I was in New York last week at an all-day event co-hosted with Skyport Systems at the Microsoft Briefing Center in Times Square. The day was filled with analyst briefings, a panel on “Is Active Directory a blindspot for CISO’s” followed by my talk on ‘Eliminating Ransomware with Isolation’ to the OWASP New York chapter. During the course of the day, I heard Isolation being mentioned so many times in different contexts. The gist of it is most people innately understand what Isolation is and how it can really improve the security posture of organizations. The real challenge (which we've solved) is can we do Isolation without affecting user experience?.
Before the panel Sean Metcalf (ADsecurity.org) had a fantastic presentation on ‘Securing Active Directory’. I probably learned more about AD in that one hour from him than the countless blogs and articles all over the Internet. The funny part was, his opening slide (before he went on to talk about the intricacies of AD security) was why one shouldn’t download random Word documents from the Internet and then go on to enable the embedded macros. :) See? He just described Isolation.
During the panel session we talked a fair bit about productivity and risk. If you step back and look past the plethora of security products out there and the way Enterprises slice the functional organizations within, CIOs and CISOs are really interested in two things. Decreasing risk while simultaneously increasing end-user productivity. That’s pretty much it. Unfortunately, every single security product ever built in the last 20 years forces organizations to trade off between the two.
You want to decrease risk? This is what we tell end users: “Don’t click on this, don’t open this attachment, don’t go to this website.” This in turn results in end-users either escalating issues to IT or simply going around the system to get their job done. Case in point, one of our customers (a Global Fortune 100 bank) blocked all of the Uncategorized URLs on their Secure Web Gateway and watched a significant drop in their malware infection rates. However this simultaneously resulted in 1000’s of trouble tickets/day from end-users complaining they can’t get their job done because they don’t have access to a website.
The Menlo Security Isolation Platform, for the first time, offers Enterprises the luxury of reducing risk while simultaneously increasing productivity. How? By making it safe to click. With MSIP, end-users can visit any website without worrying about drive-by downloads, credential-phish or weaponized documents, because MSIP fundamentally treats all active code/content as bad and keeps them away from the endpoint. But equally important and thanks to the patented Adaptive Clientless Rendering, MSIP goes to great lengths to preserve native user experience so end-users don’t have to do anything different to decrease risk.