Welcome To Safeweb, A Best Practice Browser Isolation Cybersecurity Model
The Safeweb model is a different kind of cyber security model, one that physically isolates its users from malware, ransomware and cyber attacks.
Safeweb is different because unlike conventional cyber security models, (firewalls, anti-virus and network filtering) which attempt to distinguish or detect ‘bad’ content, traffic and activity, Safeweb physically isolates all of the users internet facing behavior and the associated malware and cyber-risks.
The Safeweb model is important because the vast majority of malware and ransomware attacks start on the endpoint, the only real way to put a stop to these attacks is to physically isolate the internet browser on the end point.
History of Safeweb
The Safeweb model was born out of necessity.
Safeweb began as a concept at Los Alamos National Laboratory called the ‘Outbound Glovebox’, being a nuclear laboratory they thought of it in terms of a science lab glovebox, those things with plastic glove holes that you would use to handle radioactive materials without contaminating yourself.
The name Safeweb was coined by the project team at Lawrence Livermore National Laboratory as a way of describing our own glovebox project, I was a principal on that team and helped coin the name with the ‘mother’ of Safeweb, Robin Goldstone of the LLNL Advanced Technologies Office.
Together we tested Safeweb in production over 5000 users for a period of four years and the Safeweb model allowed LLNL to dramatically enhance its security posture and become proactive in its approach to cyber attacks.
The development of the Safeweb model continued at Sandia National Laboratory, where I worked with cyber security teams for the last few years on evolving the model and better leveraging its principles in practice.
I have been privileged enough to watch the Safeweb browser isolation model evolve across different NNSA laboratories and spread farther and wider than I ever could have imagined, a source of great pride.
The Reactive Cycle
Doomed to repeat a reactive cycle.
Up until we developed the Safeweb model, NNSA cybersecurity teams had been trapped in a reactive cycle that many of you will be familiar with.
- You detect a breach and shut down your networks to the public internet so that you can investigate the breach and strengthen your networks.
- Your users start to bitterly complain about not having internet.
- Under the strain of user pushback, you open up the internet again and allow your users to browse the web from their local machines.
- You get attacked again, react and repeat the previous three steps.
- If you were really unlucky, the attackers who infiltrated your networks managed to exfiltrate some customer data and credit card details.
Your employees need access to the internet to stay in touch with their colleagues, professional networks, friends and family, so when you shut that off it causes user pushback and they complain bitterly.
Then you open your networks back up and wait for the cycle to repeat, dooming yourself to forever repeat the reactive cycle, while telling yourself that you are getting much better at reacting to attacks as time goes by.
The Proactive Approach
Its going to happen, lets get in front and ahead of it.
Safeweb is an acknowledgement of the idea that cyber attacks are going to occur and that its best to get in front of them by physically isolating them.
Safeweb allows you to physically isolate your users risky internet facing behavior onto a platform best built to handle that risk, a Safeweb cloud.
By physically isolating your users internet facing activity onto an isolated platform, you are effectively creating a honeypot where you know the attacks are going to occur and this browser isolation has all kinds of benefits:
- Your networks are not compromised.
- You can measure and monitor the kind of user behaviour that allows attacks to get a foothold on the endpopint.
- You can let the attacks carry on when you detect them instead of shutting them down, learning about the attack in the process.
- You can respond to the attacks in real time, conducting your investigation and analysis on the attackers while you can see them.
- You can train your security personnel while all of the above goes on.
The benefits of moving from a reactive to a proactive footing are huge, the move leaves you feeling much more in control of your security than you previously were and dramatically enhances your overall security posture.
The Safeweb Model Giveth & Taketh
But you can shut down all those common infiltration points.
For sure the Safeweb model is not perfect, there is a lot of debate about the way files should be passed down from a Safeweb cloud to a local machine and how best to deal with those files, a number of approaches are used effectively.
There are also unanswered questions about exactly what kind of user behaviour should be allowed on the Safeweb desktop. Should users be allowed to work on the disposable desktop or just use the internet?
The cat and mouse game going on between hackers and security teams who disguise their Safeweb clouds as real user desktop environments is quite fun; if the hackers learn that they are on a Safeweb cloud and that they are are probably being monitored, it makes them feel really uncomfortable.
The Safeweb model does allow you to shut down the most common infiltration and exfiltration points on your network and it also gives you unprecedented access to the inner workings of cyber attacks, lets you isolate them into one place so that you can watch and learn from them.
The Safeweb Engine
If you are going to do Safeweb, you may as well do it properly.
In the early years of Safeweb, we were using third party technology to deploy disposable desktops, back then in early 2000´s we called it VDI and non-persistent virtual desktops. Those were the good old days.
Over the years we discovered the limitations of using technology which was not designed for the purpose we were using it for, VDI platforms still do not easily scale to the 100k user mark and when they do then need lots of expensive proprietary hardware and SAN storage, which drives up costs.
Whichever way we looked at it, from a financial or operational perspective, the existing VDI platforms we used to virtualize desktops and applications were not efficient at handling browsing compute loads and so we designed and built our own browser isolation platform to deliver remote browsers.
We call it the WEBGAP engine, its a new kind of cyber security platform designed to physically isolate malware by physically isolating a users browser, its built upon the principles of the Safeweb model and is a highly scalable platform, one that provides a native experience to end users.
The WEBGAP Engine is different because it leverages a containerized and grid distributed architecture, is designed to efficiently scale on commodity server hardware, with no expensive SAN or hardware appliances required.
WEBGAP provides a fully hosted remote browser service, powered by the Safeweb Engine and hosted in a EMP proof datacenter facility, making it easy for anyone to quickly get set up and begin isolating their browsers.
The best advice that I can give you is to tell you to begin isolating your browsers & browsing activity, research from Gartner indicates that those organizations who do isolate their browsers see a 70% drop in attacks.
However you browse the internet, make sure you are isolated.
Follow me on Twitter to get my latest browser isolation tweets!