Ericom: Making surfing the internet safer

Today, organizations cannot know when and where the next attack is going to surface and how much damage it will cause. The risk is compounded by the fact that castle-and-moat security no longer exists. Network perimeters are fluid, with no clear demarcation points between “outside” and dangerous, and safely “inside.”

The internet is chaotic

The internet is chaotic and only getting worse. It was built with the twin ideals of providing a better user experience and easy connectivity. For instance, if you have someone’s IP address, you can communicate directly with them. IP has no built-in authentication mechanism: Authentication is handled higher up in the stack. Bad actors take full advantage of the internet’s “trust model,” making attacks not a matter of “if”, but a matter of “when”. Basically, this norm is the devil’s bargain we have accepted in exchange for convenience and easy connectivity.

Today, with virtually nothing secure, we must strive for solutions by looking at the whole problem from an altogether new angle. Previous solutions simply don’t provide enough protection from today’s highly evolved hackers.

Fortunately, however, we have now reached a significant evolution in security technology with the introduction of Ericom’s Zero-Trust Remote Browser Isolation (RBI) solution. Now, for the first time, we can say that browsing is more secure than ever before.

Cyberattacks: It’s all about the money

Or at least mostly, since politically-motivated attacks are on the rise. But let’s look at what might motivate a bad actor to hack into a private healthcare system.

Once an attacker is in, he gets access to all the financial, insurance, personal and bank account information of members or patients. Each record is very valuable in the black market, a lot more valuable than credit card details alone.

You can’t undo your health history. Hence, bad actors can blackmail or put pressure on targets for monetary gain – which does not stop them from rolling the information on the dark web for additional profit.

RBI and zero trust

Realistically, perfect, airtight security will always remain just beyond reach. When you are surfing the internet, there’s no way to be sure that the site you plan to visit is safe – you simply can’t trust any site. And white- and blacklisting can’t help: There are so many sites, and they arise and disappear so quickly, that there is no way to catalog them all in advance.

Attackers evolve and adapt their techniques at a rapid pace with which defenders cannot keep up. Discussion on the defense side gravitates toward “how quickly can we respond?”. This reactive posture is dangerous when dealing with, for example, malware that penetrates internal networks. First, there is risk in not being able to establish barricades to keep malware out, then lateral spread of malware throughout the network compounds the threat.

Even if you are eventually able to catch the malware, searching, cleaning, testing and shutting resources down until they are clean involves crushingly high costs.

Therefore, to strengthen security postures and protect organization’s valuable assets, there is a dire need for a new paradigm. And that new paradigm is zero trust + RBI.

Zero trust is all about ‘not trusting’ any process, network, user or device and ensuring that every connection in the chain of events is authenticated. RBI, on the other hand, is about stopping all threats. RBI complements the zero-trust story by adding another brick in the wall and filling the internet gaps that zero trust leaves open. 

Types of internet-based attacks

The internet browser is one of the main attack vectors today, as many of the most aggressive hacking trends demonstrate. Essentially, existing solutions do not successfully protect against the constant influx of innovative threats that attack via web browsers.

Phishing

The average lifespan of a phishing site is around 6 hours. By the time you could hunt, identify and protect against many of these sites, their short lifespan is over. Phishing usually starts with an email that lures the user to click on a link. The link can be for a download or navigation to a site. Phishing sites either automatically download malware through drive-bys or are spoofed sites, designed to gather credentials.

Drive-by downloads

Drive-by downloads can actually happen on innocent sites that have been injected with malware with the intention of hacking users’ sessions, as well as on dedicated phishing sites. The hackers attempt to penetrate sensitive data in the user’s organization by reverse engineering the connection.

Malware

Recently, bad actors have raised malware to an unprecedented level of sophistication and impact. Malware campaigns can now be automated without any human intervention. The devastating effect of Nyetya on more than 2000 Ukrainian companies is terrifying evidence.

Malware comes in a variety of forms and file types. File sanitization solutions are essential to protect against malware in files that are downloaded onto endpoints. However, they are powerless against malware that enables hackers to watch the keystrokes as people enter data in forms and thereby gain access to credentials.

The Ericom Shield RBI solution safeguards against this is by allowing suspicious sites (i.e. spoofed/phishing sites) to be opened in read-only mode, so users can’t type in sensitive data.

Crypto jacking

When cryptocurrencies were in full bloom, bad actors were infecting computers with crypto-mining software and harvesting computing power to mine currencies for themselves. These miners would run 24/7 and result in high electricity bills, as well as lower capacity for legitimate processing.

However, with RBI, crypto jacking just doesn’t work because browser tabs are destroyed quickly, as soon as user interactions cease. Crypto-miners can’t persist on your computer as the containers are only active as long as users are active in the browser tab. This is another remarkable win for RBI.

Cross-site scripting 

Cross-site scripting attacks occur when users browse to different sites by adding tabs while using the same browser. When users enter their credentials on one site, an infected site in another tab can pick up those credentials.

Chrome and other browsers address this issue by isolating tabs from each other. However, the entire browser still sits on the end-user’s computer. So, while this type of isolation protects information from tab to tab, it does not protect the end-user’s – or organization’s — information in general from malware attacks.

Tab isolation is a step in the evolution to remote browser isolation but is only a partial solution since it merely provides isolation between sites browsed on the local endpoint. It is far from a complete solution to browser-borne threats.

Introduction to isolated browsing

The concept of securing browsing through isolation is not new. Solutions have been on the market in one form or the other for quite some time. However, none of these solutions fully secure the end-user’s browsing session from internet-borne threats.

Browsing companies offer security features such as Ad blockers and local tab isolation that can help, but only to a certain degree. In fact, many purported secure browsing solutions are local isolation techniques that provide only limited protection since they allow site content onto the endpoint, albeit in isolated segments, containers or virtual machines. 

Ericom: Revolutionizing browser isolation

The incarnation of Ericom’s remote browser isolation technology took place over 3 years ago, with a “double browser” solution. This solution isolated the browser from the end-user device by allowing users to establish a remote session to an application which happened to be a remote browser. While other solutions in the marketplace talked about remote browser isolation, most of them are not actually remote from the endpoint — perhaps the most important factor.

Ericom has taken this to the next level of protection with the Ericom Shield Remote Browser Isolation (RBI) solution.

Other ways to perform browser isolation

Currently, some available solutions merely isolate tabs from each other, or isolate complete browsers within local machines. But these solutions do not isolate web content from the end-user device – or from the network to which it’s connected. As a result, they are only halfway to protecting their users from browser-borne threats.

Local isolation solution concepts entail running a virtual machine (VM) on the endpoint device to create a safe zone within the computer. Other solutions create a compartment within the hard drive, hoping that it provides good-enough isolation, but unfortunately, it does not.

For an effective security posture, you really want to make sure that threats stay as far as possible from your internal network and from end-user devices. In reality, these solutions decrease the security posture which is why there is a big push for the remote browser isolation (RBI).

Some solutions require users to install software or even hardware on their device. This is old-fashioned thinking and labor/management intensive, and certainly not feasible for distributed organizations. Other solutions limit users to their own proprietary browsers – a significant inconvenience for users.

Everyone knows that within every organization, there are a variety of devices. A solution that does not work with all different devices adds complexity, which is the number one enemy of security.

The power of truly remote isolation

With RBI in place, someone else is handling the job of heavy lifting to ensure security. Users enjoy a normal browsing experience despite the fact that browsing doesn’t actually take place on the user’s endpoint device. The robust architecture reduces the possibility of attack via the end-point to an absolute minimum.

The power of RBI is that it stops everything — both known and unknown threats. Defenders can worry less about the latest as-yet unknown attack vector. An effective solution, it isolates potential danger it as far away from the end-user as possible.

RBI is a holistic solution that does not identify something and only then stop it. Rather, it simply stops everything (while still allowing users to interact naturally with websites). Nothing on the internet touches the end-user’s device. Hence, the cat and mouse game of detection-based solutions, in which solution-providers are always playing catch-up, no longer applies.

The future

Cyberthreats will only continue to grow and become more destructive, as cyber criminality escalates around the globe. Nowadays, with many hacking services such as phishing-as-a-service, widely available, it’s so easy to become a hacker.

The year 2017 was about ransomware, 2018 was about crypto jacking and now in 2019, it’s phishing. No one knows what is coming next, so we need a solution that doesn’t have to play catch-up like most of the solutions out there.

Firewalling and anti-virus software block threats that already exist. They only restrict attacks that have occurred in the past or that resemble past attacks. Many threats arise de novo, therefore cannot be corked with legacy security systems. There is always a window of time where solutions have to catch up or it could prove to be fatal for the security.

RBI seamlessly adds another layer of security to existing solutions and complements them. This new layer stops everything that is not verified – which is to say, everything from the internet — which is why it’s an ideal fit for the zero-trust approach.


About Matt Conran

Matt Conran has created 181 entries.

Leave a Reply