Web Isolation — a Paradigm Change in Enterprise Cyber Attack Defense

By Dror Nahumi

In the last decade, Norwest has made major investments in the security industry and continues to follow the sector with new investments in companies built to address emerging IT security needs with modern technologies.

In this blog post, we will discuss web isolation, a new technology we think can create a paradigm shift in endpoint and application security. This technology is brought to the market by Fireglass, a recent Norwest investment which was recently nominated as a “Cool Vendor” by Gartner.

When we meet new start-ups, something we often hear is, “CISOs should assume their network is impaired by malware.” Enterprise security gateways of all kinds were designed a decade ago to protect enterprises from a different set of security threats. As attackers continue to develop more sophisticated techniques and learn to adapt faster, the inability of current incumbent gateways and other conventional security solutions to stop them widens. This leaves a majority of enterprises vulnerable to increasingly complex security breaches, as clearly demonstrated in the chart below.

In the same publication, the attacks target is also presented (in the chart below), with clear growth in user device/person targeted attacks.

Due to the growing targeted attacks on end-users coupled with the market axiom that “prevention is impossible,” hundreds of start-up companies have been founded in the last few years to create a post-breach defense line to detect, alert, decept, and improve forensics and investigations. Some CISOs augment the investment in this defense line with stringent restrictive security measures, such as URL filtering and network access permissions. Such security restrictions often impact user experience and employee productivity.

As for web applications, an array of modern deception, detection, and prevention technologies are available to defend against attackers who try to penetrate enterprise application servers and gain access to valuable user or corporate data.

Can the prevention axiom be challenged? As a global venture capital firm, we are constantly looking for product ideas which can leverage modern technologies to challenge past limitations and create new frontiers.

We have tracked the few endpoint security start-ups which emerged in the last few years, proposing to prevent security attacks by using state of the art endpoint isolation software. It is still too early to determine the long term commercial success of these technologies because any security prevention solution that relies on endpoint deployment is limited by distribution, available endpoint resources, plural operating systems and versions. All of these technical challenges are affecting scale, IT management overhead, user experience, performance and effectiveness.

We think there is finally a real solution to challenge the prevention axiom! This solution can potentially arm CISOs with an effective means to eliminate attacks breaching and spreading on their networks. More so, we think this can be done by a decade long idea — a network based software providing complete isolation between attackers and the enterprise assets (endpoints or web applications).

As a way of simple description — the Fireglass Threat Isolation Platform sits between users and applications to intercept web requests. The solution then executes these requests on behalf of the user, rendering all potentially malicious content on its isolation platform and sends a safe visual stream back to the user. By doing so, Fireglass isolates all malicious content in a secure, containerized environment instead of using risk scoring models which have proven to be ineffective. Fireglass can isolate endpoints from malicious sites, emails and documents.

In a completely different use case, Fireglass has even been used today to protect enterprise web applications (internal or cloud) from attackers seeking to gain access to organizations’ crown jewels.

If the idea is not new, and the potential of a comprehensive isolation is so large, the main question is: Why has this approach failed in the past and why it will be successful now?

We believe that several key technologies matured in the last year to enable the creation of this new technology:

  • Server processing performance — a true enterprise solution requires a highly scalable approach to allow all, or most, users to browse through the platform. Current server processing capabilities coupled with smart load balancing techniques make the solution capable to support any size organization while minimizing capital and operational costs.
  • Containerization and virtualization — container technology enables fast and secure micro service creation supporting many thousands of simultaneous web instances.
  • JavaScript compilers — unique optimizations such as dynamic and pre-compilation of JavaScript code enables to boost performance and implement low latency transmission and display protocol.
  • HTML5 — advanced capabilities have recently been introduced such as Canvas, WebSockets, History, offline storage and messaging to deliver a state of the art UX with zero software footprint on the endpoints. In addition, WebRTC and native browser support for video and audio now enable adaptive bandwidth that delivers on-demand and real-time video with no latency.

Fireglass, a Norwest portfolio company, recently came out of stealth and announced its channel partner program. With its current and roadmap technology, the company aims to offer comprehensive cyber attack isolation to enterprises without compromising on great user experience.

There is finally a solution that effectively eliminates attack vectors instead of trying to detect and prevent them — doing so before they hit the enterprise assets, thus reducing the spending and emphasis on complex kill chain products deployment.