“CONCEALing” Browser Context Through our Patented SDN

/in /by

Threat actors can’t attack you if they can’t find you. With an additional layer of protection, you can make it much more difficult for attackers to trace web activity back to your organization or to find cloud applications and infrastructure that are critical to your business.

Key Characteristics

Conceal’s patented SDN removes digital context and physical attributes from data flowing over the internet and internet-accessible infrastructure. The extra layer of protection minimizes the likelihood of risky traffic compromising your network. In Verizon’s 2022 Data Breach Investigations Report, web applications were the number one vector of entry for bad actors and are connected to the highest number of DoS attacks. The Verizon report found that Basic Web Application Attacks (BWAA) largely focus on attacks that directly target an organization’s most exposed infrastructure, such as Web servers. Conceal’s patented SDN helps to minimize the opportunity for attackers to find exposed infrastructure by increasing privacy using intermediaries to acquire the commercial infrastructure used to implement the network. The dynamic design of our patented SDN removes context and provides extra layers of privacy and security to users and enterprises.

Conceal’s patented SDN helps organizations identify and isolate risky web traffic before it compromises your network through the monitoring capability as part of the additional layer of protection. Additionally, Conceal is able to move identified risky web traffic without affecting a user’s current session. The fidelity of the protection’s ability to monitor and isolate without affecting a user’s ongoing communications helps provide security assurance for web activity. The extra layer of protection moves the web traffic into a remote browser in an isolated environment without a user having to decide if they believe the web traffic is risky.

Our patented SDN encompasses all of Conceal’s offerings; from ConcealBrowse and ConcealSearch to ConcealCloud, our patented SDN was deliberately and carefully intertwined throughout our product suite to bring an unparalleled solution to the market to address web security.

Use Case

Law Enforcement agencies are faced with the insecurities surrounding intelligence collection. Whether the intelligence collection surrounds dark web monitoring, open-source intelligence, social media research, financial crimes, or internet crimes against children, these investigations come with a level of risk while leveraging the internet. Conceal fully supports operational mission capabilities aligned to law enforcement. Currently, Conceal is deployed in state and local law enforcement agencies and other investigative organizations. To help combat risks associated with mission-critical investigations, the following is accomplished through our product suite:

  • Open-Source Intelligence – Through the investment of our zero-trust browser isolation, ConcealSearch, users can conduct non-attributable, protected open-source research.
  • Social Media Research – By removing attribution of users through our ConcealSearch product, investigators can anonymously monitor social media sites and updates in real-time.
  • Financial Crimes and Intelligence – By leveraging ConcealSearch, users can conduct “follow-the-money” operations and capture and archive financial information without worrying about malicious sites or internet activity entering the network.
  • Internet Crimes Against Children – With ConcealSearch, law enforcement agents can investigate, track and conduct operations to combat crimes against children without jeopardizing their network or identity.
  • Dark Web Monitoring – Engage in dark web monitoring and activities without exposing your network and identity by investing in ConcealSearch.

Conceal’s patented SDN role in cybersecurity will continue to expand as the value of hiding user identities and technical information while simultaneously searching the web grows in importance.

4 Key Threats

4 Key Information Security Threats of 2022

/in /by

Vulnerabilities are one of the four key paths to your crown jewels. Here’s what you need to know to avoid exploitation.

Let’s be real, vulnerabilities are a main reason we are all here, employed in the field of cybersecurity. Organizations invest in cybersecurity as threats and vulnerabilities continue to advance and become more sophisticated in an ever-changing threat landscape. In this blog, we will explore common characteristics of vulnerabilities to help aid your strategy against exploitation in the future.

Market Outlook

In the past year, vulnerability exploitation, as the entry point of threat actors, has doubled according to Verizon’s Data Breach Investigation Report. To find these vulnerabilities, threat actors are leveraging a wide variety of techniques, including scanning IPs and open ports, crawling for specific services, testing specific CVEs from the catalog discussed above, and running remote code execution.

With an ever changing threat landscape comes an ever evolving vulnerability market. As vulnerabilities are discovered and shared publicly, threat actors are forced to become more sophisticated in their approach to exploit weaknesses in a timely manner. Every year, the Top 25 Most Dangerous Software Weaknesses are analyzed by the CWE community. One trend seen in The 2022 Top 25 release surrounds out-of-bounds write and cross-site scripting (XSS), which continue to be two of the most dangerous weaknesses from year to year. The full list of the top 25 vulnerabilities can be found here.

So What?

As one of the four key information security threats of 2022, vulnerability exploitation must remain a priority in an organization’s security strategy. If a weakness is leveraged by a threat actor and they are able to gain unauthorized access to their network, an organization risks network compromise, data exfiltration, unplanned system downtime, ransomware, and more. Such cybersecurity risks can have debilitating effects across the organization, including financially, operationally, reputationally, and economically. As a result, it is crucial for organizations to do what they can to avoid vulnerability exploitation. By understanding how vulnerabilities are identified and categorized, as well as understanding standard conventions for information that can be used to measure and mitigate the risks to your organization, you can avoid exploitation all together.

Detect. Defend. Isolate.

Besides the efforts identified above to discover and disclose information security vulnerabilities, there are efforts to proactively protect against vulnerabilities on the market. Here at Conceal, we are doing our part to help you avoid vulnerability exploitation online. By pushing the boundaries and maximizing web-based security, web vulnerabilities become a non-issue.

By identifying risky web traffic before it compromises your network, Conceal minimizes the opportunity for a vulnerability to be exploited. Detecting vulnerabilities early in the kill chain allows remediation to be taken before any damage is done. Once detection of risky behavior is identified, Conceal allows the user to finish out the activity in an isolated environment unassociated with your network. This independent network will keep your organization’s data safe from threat actors who may be trying to use the web activity to exploit a vulnerability. Learn more about protection through isolation in one of our recent blog posts here.

Vulnerability exploitation will continue to be a key entry point into your organization’s network. As a result, security teams must explore proactive security measures and tools that can be leveraged to minimize threat actors’ ability to take advantage of a vulnerability. Conceal provides part of the necessary proactive security measures by stopping malware before it has a chance to exploit unpatched vulnerabilities. Request a demo today to learn how Conceal can be a part of your organization’s strategy to protect against vulnerabilities.

Vulnerabilities risk the confidentiality, integrity and/or availability of data within an organization. When coming up with a strategy to protect against vulnerabilities, it is imperative to understand the characteristics and values of common vulnerabilities.

Characteristics

Common values that are important to understand as it relates to a vulnerability include Common Vulnerability and Exposure (CVE) values, Common Weakness Enumeration (CWE) values, and Common Vulnerability Scoring System (CVSS) values. These characteristics provide organizations with a common set of nomenclature to leverage throughout the industry, providing ease when developing their strategy to protect against vulnerabilities.

CVE

CVEs refer to a database that catalogs publicly disclosed vulnerabilities specific to an explicit occurrence. Thousands of new CVE’s are published every year for the good of the security industry. The goal of CVE’s is to provide organizations with a repository of known vulnerabilities to ease information sharing. The database gives organizations a starting point when it comes to vulnerability management as well as creating and implementing a proactive security strategy. The catalog serves as a baseline to evaluate current coverage against the known vulnerabilities. Keeping up with the current vulnerability market is the first step towards proper cyber hygiene.

CWE

Beyond understanding the vulnerability, organizations can benefit from understanding the characteristics of the building blocks that lead to the vulnerability. While CVE refers to the instance of a vulnerability, CWE focuses on the cause of the vulnerability type. For the security community, CWE’s provide common nomenclature for discussing weaknesses and categorizing them by software, hardware or use case. The list of weakness types provide a baseline for identification, mitigation and prevention of a weakness.

CVSS

Once an organization understands relevant vulnerabilities and the underlying weaknesses, understanding the severity of the vulnerability is extremely valuable. CVSS provides a consistent score for vulnerabilities, regardless of the industry. By leveraging the CVSS, organizations can understand the severity of the vulnerability in their environment as well as let them prioritize the remediation of each vulnerability.

As vulnerabilities continue to grow in sophistication and rigor, these common attributes will allow organizations to openly talk about and understand the vulnerabilities relevant to their industry. These values will allow continued collaboration when developing an organization’s security strategy. Make sure to check out Conceal’s offerings that can be used to strengthen your organization’s strategy to protect against vulnerability exploitation by requesting a demo today.

Now All Together

/in /by

A 2020 research paper by cybersecurity think tank USENIX highlights a key problem with cyber intelligence data: Even though commercial threat data is expensive, it paints an incomplete picture of the risk to your company.

The research looked at two unnamed commercial cyber threat intelligence (CTI) providers and four unnamed free intelligence providers. The researchers discovered that, even in cases where CTI providers provided data on the same threat, there was very little overlap in that data. The study found the same gap between free and paid providers. The researchers concluded that, because even top-tier threat intelligence providers can’t provide the complete picture of risks to a business, there is limited value in purchasing the high-priced data.

Clearly, a single source of truth doesn’t exist for risks surrounding cyber threats. That’s why there are so many players in the marketplace. It’s also the reason that most organizations have to invest in multiple intelligence sources, and struggle to integrate those into various points within their security stacks. Still, the right investment in the security tools that can successfully leverage all available paid and free sources to eliminate or mitigate cyber risk can make an organization far safer.

I Want You, Correct Data

There is a multitude of data available to feed the security tools used by CISOs and other IT leaders. Free data provides basic information crowdsourced from attacks that happen globally every day. These can provide an invaluable baseline resource, and should be fully utilized in security tools and endpoint protection solutions that make decisions about blocking or allowing traffic.

Still, other data is only available via vast and expensive networks of sensors, through human sources, or through analysts and collectors with specialized and hard-to-find skills. This data can provide critical insights and predictive information that can help fill in some of the gaps in the free data, as well as provide predictive data that can enable a more proactive IT security stance. Unfortunately, these datasets are expensive to collect, and this fact is often reflected in the price to an organization.

It’s easy, especially for organizations with small cybersecurity budgets, to look at the facts and determine the free data is good enough. That the added value of a more thorough, though admittedly still incomplete, picture of the threat landscape is less than the cost. Still, it’s clear that specialized premium data sources can take a company’s ability to stop threats and strategically reduce risk to the next level.

Together We are Strong

One of the USENIX paper’s main arguments against the use of paid data feeds is the fact that, despite their cost, the data remains incomplete. This is true. However, with the right security tools in place, an organization can transparently benefit from a more complete picture provided by a combination of paid and free intelligence feeds to protect them from a host of known and unknown threats.

These tools can take several forms. Depending on how the data from multiple sources is combined and utilized, the result can either be a coherent risk assessment that allows a platform to make good security decisions transparently and with limited effort by your organization, or an IT nightmare trying to make tools and data sources from different vendors play nicely together.

In today’s post-COVID environment, workforces are dispersed and conducting work on a multitude of public and private networks, and on a number of devices. More and more of this work is being done on web applications inside the browser. Because the work environment is becoming heterogeneous and dispersed, the traditional security models are no longer effective. Keeping users safe in this environment requires a Zero-Trust security model at the browser level, and it requires being able to bring every possible outside source of intelligence and network data to bear on the risk mitigation process.

Conceal Can Do It!

Fortunately for your IT security team, ConcealBrowse provides a simple, cost-effective way to utilize all your existing security tools and data sources to make intelligent decisions about risk mitigation and safety in a Zero-Trust browser. While investments in user training around phishing and online safety can be beneficial, the reality is that no one is perfect and no one will make the right security decision 100% of the time. You want your people to be able to do their jobs and think as little as possible about security. That’s all possible with ConcealBrowse.

ConcealBrowse has plugins for a number of free and paid intelligence services and security tools that feed information to our “brain,” which determines the best risk mitigation methods for every clicked link or visited URL. ConcealBrowse lets you get the full benefit from combining all the free and paid data sources that, when combined, create a much fuller risk picture.

Learn more about how Conceal is influencing the future of cybersecurity.

Change Maker | Building a Culture and Protecting our Online Presence

/in /by

Today on The Change Maker: Gordon Lawson and Ivie Teston. Gordon is the CEO of Conceal, a company dedicated to protecting federal and private businesses online. Ivie is the Sales Manager and an Augusta native that has returned to work with Conceal at the international headquarters right here in Augusta. Both of them talk about establishing a welcoming work culture, what it takes to engage a young workforce, and how our online presence might not be as safe as you think.

To find more information on this show go to: https://www.augustapodcasts.com/thechangemaker

dog at computer

Searching the Internet Safely and Anonymously

/in , /by

Everyone has seen the famous The New Yorker cartoon (July 5, 1993) where a dog behind a computer informs a canine friend sitting nearby that “On the Internet, nobody knows you’re a dog.” There’s only one problem with this memorable phrase. It’s not true anymore. Everyone who goes online creates a digital footprint. This includes so-called passive data such as their IP address, user identity, location, device, OS, browser and more. Digital footprints are problematic for two reasons.

Firstly, many employees need to use the internet every day as part of their work, and their footprint can lead ransomware gangs and other cyber criminals directly back to your network. Even the most harmless surfing creates a potential path for attack.

The second problem relates to employees who require online anonymity to do their jobs successfully. Companies in highly competitive or research-intensive business sectors such as biotech routinely block visitors or alter the content they present to visitors based on their identity, which can be derived from their digital footprint. Potential customers and students, for example, may access documents related to new offerings, while researchers from competing companies will be shut out or only permitted limited access.

Foreign companies or governments may present individuals who have a US-based IP address with different information than what’s available to in-country visitors. Criminal gangs involved in drugs, illicit weapons sales and the like use the internet just like other businesses (often on the dark web) and they also take measures to block access to their sites, notably from law enforcement.

A number of IP address-blocking or IP address-substitution techniques based on proxy servers have been developed to help researchers get around these problems. Unfortunately, proxy servers are now well-known to organizations that want to limit or deny access to their sites, and they are subject to blocking just like other unwelcome visitors.

A New Approach to Anonymity

Rather than substitute one easily-discoverable footprint for another, Conceal has taken a whole new approach with ConcealSearch. Upon sign-on, the system offers users a variety of personas, and also lets them choose ingress and egress points. A one-time-only virtual environment is created for each session. Any communication travels via a complex, independent network with multiple hops through commercial clouds that are frequently churned.

This service entirely conceals the identity of individuals who need to conduct discrete market research and business intelligence collection. They can look at any material that a company chooses to present to the world and, importantly, that company will never know they’re looking.

There’s a second benefit. The path that hides the researcher’s identity is so complicated that, for all practical purposes, it’s not possible to trace them back to their organization’s network. Furthermore, when a session is over the virtual environment is totally spun down. It ceases to exist. The result is that organizations are protected from bad actors who could otherwise use the information in a researcher’s digital footprint to mount an attack. For users, it’s safe to click anywhere, even on dark web sites.

ConcealSearch is designed for individuals within an organization who need its special capabilities. Access is normally controlled at a highly granular level, i.e. individuals or small, role-based groups. Beyond the sign-on requirement, the system interface is identical to whatever browser the user normally chooses for the internet (Chrome, Safari, Firefox, etc.).

Protection Through Isolation

Protection Through Isolation

/in , /by

Security professionals are well aware that sending an email to a colleague has always been the digital equivalent of sending a postcard. Now, given the aggressiveness and skill of today’s hackers, the situation with data on the internet is hardly much better. If your file storage has a public IP address, your data is vulnerable to attack.

It’s worth taking a moment to think about the consequences of a successful attack.

  • If your intellectual property is stolen, it could well destroy an important competitive advantage.
  • If financial data is exposed during an important negotiation, it will undermine your bargaining position.
  • If you’re the target of a malware attack, it will likely cost you millions of dollars and, at least temporarily, bring new product development to a halt, if not your whole business.

All companies have at least some controls in place to prevent events like this, but the sad fact is, these controls don’t work very well. In 2021, for example, 54% of all ransomware attacks were successful.

Data that’s Hidden Is Not Vulnerable

In the light of these failures, a new approach is obviously required, one that can protect data while extricating IT organizations from the constant appearance of new threats, followed by the need to purchase and implement new defensive solutions.

An approach based on isolation meets these criteria perfectly – but the degree of isolation and the manner in which it’s executed are important. Neither the dependency isolation offered by containers nor the tab isolation of some commercial browsers are adequate. Safe isolation of data from bad actors requires an independent network. When that network’s pathways are disguised and varied with multiple hops and regular churning, sensitive data can be made virtually impossible to find.

Here’s a summary of the differences isolation can make:
WITHOUT ISOLATION

  • All your traffic goes over the public internet.
  • Your file storage has a public IP address, which increases your attack surface.
  • Hosting providers may have access to your data.
  • You are on a shared infrastructure.
  • Your use of internet resources is easily tracked.

WITH ISOLATION

  • Access to protected data is via VPN tunnel only.
  • File storage is accessible only via a secure, private network.
  • Your data is isolated from hosting providers.
  • Your infrastructure is dedicated.
  • Your use of internet resources cannot be traced.

The benefits of isolation include the ability to:

  • Mask data. By adding an additional layer of concealment, isolation disguises where your data is being sent. Hostile actors cannot launch attacks if they don’t know the path on which the data travels.
  • Isolate business processes. You can isolate risky functions such as research and security and carry out Internet-facing functions while eliminating the risk of exposure for your systems.
  • Communicate safely. Employees can communicate via pathways that can’t be traced because users leave no internet footprints that reveal their IP address and network identity.

In contrast to encryption, which can increase overhead by well over 100%, protecting data with isolation has little impact on speed.

The ConcealCloud Solution

ConcealCloud is a carrier-class network built on the principles of isolation. As such, it prevents cyber attacks proactively. They not only fail to reach their target. They can’t even find the target. This makes it virtually impossible for bad actors to locate your data, spy on network communications, or disrupt sensitive business processes.

With ConcealCloud, intellectual property, the financial calculations behind deals, and every confidential communication your employees have will remain private. Your organization can safely leverage the benefits of the cloud while eliminating the security risks.

MalwareTooLate

If Malware Gets into your Network, It’s Too Late!

/in , /by

The traditional approaches to security that rely on containment simply aren’t working. A recent survey of 1,200 security decision-makers revealed that organizations have deployed, on the average, 76 different cyber crime solutions. But in spite of this effort, 82% stated they had been surprised by a security event that slipped past the controls they had in place.

The fact is, if malware gets into your network, it’s already too late. Enter ConcealBrowse, a new approach to protecting the data, processes and communications you deem most important.

ConcealBrowse uses a new tactic: isolation – not the dependency isolation offered by containers or the tab isolation some commercial browsers offer, but isolation to a remote browser that functions like a sandbox, only on a much larger scale. The process is analogous to taking a package (the url) that may contain a bomb (the malware) to a safely contained area where, no matter how powerful it may be, can be detonated without causing harm.

Why does this approach work when others fail? Because it addresses two new realities of today’s cyber landscape.

  • the explosion of new, sophisticated and constantly mutating threats
  • the huge proliferation of endpoints in increasingly decentralized architectures

New Threats

Security organizations face a disturbing escalation in the number of threats – up 31% in 2021. Even more important, though, is their increasing variety and sophistication. In the first five months of this year, 44.43 million new species of malware were detected by the independent IT security institute AV-Test, bringing the total number of malware instances in the wild to over 1.3 billion. Worse, attackers are constantly updating their software to sneak by or block existing defenses. Here are some examples.

  • The CryptoMix ransomware virus has been re-engineered and re-emerged as “Clop,” which can now disable hundreds of Windows processes, including Windows Defender.
  • Herpaderping is another new technique that tricks defenses by posing as “unintended activity” rather than something more dangerous.
  • Perhaps most alarming is the rise of RaaS – Ransomware-as-a-Service, which enables individuals with no experience in coding to launch attacks.

These are three random examples of new, sophisticated threats out of the hundreds that are spawned daily. Their purpose is to bring a business to its knees, and when left to roam undetected on a network, they will do just that.

New Targets

The vast number of remote endpoints is equally challenging. The proliferation of endpoints where browsers reside gained enormous impetus when COVID 19 sent millions of employees home from their offices, and this in turn dramatically increased the number of browsers vulnerable to attack.

In order to be successful, a security application capable of executing preliminary screening must reside on every endpoint. Security without endpoint applications is quite simply impossible. (The term “agent” is often used to describe these applications, and this term has acquired negative connotations. Today, however, problems created by older generations of agents such as network overhead and complications with deployment and management have been minimized if not eliminated).

In today’s highly distributed architectures, endpoints are the most attractive target for attack. As a result, a new class of anti-virus software has appeared: endpoint defense and response (EDR). Unfortunately, todays EDRs don’t work very well. One team of academics tested 18 EDR products’ ability to detect four common attacks and, to quote their report, “state-of-the-art EDRs fail to prevent and log the bulk of the attacks.”

Isolation at Work

If security organizations can’t rely on the tools they have to detect malware that’s well-known, how can they be expected to confidently deal with new variants and zero day exploits? The simple answer is they can’t – at least not with today’s tools. That’s where the isolation capabilities of ConcealBrowse comes into play.

Essentially, the isolation approach applies the concept of zero trust to urls at the browser level. In operation, ConcealBrowse evaluates every click event on every url and subjects that url to pre-processing based on a combination of what we term intelligence and policy.

  • Intelligence includes filtering based on conventional resources such as Google Safe Browsing, MetaDefender and VirusTotal, plus prior history. The system remembers every url that has ultimately been sent into isolation for future reference.
  • Policy includes configurable filtering of specific types of sites (social media, gambling, etc.) as well as specific types of files and sources.

This pre-processing, however, is only the beginning. While urls determined to be safe are allowed to pass through to the user, those that are suspicious are routed into isolation for further testing. It is this second step that differentiates ConcealBrowse from all other EDR solutions and offers protection even against zero-day viruses and malware.

The system takes a conservative approach, choosing isolation if there is any doubt as to whether a url is malicious. This is an important differentiator between ConcealBrowse and email filters. With email, false positives are a serious concern, because blocking a valid email could have serious business concerns, like lost orders, to take just one example. In contrast, there is no risk in blocking a suspicious url.

No Learning Curve

For the user, all of this is transparent. What users see is their chosen browser, operating exactly as it always does. If they click on a suspicious site, ConcealBrowse simply opens a new tab that announces, “You are now in isolation,” (Behind the scenes, however, the user has been linked to a remote browser that is not part of their local network). In some cases, users may receive a message that they have entered a known malicious site. ConcealBrowse is compatible with all popular browsers, including Google Chrome, Safari, Firefox, Opera and Microsoft Edge.

One other important component of the user experience is speed. With ConcealBrowse, the typical latency to process is just a few milliseconds.

The combination of two-step evaluation of all urls plus isolation of the suspicious ones differentiates ConcealBrowse from all other anti-malware offerings and ensures that malware will be blocked before it ever enters your network. For a demo, please contact us.