Threat isolation is fast becoming the new “must-have” technology for IT security teams. It has gained recognition from leading analysts, and enterprise adoption is taking off. Case-in-point, Menlo Security now has hundreds-of-thousands of users across the globe using isolation to access the web without worry of malware infections. What is of particular importance is that 90% of these Menlo Security customers are isolating ALL of their web traffic, which unlocks isolation’s full potential. So why is this significant?
When adopting a new security technology after a successful proof-of-concept (POC), most enterprises will move forward with a phased implementation. The security team will typically identify a single use case, and introduce the new technology to subsets of users while addressing trouble-tickets along the way. For isolation, the most common “toe-in-the-pool” use case is isolating uncategorized (uncat) traffic.
In the uncat scenario, isolation is used in conjunction with a web gateway, where users are permitted to access “trusted” sites belonging to known categories such as News & Media, Entertainment & Arts, Travel, etc., while access to uncategorized sites is directed through an isolation platform.
The issue with isolating only uncat web traffic is even “trusted” sites from known categories present risk. Our researchers found that 50%, 49%, and 42% respectively, of websites belonging to the aforementioned categories, are considered risky because:
- The homepage or background site was running software with known vulnerabilities (CVEs).
- The homepage or background site was categorized as known-bad such as phishing, malware sites, etc.
- The homepage or background site had a recent security incident
Although the uncat use case is a sound place to start, it doesn’t capitalize on isolation’s full potential. Users remain at risk from compromised “trusted sites,” which is an ongoing problem for IT security executives. Many of the CISOs with whom we speak agree that web and email account for approximately 85% of the risk they struggle to mitigate. With isolate-all, they are able to simply and effectively take that risk off the table. In doing so, they are able to focus their valuable resources elsewhere such as application vulnerabilities, APTs, DDoS, etc.
For those IT security teams that begin their isolation journey with the uncat use case, they must decide how best to expand their implementation: do they deploy uncat broadly across the organization and accept the inherent risk, or do they begin with uncat and migrate toward isolate all as part of a phased roll-out? The fact that more than 90% of Menlo Security customers (some of the most recognizable brands globally) have chosen the path to isolate-all, is a clear sign that this is where the true potential of the technology lies.