Change Maker | Building a Culture and Protecting our Online Presence

Today on The Change Maker: Gordon Lawson and Ivie Teston. Gordon is the CEO of Conceal, a company dedicated to protecting federal and private businesses online. Ivie is the Sales Manager and an Augusta native that has returned to work with Conceal at the international headquarters right here in Augusta. Both of them talk about establishing a welcoming work culture, what it takes to engage a young workforce, and how our online presence might not be as safe as you think.

To find more information on this show go to: https://www.augustapodcasts.com/thechangemaker

dog at computer

Searching the Internet Safely and Anonymously

Everyone has seen the famous The New Yorker cartoon (July 5, 1993) where a dog behind a computer informs a canine friend sitting nearby that “On the Internet, nobody knows you’re a dog.” There’s only one problem with this memorable phrase. It’s not true anymore. Everyone who goes online creates a digital footprint. This includes so-called passive data such as their IP address, user identity, location, device, OS, browser and more. Digital footprints are problematic for two reasons.

Firstly, many employees need to use the internet every day as part of their work, and their footprint can lead ransomware gangs and other cyber criminals directly back to your network. Even the most harmless surfing creates a potential path for attack.

The second problem relates to employees who require online anonymity to do their jobs successfully. Companies in highly competitive or research-intensive business sectors such as biotech routinely block visitors or alter the content they present to visitors based on their identity, which can be derived from their digital footprint. Potential customers and students, for example, may access documents related to new offerings, while researchers from competing companies will be shut out or only permitted limited access.

Foreign companies or governments may present individuals who have a US-based IP address with different information than what’s available to in-country visitors. Criminal gangs involved in drugs, illicit weapons sales and the like use the internet just like other businesses (often on the dark web) and they also take measures to block access to their sites, notably from law enforcement.

A number of IP address-blocking or IP address-substitution techniques based on proxy servers have been developed to help researchers get around these problems. Unfortunately, proxy servers are now well-known to organizations that want to limit or deny access to their sites, and they are subject to blocking just like other unwelcome visitors.

A New Approach to Anonymity

Rather than substitute one easily-discoverable footprint for another, Conceal has taken a whole new approach with ConcealSearch. Upon sign-on, the system offers users a variety of personas, and also lets them choose ingress and egress points. A one-time-only virtual environment is created for each session. Any communication travels via a complex, independent network with multiple hops through commercial clouds that are frequently churned.

This service entirely conceals the identity of individuals who need to conduct discrete market research and business intelligence collection. They can look at any material that a company chooses to present to the world and, importantly, that company will never know they’re looking.

There’s a second benefit. The path that hides the researcher’s identity is so complicated that, for all practical purposes, it’s not possible to trace them back to their organization’s network. Furthermore, when a session is over the virtual environment is totally spun down. It ceases to exist. The result is that organizations are protected from bad actors who could otherwise use the information in a researcher’s digital footprint to mount an attack. For users, it’s safe to click anywhere, even on dark web sites.

ConcealSearch is designed for individuals within an organization who need its special capabilities. Access is normally controlled at a highly granular level, i.e. individuals or small, role-based groups. Beyond the sign-on requirement, the system interface is identical to whatever browser the user normally chooses for the internet (Chrome, Safari, Firefox, etc.).

Protection Through Isolation

Protection Through Isolation

Security professionals are well aware that sending an email to a colleague has always been the digital equivalent of sending a postcard. Now, given the aggressiveness and skill of today’s hackers, the situation with data on the internet is hardly much better. If your file storage has a public IP address, your data is vulnerable to attack.

It’s worth taking a moment to think about the consequences of a successful attack.

  • If your intellectual property is stolen, it could well destroy an important competitive advantage.
  • If financial data is exposed during an important negotiation, it will undermine your bargaining position.
  • If you’re the target of a malware attack, it will likely cost you millions of dollars and, at least temporarily, bring new product development to a halt, if not your whole business.

All companies have at least some controls in place to prevent events like this, but the sad fact is, these controls don’t work very well. In 2021, for example, 54% of all ransomware attacks were successful.

Data that’s Hidden Is Not Vulnerable

In the light of these failures, a new approach is obviously required, one that can protect data while extricating IT organizations from the constant appearance of new threats, followed by the need to purchase and implement new defensive solutions.

An approach based on isolation meets these criteria perfectly – but the degree of isolation and the manner in which it’s executed are important. Neither the dependency isolation offered by containers nor the tab isolation of some commercial browsers are adequate. Safe isolation of data from bad actors requires an independent network. When that network’s pathways are disguised and varied with multiple hops and regular churning, sensitive data can be made virtually impossible to find.

Here’s a summary of the differences isolation can make:
WITHOUT ISOLATION

  • All your traffic goes over the public internet.
  • Your file storage has a public IP address, which increases your attack surface.
  • Hosting providers may have access to your data.
  • You are on a shared infrastructure.
  • Your use of internet resources is easily tracked.

WITH ISOLATION

  • Access to protected data is via VPN tunnel only.
  • File storage is accessible only via a secure, private network.
  • Your data is isolated from hosting providers.
  • Your infrastructure is dedicated.
  • Your use of internet resources cannot be traced.

The benefits of isolation include the ability to:

  • Mask data. By adding an additional layer of concealment, isolation disguises where your data is being sent. Hostile actors cannot launch attacks if they don’t know the path on which the data travels.
  • Isolate business processes. You can isolate risky functions such as research and security and carry out Internet-facing functions while eliminating the risk of exposure for your systems.
  • Communicate safely. Employees can communicate via pathways that can’t be traced because users leave no internet footprints that reveal their IP address and network identity.

In contrast to encryption, which can increase overhead by well over 100%, protecting data with isolation has little impact on speed.

The ConcealCloud Solution

ConcealCloud is a carrier-class network built on the principles of isolation. As such, it prevents cyber attacks proactively. They not only fail to reach their target. They can’t even find the target. This makes it virtually impossible for bad actors to locate your data, spy on network communications, or disrupt sensitive business processes.

With ConcealCloud, intellectual property, the financial calculations behind deals, and every confidential communication your employees have will remain private. Your organization can safely leverage the benefits of the cloud while eliminating the security risks.

MalwareTooLate

If Malware Gets into your Network, It’s Too Late!

The traditional approaches to security that rely on containment simply aren’t working. A recent survey of 1,200 security decision-makers revealed that organizations have deployed, on the average, 76 different cyber crime solutions. But in spite of this effort, 82% stated they had been surprised by a security event that slipped past the controls they had in place.

The fact is, if malware gets into your network, it’s already too late. Enter ConcealBrowse, a new approach to protecting the data, processes and communications you deem most important.

ConcealBrowse uses a new tactic: isolation – not the dependency isolation offered by containers or the tab isolation some commercial browsers offer, but isolation to a remote browser that functions like a sandbox, only on a much larger scale. The process is analogous to taking a package (the url) that may contain a bomb (the malware) to a safely contained area where, no matter how powerful it may be, can be detonated without causing harm.

Why does this approach work when others fail? Because it addresses two new realities of today’s cyber landscape.

  • the explosion of new, sophisticated and constantly mutating threats
  • the huge proliferation of endpoints in increasingly decentralized architectures

New Threats

Security organizations face a disturbing escalation in the number of threats – up 31% in 2021. Even more important, though, is their increasing variety and sophistication. In the first five months of this year, 44.43 million new species of malware were detected by the independent IT security institute AV-Test, bringing the total number of malware instances in the wild to over 1.3 billion. Worse, attackers are constantly updating their software to sneak by or block existing defenses. Here are some examples.

  • The CryptoMix ransomware virus has been re-engineered and re-emerged as “Clop,” which can now disable hundreds of Windows processes, including Windows Defender.
  • Herpaderping is another new technique that tricks defenses by posing as “unintended activity” rather than something more dangerous.
  • Perhaps most alarming is the rise of RaaS – Ransomware-as-a-Service, which enables individuals with no experience in coding to launch attacks.

These are three random examples of new, sophisticated threats out of the hundreds that are spawned daily. Their purpose is to bring a business to its knees, and when left to roam undetected on a network, they will do just that.

New Targets

The vast number of remote endpoints is equally challenging. The proliferation of endpoints where browsers reside gained enormous impetus when COVID 19 sent millions of employees home from their offices, and this in turn dramatically increased the number of browsers vulnerable to attack.

In order to be successful, a security application capable of executing preliminary screening must reside on every endpoint. Security without endpoint applications is quite simply impossible. (The term “agent” is often used to describe these applications, and this term has acquired negative connotations. Today, however, problems created by older generations of agents such as network overhead and complications with deployment and management have been minimized if not eliminated).

In today’s highly distributed architectures, endpoints are the most attractive target for attack. As a result, a new class of anti-virus software has appeared: endpoint defense and response (EDR). Unfortunately, todays EDRs don’t work very well. One team of academics tested 18 EDR products’ ability to detect four common attacks and, to quote their report, “state-of-the-art EDRs fail to prevent and log the bulk of the attacks.”

Isolation at Work

If security organizations can’t rely on the tools they have to detect malware that’s well-known, how can they be expected to confidently deal with new variants and zero day exploits? The simple answer is they can’t – at least not with today’s tools. That’s where the isolation capabilities of ConcealBrowse comes into play.

Essentially, the isolation approach applies the concept of zero trust to urls at the browser level. In operation, ConcealBrowse evaluates every click event on every url and subjects that url to pre-processing based on a combination of what we term intelligence and policy.

  • Intelligence includes filtering based on conventional resources such as Google Safe Browsing, MetaDefender and VirusTotal, plus prior history. The system remembers every url that has ultimately been sent into isolation for future reference.
  • Policy includes configurable filtering of specific types of sites (social media, gambling, etc.) as well as specific types of files and sources.

This pre-processing, however, is only the beginning. While urls determined to be safe are allowed to pass through to the user, those that are suspicious are routed into isolation for further testing. It is this second step that differentiates ConcealBrowse from all other EDR solutions and offers protection even against zero-day viruses and malware.

The system takes a conservative approach, choosing isolation if there is any doubt as to whether a url is malicious. This is an important differentiator between ConcealBrowse and email filters. With email, false positives are a serious concern, because blocking a valid email could have serious business concerns, like lost orders, to take just one example. In contrast, there is no risk in blocking a suspicious url.

No Learning Curve

For the user, all of this is transparent. What users see is their chosen browser, operating exactly as it always does. If they click on a suspicious site, ConcealBrowse simply opens a new tab that announces, “You are now in isolation,” (Behind the scenes, however, the user has been linked to a remote browser that is not part of their local network). In some cases, users may receive a message that they have entered a known malicious site. ConcealBrowse is compatible with all popular browsers, including Google Chrome, Safari, Firefox, Opera and Microsoft Edge.

One other important component of the user experience is speed. With ConcealBrowse, the typical latency to process is just a few milliseconds.

The combination of two-step evaluation of all urls plus isolation of the suspicious ones differentiates ConcealBrowse from all other anti-malware offerings and ensures that malware will be blocked before it ever enters your network. For a demo, please contact us.