Most businesses can’t function without their employees using the web, yet 76% of malware is spread through web browsers. Businesses have to find ways to use web browsers for day to day operations while combating the threat of web-based malware.
Traditionally, organizations have relied on detection-based security solutions but as trends have shown, these solutions are failing at providing protection from new and unrecognized web-based malware attacks.
Why don’t detection-based methods work? These solutions are reactive and work by using an algorithm to determine what is malicious and what isn’t. As more and more new malware is released into the world, detection-based methods simply can’t keep up.
Web Isolation offers a completely different answer to the problem of web-based malware. Web Isolation or Browser Isolation involves moving the dangerous task of executing website code away from a user’s computer into a remote virtual environment, thus eliminating the potential for any web-based malware to infect the computer/network. With isolation, no web content ever gets to the user’s computer – all browsing is done in an isolated environment so there’s no chance of malware infecting the system.
Traditional Detection-Based Solutions
Some of the more common detection-based solutions include:
It is the most widely used product to protect computers. Anti-virus software works by comparing files against a large database of known malware signatures, so if a piece of malware is unknown an anti-virus product will not detect it.
When it comes to finding and removing known malware, anti-virus works well but the weakness is that new variants of malware are being churned out at a much faster rate than specific anti-virus products can detect. It is not reliable enough to be used as the only form of malware protection.
Secure Web Gateways and Other Web Content Filters
A web content filter is usually an appliance like a secure web gateway, proxy or firewall that all web browser traffic is routed through. Every time a user browses to a website, the content filter decides if the navigation should be allowed based on a list of known malicious websites.
Just like anti-virus, web content filters cannot keep up as new malicious sites are created. Even trusted, legitimate sites can be exploited to start attacking visitors or may display malicious ads sporadically.
Organizations will often configure the content filter to block much more than just known malicious websites in an effort to overcome this weakness. As a result, employees are frustrated when they cannot access sites they need to visit and it still does not solve the problem of exploiting trusted websites or malvertising.
Malware Analysis Containers
This solution uses a virtual machine or sandboxing software to analyze a file or website to determine if it is malicious or not. Files and websites are opened in a virtual machine or sandbox, and the virtual environment is monitored for things like file system changes or new processes that indicate that something malicious has happened. If this is detected, access to the file or website is locked. If after a set time limit no malicious activity is seen, access is granted.
The problem with this approach is that malware can be written to detect if it is executing in a virtual environment, in which case it lies dormant until the file is marked as safe and passed to the user. Also, these kinds of products cannot know how long they should watch a suspect file before they can safely determine if it’ll do anything malicious. Malware can simply use a longer dormancy period before performing malicious actions.
It’s evident that detection-based security products are only as strong as their detection algorithms. Any techniques employed by malware authors to evade detection can quite easily defeat your security.
How Is Web Isolation Better Than Detection-Based Solutions?
- Web Isolation technology provides protection from both known and unknown (i.e. zero-day) threats. Detection-based security products can only protect against threats they
- Isolation opens up the web by not limiting the user’s browsing like detection-based methods. Traditional solutions often only provide protection by blocking users from accessing potentially dangerous websites. Browser Isolation opens up the web and gives users the freedom and confidence to browse to any website whether it is malicious or not.
- Detection-based methods can have false positives and false negatives when identifying malware, while Web Isolation does not. False positives waste IT and security resources and unnecessarily prevent users from accessing the sites they need, and false negatives evade your security defenses.
- Web Isolation drastically reduces the administrative overhead associated with detection-based methods. For example, web proxies are often used to block access to uncategorized websites. If an employee has a legitimate reason to access an unknown website, the employee would require an IT staff to manually check if the website is malicious or not and then take the appropriate action depending on the result of the investigation. This process can take a lot of time and resources. With Web Isolation, users can navigate to any website and still be protected from malware.
- Web Isolation eliminates the loss of productivity resulting from investigating every alert or potentially malicious website. The example above illustrates the time-consuming and error-prone process required for an employee to access an uncategorized website for a legitimate work purpose. Both the IT staff and the employee lose time that could have been productively spent on other things.
- An isolated web browser offers better protection from email-based threats than a detection-based product. A lot of attacks originate from phishing emails which contain a link to a malicious website. A detection-based solution may or may not recognize the website as malicious but with Web Isolation, the user is browsing through a remote browser and so is protected either way.
Web Isolation From Light Point Security
Using security products that rely on detection algorithms is no longer sufficient to protect your organization from web-based malware. Web Isolation is a better solution that offers many benefits over the prevalent detection or filter based products.
As the pioneers of Web Isolation, Light Point Security offers flexible solutions for your organization’s specific needs. Our Browser Isolation platform, Light Point Web, integrates seamlessly into standard web browsers to provide our customers with a transparent user experience that requires no change in behavior. Light Point Web can be deployed as a cloud service, a virtual appliance, or an on-premise server.
Request a demo of Light Point Web today and discover how you can protect your business from web-based malware without sacrificing user experience or productivity.