Not remotely risky: Our investment in Garrison

The old paradigm

Walls, barbed wire, intruder alarms. Just like domestic security, cybersecurity is built around two fundamental principles: try to keep the bad things out, and try to detect them if they do slip through your defences.

The current security paradigm: layers of walls + detection systems

Ultimately, however, you know your perimeter wall can’t keep everything at bay: the most determined attacks will still succeed through brute force or clever tactics you’d not foreseen. And to detect every single piece of malware, you need to be constantly ahead in the endless race against bad actors. Not realistic.

So the current paradigm is to take a layered approach: you build a series of walls, expecting that malware will get through the first few but hoping that it won’t be able to defeat all of them. Similarly, at each layer you step up the efforts on detection, slowing things down and scrutinising them more thoroughly — just like at a border crossing or military checkpoint.

More rigorous threat detection is required as things approach your core systems

This approach also entails a trade-off between usability and security: if you put too many barriers in place, or make the first barrier too difficult for even legitimate users to get through, you interfere with user experience and encourage people to find unsecure workarounds — such as writing down unfeasibly long passwords enforced by your security policy.

But what if you could simply stop things from getting over that perimeter wall in the first place? In that case, you’d be totally safe and you wouldn’t need to worry about detecting threats inside your domain. And what if you didn’t have to compromise security for the sake of usability?

This is the radically new model that Garrison have developed for cybersecurity. They’ve built a unique platform that changes the rules of engagement, whether the attack is launched through web browsing, email attachments or interacting with cloud infrastructure. Dawn is delighted to announce today that it has led a $30m Series B investment into Garrison, with participation from return backers BGF, IP Group and NM Capital.

Seeing from afar

If you need to take aerial photographs, you have two options. You can fly the plane yourself, or you can use a drone. Either way, you get the same images. But using a drone means you’re isolated from danger if anything goes wrong with the aircraft. So in most cases, using the drone is the better option.

If you just need the image, there’s no need for you to go in person

Garrison’s first product, their secure remote browsing solution, applies this exact same principle to browsing the web. When you browse the web, all you really want is images of text and video — not the executable scripts that load on websites, some of which might contain malware. Since there’s no need for you to render the pages directly yourself, you might as well make another machine do that. This way, although the browsing machine is exposed to malware, it relays to you merely a harmless image of what it finds — you’re isolated from the risk.

What’s particularly exciting about Garrison is how they achieve this. Garrison figured out that any such system needs to be really good at two things: browsing the web and processing images. The eureka moment was to realise that everyone has the perfect hardware for this in their pockets: ARM chips — which power millions of smartphones and tablets — are optimised for browsing the web and handling images (just think of all those photos we take and cat videos we watch). They’re also cheap.

Garrison’s ingenious technical architecture provides military-grade isolation guaranteed by electrical engineering, rather than just by software

So Garrison use a pair of ARM chips in tandem to isolate you from the web: one chip browses the web and is exposed to malware; the other chip receives only the image from the browsing chip, which it then sends back to the screen on your own laptop. If the browsing chip encounters malware, then all that you and your own machine are exposed to is the bad image. Your isolation from malware is guaranteed by the electrical engineering itself — not just by software whose code may contain fundamental security vulnerabilities. This is an ultra-secure solution to achieving isolation.

Military-grade security for all

Garrison’s first customers were in military and government: they bought boxes with hundreds of ARM chips in parallel, and installed them on-premise. Their vote of confidence in Garrison’s security model is a fantastic validation.

But Garrison are now also putting their boxes into data centres and offering the experience as a cloud service. This is just as secure as the on-premise solution, but it means that anyone can benefit from Garrison’s ‘military-grade’ technology, provisioned instantly and scalably.

When someone does accidentally click on a risky link, with Garrison there’s no longer danger to an organisation’s endpoints or network. Again, this is a radical and necessary departure from the traditional security model that unrealistically expects ordinary employees to maintain superhuman vigilance at all times.

Garrison’s customers also told us that it’s not just about protection, it’s also about enablement. Security teams previously had to lock down large swathes of the web because of security concerns, causing frustration for their employees going about their day-to-day work and coming up against blocked page notifications. But now it’s possible for those teams to open up internet access, safe in the knowledge that their systems are isolated from any malware out there.

***

All this is only Garrison’s secure browsing solution. There’s huge potential for the company in security more generally. Garrison’s founders, Dave Garfield and Henry Harrison, have devised an ingenious and elegant solution some of the most pressing and widespread problems facing their industry today. We’re tremendously excited for what lies ahead.