Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Apr 16, 2019
Share this article
It’s been a year since Gartner released its report on remote browser isolation . At the time, the report was forward thinking—controversial even—as it suggested that enterprises can no longer assume that their traditional detect-and-respond security strategy is enough to stop all web-based malware attacks. Analyst Neil MacDonald argued that enterprises should stop trying to detect every attack and instead focus on “containing the ability of the attacker to cause damage and reduce the surface area for attack.”
He went on to say that remote browser isolation was the ideal solution for doing just that, because it moves all web browsing activity out of the network and away from users’ devices to a remote location where malware technology can do no harm:
A remote browser isolates the user’s Internet browsing activity from the end user’s device and from the rest of the enterprise’s networks and systems. This effectively creates an “air gap” between inevitable attacks and the enterprise network, restricting the ability of an attacker to establish a foothold, move laterally, breach other enterprise systems, and exfiltrate data.
Now, a year later, web isolation is seen as an essential part of the enterprise cybersecurity strategy. Working together with the Secure Web Gateway (SWG), Data Loss Protection (DLP), and other security solutions, remote browser isolation fundamentally changes the way enterprises protect users, data, and critical business systems from web-based threats.
Menlo Security has been on the forefront of these seismic changes, leading the industry from an allow-or-block policy toward an isolate-or-block approach. In fact, Menlo was named a visionary vendor in Gartner’s 2018 SWG Magic Quadrant because of our patented isolation approach.
We thought we’d take a look at the recommendations MacDonald outlined as key features in a remote browser isolation solution and compare them with Menlo’s current capabilities.
You know, just for fun.
Menlo’s Current Capabilities
Does not require a local client/agent.
Menlo requires no additional client, agent, or browser plug-in. It integrates with most popular browsers.
Supports plug-ins, including PDF and Flash.
Menlo supports most major plug-ins.
Provides a remote viewer when users encounter file objects on the public Internet.
Menlo renders documents in read-only form. Active content such as Flash is rendered in HTML5.
Allows users to access native documents locally when appropriate and ensures that these files are rendered safely.
Menlo allows security teams to create custom policies that allow specific users to access native documents. These documents go through a robust screening process for viruses and malware. Infected files are quarantined in a sandbox.
Uses full VMs or containers for browser sessions.
Menlo uses containers and wipes them clean after each browsing session.
Restores each browser session back to a known good state for each new user session.
Menlo wipes the container after each browsing session.
Has little or no effect on bandwidth.
Menlo renders safe content in HTML, which does not impact bandwidth requirements for activities such as video streaming or pixel-by-pixel rendering.
Ensures high availability by avoiding a single point of failure.
Menlo Security’s Global Elastic Cloud provides high availability, auto-scaling, and bandwidth management. With data centers around the world, Menlo ensures that users are fully protected wherever they do business.
Automatically and transparently determines what content is rendered remotely and what content is rendered locally.
Menlo allows enterprises to set policies that dictate what web traffic is isolated. Policies can be set per user, group, or file type.
Includes SWG capabilities for traffic that isn’t remotely presented.
Menlo includes a robust SWG offering that detects and detonates malicious content in a sandbox. Gartner named Menlo a visionary in the 2019 SWG Magic Quadrant.
Protects users against web-based attacks from embedded links in email—even if the email client rewrites URLs as a security precaution..
All web content—including traffic originating from email—is isolated in the MSIP. This includes embedded links and attachments. Rewritten URLs don’t matter either. All content is isolated.
As you can see, Menlo hits nearly all the points Gartner recommended last year. The simple fact is that Menlo is the industry standard for remote browser isolation solutions. Why would you consider anything else?
Posted by Menlo Security on Apr 16, 2019
Tagged with RBI
Protecting the Remote Workforce
To talk to a Menlo Security expert, please complete the form.