferences, leading to the worst case scenario where the business is still under attack, and the purpose of browser isolation approach fails. Not to mention the Help Desk department also needs to regularly answer the user’s questions about which browser to use appropriately. To conclude, supporting two browsers for two different purposes is a waste of time and money, not to mention it has a huge impact on the user experience and reduces productivity.
Currently, there is a more advanced technique to protect corporate networks and users from email and web attacks. To be able to better understand this method, it is necessary to have a good understanding of how the browser works
Browser intrinsic work
On computer devices like laptops, there are many components that provide the web experience: the operating system component, the application component, and the browser component. Deep into the browser component, there are 3 core functions to convey a web page’s content from the browser to the user device: Fetch – Load, Execute – Execute, and Render – render rendering
When a user clicks on a web link on an email or document, or visits a website in any way, their browser loads a stream of data containing the web page’s content, which is the code. the programming command is returned by the web server. In this data stream contains: fonts, images, active content (Javascript, Adobe Flash) to build the website. This data is then executed on the user’s device’s browser. The execution converts data from bits to digital content, for example videos, music, ads … The browser then renders the pixels, transmitting the content in a displayable and interactive format of a website, on the user’s device.
Browsers today are increasingly complex, and even though programmers have added more functions and tools to protect users from safer and more secure browsing, hackers can still find them. and exploit a lot of security holes in many different ways. Many recent lessons have shown that cyber attacks are done on the web. The reports also show that many of the popular websites users visit frequently operate on vulnerable versions of their code, making them easy to target for hijacking attacks. control. In addition, when a user initiates access to a website, the site can actually connect to an average of 25 other “background pages”. These “background pages” may load videos from a CDN server or pull promotional content from the Ad-delivery network. All of these actions are executed behind the scenes, unnoticed by the user, and often invisible to the usual anti-virus and web filtering mechanisms. Thus, a “background page” that transmits infected code or active content can completely infect the user’s device. The complexity and virulence of web-spreading malware, combined with the slyness of hackers, makes browsing increasingly dangerous for users, businesses and their data.
New approach – ISOLATION
What if the actual website code execution happens away from the user’s device ?.
That’s the basic approach of “Quarantined Web Browser” from Menlo Security.
Instead of giving the choice between running all browser functions, Load, Execute, and Dump on the user device, Menlo Security contains Remote Load and Execute functionality in a Cloud environment. At this point in the user’s web browser only the Dump and all functions associated with it will be run. The website displayed looks and feels exactly like the actual website – as it is still the same website, eliminating the risk of malicious code. All executable components were run on the Menlo Security Isolation Platform (MSIP) cloud platform. No matter whether the source code of the web contains malicious code, or if the website contains active content – JavaScript, Flash…- is the foundation whether / not to distribute malicious code, because MSIP does not define what is in the Clean from bad / harmful parts. Unlike current malware prevention solutions, MSIP does not distinguish “good” from “bad”, thereby taking the action “allow” or “prohibit”. MSIP’s approach is agnostic: assume the entire source code of the web is “bad”, and perform full quarantine.
Menlo Security has pioneered an approach that perfectly combines web security, email security and security awareness training and phishing into a single, cohesive platform. Built from the ground up to support cross-platform, Menlo Security Isolation Platform takes advantage of cloud computing features to provide a 100% secure browsing environment, easy to scale and upgrade without compromising experience. user experience. The MSIP solution solves information theft, zero-day attacks, ransomware and malicious ads, as well as personal email security and helps businesses meet regulations / regulations to comply.
A client’s journey to Isolation
A large, global insurance company has been through numerous malware attacks and web phishing. 80% of malware infections on the web are caused by employees accessing unsorted websites. Infected devices will take a lot of time and effort to recover. Anti-fraud training for employees is helpful in dealing with phishing attacks. But some employees will continue to click on the phishing link, resulting in information theft and malware infection.
Restricting employee web access is not a solution the company wants to take, because it will have a negative impact on user productivity while also burdening the Support request for Support. help.
However, with no other options, both facing rising infection rates, potential loss of critical information, and escalating costs of system rehabilitation, the company implemented a policy of engraving: do not allow users to access unsorted websites. This created a “perfect storm” as the company feared: productivity plummeted, and the number of tickets and support calls to the Help Desk increased dramatically.
Frustrated and affected by productivity, many users have decided to circumvent new security measures. This situation puts the company in even more danger, when users begin to use their own “information security measures”.
After hearing and learning about the Menlo Security Isolation Platform, the company gave it a try. They initiated PoC and found that Menlo Security’s new approach to web security could reduce employee’s need to enforce a policy of restricting employee web access, even for unsorted websites.
Once the company agrees that the isolation seems to be the perfect approach to solving employee browsing and malicious code challenges, the efficiency / cost of the investment will be the deciding factor to invest in. from MSIP. The costs were put in place by a simple equation: Consider the rapidly increasing costs, and the considerable time and resources the company incurs to troubleshoot the problem, including recovering the equipment; The helpdesk must respond to relentless support requests; reduced employee productivity; high likelihood of re-infection and potential loss of important information; employees looking to overcome complex and discrete security mechanisms … compared to investing and using the cloud platform of Menlo Security Isolation Platform. Ultimately the company’s costs were reduced by implementing Menlo’s isolation solution.
Stage 1 – Isolating dangerous pages
The company has phased out an Isolation solution approach. The first phase will isolate malicious websites classified on MSIP, almost immediately preventing the infection of malicious code via the web. This action alone is of great help for the company, as the majority of websites that are not classified are dangerous. By isolating dangerous pages, especially unsorted pages, the company was able to allow users to re-visit the group of unsorted websites, increasing the user’s productivity, and at the same time. reduce requests to Support (especially website reclassification).
Stage 2 – Isolating all links in email
At this stage, the company quarantines all the links in the email, limiting the infection of malicious code from the employee accidentally or intentionally clicking on these links – whether to use it with prior awareness training or not. The risk of information theft through entering web forms also disappeared, as the company was able to render the web pages “read-only” with MSIP. In addition, the company also increases control when it comes to understanding what users will click on the websites they visit.
Stage 3 – Isolating all websites
In the final stage, the company decides to isolate all of the websites employees visit, starting with key employees, then all the employees. This ensures comprehensive protection and prevention of malicious code via the web.
Isolation is a new approach, completely addressing the increasing number and complexity of information security problems the business is facing, inherent in pre-detection defense measures. That doesn’t work. Isolation is an essential component of the next generation information security framework.
See more information about Menlo solution at: https://www.menlosecurity.com/
Since 2020, VIETNET Distribution JSC has officially become a distributor of Menlo in Vietnam. Menlo Security Isolation Platform takes advantage of the cloud computing features to provide a 100% secure browsing environment, easy to scale and upgrade without compromising user experience. The MSIP solution solves information theft, zero-day attacks, ransomware and malicious ads, as well as personal email security and helps businesses meet compliance regulations / regulations.