Isolation is still the new kid on the block - in Europe we spend much of our time educating our customers and partners on what Isolation means, how Isolation works and how it mitigates the risk of web server & web browser vulnerabilities exploited by cyber criminals on a daily basis. It’s not just Menlo Security that is looking at the web in this way; Gartner themselves highlight the value of Isolation as part of the new Preventive capabilities customers can adopt.
One of the recurring questions from almost all the meetings I have had to date is what does Isolation mean in terms of business benefit? Every technology company I have worked for in my career has always focused on the technical benefits, architecture and how it solves the technical problem, but hasn’t talked enough to the business benefits. Without a clear link to business benefit, we have to connect Isolation to the overall Cyber Security strategy a CIO is working towards.
So briefly what are the business benefits of Isolation?
- Reduction of web-based threats, compromises & infections
Following the industry standard Lockheed Martin ‘kill chain model’, every attack has multiple discrete stages. In the context of web-based attacks, Isolation prevents the delivery of active code to the user’s local browser. The result is that Isolation stops a significant number of web-based infections happening to users early in the ‘kill chain’ model. Popular examples of attack include ransomware and malvertising that impact large numbers of popular websites every week. A large global banking customer notified us that higher 70% of malware came from Uncategorised websites. As we see in many customers, blocking Uncategorised solves the problem but impacts user productivity and increases support tickets to the IT Support team.
Isolation will reduce delivery rates of malicious code, reducing exploitations, installations, C & C and objectives met. This has an immediate and significant impact on the security posture of an organisation as the web is used by almost every employee today.
- Reduction of web-based alerts to investigate
Analysts have too much information today to sift through and this detracts from their job of looking for the proverbial needle in the haystack.
Isolation ensures that web based risks are mitigated, which ensures that the 97% of background content and the 3% of requested content never gets delivered, period. This enables a significant reduction in web based alerts to review, and enables analysts to spend more time on other alerts from other vectors of attack that are not web-based.
- Removal of risky browser plugins
Every customer is wasting time on patching on Flash & Java patches used on desktops. Patching the vulnerabilities in browser plugins doesn’t stop the problem. Out of band critical patches create an even larger distraction to the security team, having to work late, or delay other projects to patch critical browser plugins. Isolation enables customers to disable Flash & Java in their users browsers (Windows 7 is an exception) ensuring that only safe, transcoded Flash & Java content is delivered to users, mitigating the vulnerabilities in Flash & Java that attackers continue to exploit on a daily basis.
- Increased productivity and competitive advantage through improved access to External content
CIOs, CISO’s, IT and Security leaders are caught in the constant trade-off between the risk of allowing organizations’ access to the WWW for research, collaboration and communication, and the productivity gains and employee satisfaction associated with access.
Isolation provides organizations the capability to enable access while significantly, potentially completely eliminating risk.
Isolation is a new way of securing the web for organisations. It’s a new concept to understand, however the business benefits are significant without impacting the user experience. The days of accessing the web directly are behind us, the risks of attack are too broad and users need to be better protected.
Every customer wants to be more proactive and less reactive. Isolation enables our customers to become more secure and mitigate the risk of attack via the web, quickly and easily.
Download our white paper to learn more: The Hidden Cost of Web Security.