MalwareTooLate

If Malware Gets into your Network, It’s Too Late!

The traditional approaches to security that rely on containment simply aren’t working. A recent survey of 1,200 security decision-makers revealed that organizations have deployed, on the average, 76 different cyber crime solutions. But in spite of this effort, 82% stated they had been surprised by a security event that slipped past the controls they had in place.

The fact is, if malware gets into your network, it’s already too late. Enter ConcealBrowse, a new approach to protecting the data, processes and communications you deem most important.

ConcealBrowse uses a new tactic: isolation – not the dependency isolation offered by containers or the tab isolation some commercial browsers offer, but isolation to a remote browser that functions like a sandbox, only on a much larger scale. The process is analogous to taking a package (the url) that may contain a bomb (the malware) to a safely contained area where, no matter how powerful it may be, can be detonated without causing harm.

Why does this approach work when others fail? Because it addresses two new realities of today’s cyber landscape.

  • the explosion of new, sophisticated and constantly mutating threats
  • the huge proliferation of endpoints in increasingly decentralized architectures

New Threats

Security organizations face a disturbing escalation in the number of threats – up 31% in 2021. Even more important, though, is their increasing variety and sophistication. In the first five months of this year, 44.43 million new species of malware were detected by the independent IT security institute AV-Test, bringing the total number of malware instances in the wild to over 1.3 billion. Worse, attackers are constantly updating their software to sneak by or block existing defenses. Here are some examples.

  • The CryptoMix ransomware virus has been re-engineered and re-emerged as “Clop,” which can now disable hundreds of Windows processes, including Windows Defender.
  • Herpaderping is another new technique that tricks defenses by posing as “unintended activity” rather than something more dangerous.
  • Perhaps most alarming is the rise of RaaS – Ransomware-as-a-Service, which enables individuals with no experience in coding to launch attacks.

These are three random examples of new, sophisticated threats out of the hundreds that are spawned daily. Their purpose is to bring a business to its knees, and when left to roam undetected on a network, they will do just that.

New Targets

The vast number of remote endpoints is equally challenging. The proliferation of endpoints where browsers reside gained enormous impetus when COVID 19 sent millions of employees home from their offices, and this in turn dramatically increased the number of browsers vulnerable to attack.

In order to be successful, a security application capable of executing preliminary screening must reside on every endpoint. Security without endpoint applications is quite simply impossible. (The term “agent” is often used to describe these applications, and this term has acquired negative connotations. Today, however, problems created by older generations of agents such as network overhead and complications with deployment and management have been minimized if not eliminated).

In today’s highly distributed architectures, endpoints are the most attractive target for attack. As a result, a new class of anti-virus software has appeared: endpoint defense and response (EDR). Unfortunately, todays EDRs don’t work very well. One team of academics tested 18 EDR products’ ability to detect four common attacks and, to quote their report, “state-of-the-art EDRs fail to prevent and log the bulk of the attacks.”

Isolation at Work

If security organizations can’t rely on the tools they have to detect malware that’s well-known, how can they be expected to confidently deal with new variants and zero day exploits? The simple answer is they can’t – at least not with today’s tools. That’s where the isolation capabilities of ConcealBrowse comes into play.

Essentially, the isolation approach applies the concept of zero trust to urls at the browser level. In operation, ConcealBrowse evaluates every click event on every url and subjects that url to pre-processing based on a combination of what we term intelligence and policy.

  • Intelligence includes filtering based on conventional resources such as Google Safe Browsing, MetaDefender and VirusTotal, plus prior history. The system remembers every url that has ultimately been sent into isolation for future reference.
  • Policy includes configurable filtering of specific types of sites (social media, gambling, etc.) as well as specific types of files and sources.

This pre-processing, however, is only the beginning. While urls determined to be safe are allowed to pass through to the user, those that are suspicious are routed into isolation for further testing. It is this second step that differentiates ConcealBrowse from all other EDR solutions and offers protection even against zero-day viruses and malware.

The system takes a conservative approach, choosing isolation if there is any doubt as to whether a url is malicious. This is an important differentiator between ConcealBrowse and email filters. With email, false positives are a serious concern, because blocking a valid email could have serious business concerns, like lost orders, to take just one example. In contrast, there is no risk in blocking a suspicious url.

No Learning Curve

For the user, all of this is transparent. What users see is their chosen browser, operating exactly as it always does. If they click on a suspicious site, ConcealBrowse simply opens a new tab that announces, “You are now in isolation,” (Behind the scenes, however, the user has been linked to a remote browser that is not part of their local network). In some cases, users may receive a message that they have entered a known malicious site. ConcealBrowse is compatible with all popular browsers, including Google Chrome, Safari, Firefox, Opera and Microsoft Edge.

One other important component of the user experience is speed. With ConcealBrowse, the typical latency to process is just a few milliseconds.

The combination of two-step evaluation of all urls plus isolation of the suspicious ones differentiates ConcealBrowse from all other anti-malware offerings and ensures that malware will be blocked before it ever enters your network. For a demo, please contact us.