Light Point Security Partnership With Raven Data Technologies Provides MSPs With Additional Hosting Option
Posted on by Zuly GonzalezCategories Light Point Security Update, Light Point WebLeave a comment on Light Point Security Partnership With Raven Data Technologies Provides MSPs With Additional Hosting Option

Raven Data Technologies and Light Point Security Partner to deliver hosting for MSPsWe are excited to announce our partnership with Raven Data Technologies, an IT Solutions Company serving the MD, DC, VA, and PA region that specializes in providing security services to Managed Service Providers (MSPs). Raven Data Technologies combines decades of IT experience, risk management, and network security to deliver enterprise level IT solutions to businesses of any size, and we are thrilled that they have chosen to include Light Point Web Enterprise among their best-in-class managed security software offerings.

Light Point Web is a browser plugin that provides malware-free web browsing by transparently launching browsing sessions on a server-based virtual environment, thus preventing any website content (and possible malware) from ever reaching your computer.

Light Point Web offers flexible deployment options for every need: a cloud version for those that don’t want to deal with the hassle of maintaining their own servers, an on-premise version for enterprises that want more control, and now with our Raven Data Technologies partnership, a third-party hosted solution for Managed Service Providers that want to provide their clients with unmatched web security but don’t want to set up and maintain their own Light Point Web servers.

After vetting the Raven Data Technologies team we have selected them as our hosting partner for MSPs for their extensive security expertise and their vast knowledge of MSPs and their needs. Raven Data Technologies will now serve as our hosting partner for MSPs by hosting and maintaining the Light Point Web server infrastructure for them. Raven Data will also provide them with value added services, like technical support and client- and server-side upgrades.

To learn more about Raven Data Technologies and how they can help you secure your business, visit their website or follow them on Twitter.

Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads
Posted on by Beau AdkinsCategories Computer Security, Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads

OPSWAT LogoWe recently added a new feature to Light Point Web that warrants some extra recognition. We have added a server-side integration with OPSWAT’s Metascan Online service to provide yet another best-in-class layer of security for our users.

Metascan Online is a cloud service that can scan files with over 40 anti-virus engines, and do so in a matter of seconds. The fact that Metascan Online uses so many anti-virus engines is important. Just because one anti-virus engine claims that a file is safe, it doesn’t mean it is. It could be safe… or it could just be that this is a newer virus that has not been identified by that anti-virus vendor yet. It is actually common for new malware to only be identified by a small number of the anti-virus engines. With Metascan Online using so many anti-virus engines, we can get a much greater level of confidence that a safe file is indeed safe.

With our integration with Metascan Online, our users will get an extra level of assurance that every file they download is safe without having to wait around for the results. We offer this service for no extra charge for our cloud users.

How Does It Work?

When a user wants to download a file, Light Point Web will ask for their permission. If they say yes, that file will be downloaded to the Light Point Web server. Light Point Web will then ask Metascan Online to scan that file. If it is safe, the file is streamed to the user’s computer and the user is informed of the scan results.

LPS download no threats detected

If, on the other hand, the file is found to be malicious, the download is blocked and a message informs the user why.

LPS download threat detected

This all happens seamlessly to the user, so no extra work is required by the user to get this additional layer of protection.

Coming soon: If a file is found to be malicious, the dialog will also include a link to the scan results so that you can see further details on the threat detected and which engines detected it.

Enterprise Options

For our enterprise customers, we offer a couple of options: Metascan Online or Metascan on-premises. OPSWAT offers both a cloud version and an on-premise version of Metascan. This gives our enterprise customers the flexibility of choosing the option that works best for them.

If you are interested in learning more about how Light Point Web protects you while browsing the web, contact us, or sign up for a free trial to experience worry free web browsing for yourself.

Light Point Security CEO to Present at Columbia TechBreakfast
Posted on by Zuly GonzalezCategories Events, Light Point Security Update, Light Point WebLeave a comment on Light Point Security CEO to Present at Columbia TechBreakfast

Light Point Security to present at TechBreakfast eventWe’re excited to be presenting at the Columbia TechBreakfast tomorrow morning. TechBreakfast is a national organization with over 4,700 members in just the DC, Maryland, Virginia area, and over 7,000 members nationwide, with events in Silicon Valley, New York City, Austin, Philadelphia, and Boston, among others. TechBreakfast is a monthly demo-style event where entrepreneurs, techies, developers, designers, business people, and interested people see showcases on cool new technology in a demo format and interact with each other. The presenters have 7 minutes to demo and showcase their technology, followed by 3 minutes of Q&A from the audience.

We’re thrilled to have been selected to present at the TechBreakfast event in Columbia, MD tomorrow July 9 from 8:00am to 9:30am at the Loyola Columbia campus (8890 McGaw Rd #130, Columbia, MD). We demoed Light Point Security’s flagship product, Light Point Web, at last year’s Columbia TechBreakfast and had a lot of fun. We’re looking forward to giving the audience an update since last year and demonstrating Light Point Web’s new capabilities.

We hope you’ll join us. You can register to attend the free event here. Won’t be able to make it? Don’t despair. We’ll also be presenting at the Baltimore and Annapolis TechBreakfasts this fall.

Light Point Security to Present at TechBreakfast Event
Posted on by Zuly GonzalezCategories Events, Light Point Security Update, Light Point Web, StartupsLeave a comment on Light Point Security to Present at TechBreakfast Event

Light Point Security to present at TechBreakfast eventWe are excited to be presenting a short overview and demo of Light Point Web Enterprise at this month’s TechBreakfast event in Columbia, MD.

TechBreakfast is a monthly breakfast in Baltimore, Columbia, DC, and Northern Virginia where almost 2,000 (as of this writing the group is 3 people shy of hitting 2,000 members) entrepreneurs, techies, developers, designers and business people see showcases on cool new technology in a demo format and interact with each other. It’s “Show and Tell for Adults” where people show the innovative technology they are working on.

The format is limited to a 7 minute pitch/demo, followed by a 3 minute Q&A session. Our presentation will be similar to the one we gave at the RSA Conference 2013 Innovation Sandbox event, so those that missed RSA can catch it then. We’ll also give a live demo of Light Point Web Enterprise in action.

This month’s Columbia TechBreakfast is being held on March 12 from 8:00am to 10:00am at the Loyola Columbia campus (8890 McGaw Rd #130, Columbia, MD). Best of all it’s free to attend. Please stop by if you’re interested in connecting with us directly, or would like to learn more about Light Point Web Enterprise.

Light Point Web 2.1 Released
Posted on by Beau AdkinsCategories Light Point Security Update, Light Point WebLeave a comment on Light Point Web 2.1 Released

Light Point Web Malware ProtectionLight Point Security has just released Light Point Web 2.1. The 2.1 release contains lots of improvements, but the main goal was to lay the ground work for Light Point Web Enterprise.

Light Point Web Enterprise

Previously, if you wanted to use Light Point Web, you had to connect to the Light Point Web servers running in our cloud. There are positives and negatives to this approach.

Positives of Cloud Servers
  1. The user gets anonymous browsing.
  2. The user only has to install a plugin to their browser.
  3. All server-side maintenance is handled by us.
Negatives of Cloud Servers
  1. The user’s browsing session is occuring on a computer owned by someone else.
  2. The distance between a user and our servers introduces latency to page loading and a user’s interactions with a page.

Negative #1 may not be a problem for everyone. One great feature of Light Point Web is that you can bypass it whenever you want. You can use it for all your casual/risky browsing, but bypass it for sensitive/trusted tasks such as online banking.

However, this becomes a problem for an enterprise. An enterprise does not want to give employees the ability to bypass their security protections. At the same time, an enterprise does not want to rely on a third party to host employee browsing sessions. Light Point Web Enterprise solves this problem by allowing an enterprise to host a Light Point Web server inside their network, solely for the use of their employees. As a bonus, because the server is now inside their intranet, this eliminates negative #2 as well.

Enterprises can now get Non-persistent Desktop Browsing (known as NPDB) using our dual-layered virtualization, running on a server only they have access to.

Other Improvements

There were countless other improvements made that will enhance both the consumer and enterprise versions of Light Point Web. These include:

  • Numerous processor usage optimizations. This improvement consists of both client and server optimizations. First, algorithms in the client code were optimized to reduce processor usage and improve speed. Second, on the server we made changes to the processor scheduling to give quicker response times to user interactions.
  • Better font rendering. Previously we used the default fonts built into our Linux servers. However, most websites are designed with Windows fonts in mind. This caused words on sites to be rendered too wide, which sometimes lead to incorrect alignment of certain web page elements. We now use official Windows fonts, which results in sites being rendered the way they were designed to.
  • The ability for a user to select the best compression levels for their Internet connection speed. We now allow users to choose higher compression for slower links, and less compression for faster links. This results in the optimal performance for both cases.
  • The ability for a user to force a disconnection to the server. Previously, to end your connection with the Light Point Web server you had to either close all browser tabs using Light Point Web, or wait for the inactivity timer to disconnect you. We now added a menu item that allows a user to disconnect when they want while saving their state, so it can be resumed later.
  • Updated server-side browsing engine.
  • Updates to remain compatible with newer Firefox releases.

If you are interested in learning more about Light Point Web Enterprise or volunteering to perform a pilot deployment in your enterprise, please sign up here.

The Motivation Behind Malware
Posted on by Beau AdkinsCategories Light Point Web, Security, Web SecurityLeave a comment on The Motivation Behind Malware

Money from malwareLast night I came across a sobering article from Brian Krebs of KrebsOnSecurity. The article talked about a specific crimeware author that is advertising that he is in the market to buy fresh new browser exploits, but the article had much more information than just that.

The Value of an Exploit Kit

For some background, a crimeware gang has written an exploit kit named Blackhole. Its purpose is to exploit vulnerabilities in web browsers to install a malware payload on victims’ computers. The Blackhole kit itself doesn’t much care what the payload is. Instead, the author of Blackhole will lease his creation to others, and let them supply the malware.

Think about it like a delivery service. If I have a new piece of malware that I want installed on lots of computers around the world, I could pay to have Blackhole deliver it for me. Blackhole doesn’t need to know anything about what it is delivering, its job is only to get it delivered (yes, exactly like Jason Statham in The Transporter).

What is amazing about this is how much it costs to lease Blackhole. A three month license is $700, and a yearly license is $1,500. The creators will even provide hosting for you for $200/week or $500/month.

But that’s not all. The authors of Blackhole have built something even better, a second kit called the Cool Exploit Kit. From the article, it seems like the authors’ newest (and therefore most valuable) exploits are reserved for the Cool Exploit Kit. Only after an exploit becomes known is it moved to Blackhole. Access to the elite Cool Exploit Kit runs $10,000/month!

Additionally, the authors put out a statement that they want to buy more new exploits for browsers and browser plug-ins. They announced that they have set aside an initial budget of $100,000 to buy exploits and vulnerability proof-of-concepts. They stated that they are only interested in purchasing exploits that have not been published and that they will not release this information to the public either. Therefore, the targeted software will remain unpatched indefinitely.

The Motivation Behind Malware

There is only one reason why someone would spend that kind of money to get malware delivered – because it will pay for itself. The article showed that one specific cybergang’s income from just one flavor of ransomware was almost $400,000 a month.

This shows a very dangerous combination of facts. Getting malware onto a victim’s computer is worth a lot of money, so people will pay handsomely for new exploits to make that happen. This makes exploits worth a lot of money, so people will be motivated to continue creating them.

Our Mission

All of this reinforces our motivation here at Light Point Security. The web is now the most common way for malware authors to infect a victim’s computer. Unfortunately, in many cases, such as with the Cool Exploit Kit, cybercriminals use unpublished vulnerabilities in browsers and browser plugins to infect a victim’s computer with malware. By the time the vulnerability is discovered and fixed by the good guys, it is too late. The bad guys have infected tons of computers, and have moved on to the next vulnerability.

We are building Light Point Web to stop not some, not most, but all of these types of exploits – even the ones that have not been made public.

Light Point Security to Present at the CyberMaryland 2012 Conference
Posted on by Beau AdkinsCategories Events, Light Point Security Update, Light Point Web, SecurityLeave a comment on Light Point Security to Present at the CyberMaryland 2012 Conference

CyberMaryland 2012 conference

We are pleased to announce that we have been selected to present our technology at the CyberMaryland 2012 conference.

What Is CyberMaryland?

CyberMaryland is a cybersecurity conference held in Baltimore, MD for technology companies, business leaders, emerging professionals, policy makers, business innovators, entrepreneurs and federal, state, and local government personnel. The two-day conference features training sessions, an industry showcase, a live cyber challenge, and the Cyber Security Hall of Fame Induction Dinner. Not to mention networking!

The conference tracks are:

  • Cyber Innovation Track showcases future of cybersecurity products, new solutions, evolving technology, venture capital and rising stars.
  • Cyber Business Opportunities Track helps cybersecurity providers understand emerging growth opportunities, budgets, spending priorities, product requirements and specific government customer requirements.
  • Cyber Generation Track topics focus on preparing the next generation of cyber professionals, career preparedness and clearances, and talent development.

What Will Light Point Security Present?

We have been selected to demonstrate our product, Light Point Web, as part of their industry showcase session. We will have 45 minutes to give a presentation and demo of our technology to cybersecurity experts and enthusiasts. We will discuss some of Light Point Web’s newest features, and talk about how Light Point Web fits into a corporate environment. We will end the presentation with a five to ten minute live demo of Light Point Web.

We are pleased to have been selected for this honor, and we’re looking forward to the conference in general.

I hope some of you will join us at CyberMaryland!

Light Point Web Now Supports PDFs and Office Formats
Posted on by Beau AdkinsCategories Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web Now Supports PDFs and Office Formats

Light Point Web Malware ProtectionRecently, we released an update to our servers that allow our users to view many popular document types through Light Point Web. To accomplish this, we are using the Google Docs Viewer. The Google Docs Viewer is a nifty little service from Google that can turn documents into normal webpages.

This addition will greatly enhance the security offered by Light Point Web. Previously, if a user of Light Point Web clicked on a link to a PDF file, the user would see our plugin screen. In order to view the document, the user would click the plugin screen, which would cause the user’s real browser to download and display the PDF file.

Light Point Web Plugin Screen
The Light Point Web Plugin Screen

While this functionality gave our users the ability to view PDFs and other files, it also exposed their computers to any malware that may have been hiding within that document since it required bypassing our security. PDF files can be very dangerous, as it is easy to embed malware within them. With this recent update, our users can now easily view documents without downloading them, which means these types of attacks will no longer be effective on our users.

How to Use the New Viewer

The new plugin viewer works automatically. Now, when you click a link to a supported file, such as a PDF, you will be sent to the Google Docs Viewer for that file. This gives you the ability to read the file without it ever touching your computer. At the top of each page there is a link under the “File” menu item to download the original file. Clicking that link takes you to the old plugin screen, which gives you the ability to open the file in your real browser, if you decide to.

Light Point Web Google Docs Viewer
Light Point Web with the Google Docs Viewer

What File Formats Are Supported?

There are quite a few file types supported by the Google Docs Viewer. Here is the full list. A quick rundown of the most common file types are:

  • Microsoft Word (.doc, .docx)
  • Microsoft Excel (.xls, .xlsx)
  • Microsoft PowerPoint (.ppt, .pptx)
  • Adobe PDF (.pdf)
  • PostScript (.eps, .ps)
  • Archives (.zip, .rar)
Light Point Web 2.0 Released
Posted on by Beau AdkinsCategories Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web 2.0 Released

Light Point Web Malware Protection

Light Point Security has just released Light Point Web 2.0. The 2.0 release was basically the completion of the scrolling work started in the 1.2 update. Where 1.2 added client-side scrolling, 2.0 provides scroll-caching. Additionally, there were some client-side bug fixes to correct issues with the newest versions of Firefox.

If you are a current user, log in to lightpointweb.com to download the new installer. Note: you must be outside of Light Point Web to download.

What Is Scroll Caching?

As described in the 1.2 release post, when we added client-side scrolling, the user could now get instant scrolling feedback. The drawback, however, was that the user would simply see white for parts of the page that were just scrolling into view, but that the server had not yet told the client how to draw.

With scroll caching, the client software now sees much more of the webpage than the user can see in the browser. This lets the user instantly see the new parts of the page that are scrolling into view, without having to wait for an update from the server.

This change goes a long way towards making Light Point Web as seamless as can be. However, you may notice that some elements of some webpages behave differently. Some websites contain what are known as “fixed-position elements”. This means that if you scroll the page, these elements stay where they are. For example, the top-bar on Twitter.

Because we scroll the page as if its just a solid image, these fixed-position elements get scrolled as well. However, the server will quickly readjust, and correct your view. This is similar to how some smartphone and tablet browsers show fixed-position elements.

If you would like to try Light Point Web, you can sign up for a free trial here (no credit card required).

How to Browse the Web Safe From Viruses for Free
Posted on by Beau AdkinsCategories Computer Security, Light Point Web, Resources, Security, Web SecurityLeave a comment on How to Browse the Web Safe From Viruses for Free

VirtualBoxToday, I’m going to walk you through the process of being able to browse the web in complete safety. The title of this post explicitly mentions “viruses”, but I’m using this as a more well-known moniker for the term “malware”. Malware is a more generic term which encompasses viruses, spyware, trojans, etc.

What I mean by “complete safety”, is that you do not have to worry about malware infecting your computer. It does not mean you are safe from being tricked into giving your banking passwords to a site that is only pretending to be your bank.

Step 1. Set up VirtualBox

The method I will be describing in this post relies on Virtual Machines for security. Think of a virtual machine as a fake computer inside your real computer. By using a virtual machine, you can perform tasks on a computer in a way that is completely isolated from your real computer. With this, you can browse the web inside the virtual machine, so that if you stumble on some malware, only the virtual machine will be infected. The virtual machine management software will also allow you to rollback all changes made to a virtual machine to a known state. Using these abilities correctly will allow you to browse in safety.

The first step is to install a virtual machine management software package, also known as a “hypervisor”. There are many different options for this, but I’m going to recommend VirtualBox. You can download and execute the installer from here. Just click the “VirtualBox x.x.x for Windows hosts” link (assuming you are using Windows). Once it is downloaded, just run the installer.

Step 2. Download Your Guest OS

Next, you will need an Operating System to use inside the Virtual Machine. You could install Windows as the Operating System, but you would need to buy a license. For a free alternative, I suggest installing Ubuntu. Ubuntu is a Linux-based Operating System. It is very high quality, and completely free.

When you download Ubuntu, you do not get an installer. Instead you get an “ISO” file. An ISO file is a bit-for-bit copy of a CD that you would use to install it on another computer. Its a rather large file. To start the download, go here and choose your version (either is fine). You need to remember where you download this file to.

Step 3. Set up Your Virtual Machine

Now that you have VirtualBox installed and an OS ISO file ready, you can create your first Virtual Machine. Start up VirtualBox (you probably have a shortcut on your desktop). Click the button at the top labeled “New”. Give your Virtual Machine a name, for example, “Browsing Machine”. Choose “Linux” as the Operating System, and the Version as “Ubuntu”.

Next, you need to select how much RAM to give this Virtual Machine. I would recommend 1 Gig at the least. Enter “1024” in the box labeled “MB”. This means 1024 Megabytes, which is equal to 1 Gigabyte. Note: you need to have more RAM than this on your computer. If you do not have more than a Gig of RAM on your computer, then unfortunately, you probably do not have system requirements to use virtual machines.

On the next screen, leave the default options (“Boot Hard Disk”, and “Create new hard disk”). Continue on to the “Hard Disk Storage Type” screen. Leave the default option of “Dynamically expanding storage”. On the next screen, leave the defaults in place and continue on.

VirtualBox SettingsOnce you get through all the options mentioned above, you will be returned to the main VirtualBox screen, but now you will see a new entry for your Virtual Machine in the pane on the left. Click on it to select it, and then click the “Settings” button at the top. In the settings dialog, select “Storage” in the left hand pane.

VirtualBox Settings Highlighted

In the center of the screen, click on the disk image labeled “Empty” under the “IDE Controller” entry. Next, on the right of the screen, click the disk icon next to the “CD/DVD Drive: IDE Secondary Master” entry, and in the popup, select “Choose a virtual CD/DVD disk file”. A file select dialog will appear. In this dialog, select the ISO file you downloaded in Step 2. Now click the “OK” button at the bottom of the settings dialog.

You are now back to the main VirtualBox screen again. You can now click the “Start” button at the top, to start your virtual machine. At this point a blank Virtual Machine will start, and it will begin the install process for your downloaded OS. It will ask you a lot of setup questions that I will not walk-through here.

When the Ubuntu setup process is finished it will tell you to eject the CD from the drive before continuing. Because this is a virtual machine attached to an ISO file, this is not possible. Ignore this, and keep going. You will see the virtual machine shut down, and then start up again. Once it has began starting again, click the “X” at the top right of the Virtual Machine’s window to close it. It will ask you how you want to close it. Choose “Power off the machine” and click “OK”. The virtual machine is now shut down.

VirtualBox Settings With ISO Mounted and Highlighted

Now that the virtual machine is off, we need to detach the ISO image we have set previously. Return to the settings screen, and on the left, select “Storage” as you had down previously. Next select the entry below the “IDE Controller” in the center. Finally, on the right, click the disk icon next to “CD/DVD Drive: IDE Secondary Master” and choose “Remove disk from virtual drive”. Finally, click “OK” at the bottom of the settings screen.

Step 4. Create a Restore Point

At this point, your Virtual Machine is a totally fresh install. You may want to take a moment to get the Virtual Machine customized to your liking. After you have done so, you should make a restore point, also called a “snap shot”. VirtualBox can use a snap shot to restore your virtual machine to a known state. For example, if you stumble upon an infected website, your virtual machine can become infected as well. But, you can then revert your virtual machine to its state from before the infection. It is like it never happened.

First, start your virtual machine using the “Start” button at the top of the VirtualBox window. Once your Virtual Machine starts, take a moment to do any one time customizations, such as installing a browser of your choice, upgrading software, etc. Once you are finished, shut the machine back down.

Back on the main VirtualBox window, on the upper right hand side of the screen, you will see an icon that looks like a camera, labeled “Snapshots”. Click this button to show you the snap shots. You will see an entry labled “Current State”. Just above it is another camera icon. Click it to take a snap shot. A dialog will appear that will ask for a name and description of this snap shot. Enter something useful meaningful to you, so you know what you have changed. Click “OK” to take the snap shot.

Once the snap shot is taken, you will see an entry with the name you choose for the snapshot, with a “Current State” entry below it. You now have your restore point.

Step 5. Browse the Web

You can now start your Virtual Machine and use it to browse the web whenever you want. The websites you visit in the virtual machine are isolated and separated from your actual computer. You may have some problems downloading files or printing things from within the virtual machine, so some tasks may have to be done on your real computer.

Step 6. Restore Your Snap Shot

Whenever you are done browsing, you should shutdown the virtual machine, and restore it to the snapshot created in step 4. The easiest way to do this is to simply click the “X” in the top right of the Virtual Machine to close the window. It will ask you how you want to close it. Choose “Power off the machine”, and check the box labeled “Restore current snapshot…”. This will turn off the Virtual Machine, and throw away all the changes you made since the snapshot was created.

Drawbacks of Using This Method

While this is an effective way to browse the web safely, it is not entirely painless. First off, using a virtual machine takes an enormous amount of resources. While the Virtual Machine is on, it will consume a large amount of memory, and maybe a lot of processing power.

Additionally, it can be frustrating to have your changes wiped out all the time. For example, if you add a bookmark to your browser, it will be lost when you revert.

It can also be annoying that it takes so much time to start the virtual machine. If you want to browse the web right now, waiting a minute or two for a virtual machine to start is painful.

Another Option

The method described above is basically the technology behind Light Point Web, except we do our best to shield you from the downsides just mentioned.

For example, we run the virtual machine on our computers, so your computer is not bogged down with it. We also integrate into your existing browser, so you are not prevented from changing settings in your browser or saving bookmarks.

Finally, our Virtual Machines are always running, so you do not need to wait for one to start when you are ready to browse.

If you are concerned about browser security, give this method a try. It is free, but it does take some time and effort. If you would rather someone else handle the work and headaches, give Light Point Web a try. We offer a free trial, so what do you have to lose?

Categories
Archives