SlideShare ist ein Scribd-Unternehmen logo

Spikes Security Isla Isolation

Cybryx
Cybryx

Overview of the problems of zero day malware, and how to prevent browser based malware

Internet
1 von 34
Downloaden Sie, um offline zu lesen
Drive-by Downloads, Malvertising, and Web Exploits Web-based isolation is now possible Paul Misner Federal Business Development Spikes Security pmisner@spikes.com 410-740-3490 Scott Martin Chief Information Officer Spikes Security smartin@spikes.com 408-755-5713
THE WEB BROWSER IS THE MOST STRATEGICALLY IMPORTANT APPLICATION IN TODAY’S INTERNET- POWERED ENTERPRISE.
Browsers and the web • Most strategically important application • Most insecure and vulnerable to cyber attacks • Most expensive business application to secure Public Information 3
The web malware problem • 81% say web browsers are the primary attack vector • 55% of malware attacks coming through the browser • 86% patch/update browsers to keep them secure • 74% say detection-based tools no longer effective • 51 average number of successful attacks in 2014 • $3.1M average annual cost to clean up attacks Public Information 4
The problem grows… We can’t keep up with the numerous security flaws detected every day.  Known Malware  Java Applets  Flash  Server-side scripts  Bad Websites  Zero-Day attacks Internal resources with approved access can breach confidentiality – intentionally or not. Public Information 5
IT Security Prevention Public Information 6
How many of your users… Click Here??? Public Information 7
How many of your users… can spot a Fake?? Public Information 8
• Data Loss Prevention is only as effective as what it knows about. • Almost 1,000,000 new malicious code signatures every day! • Each click of the mouse opens a clear, undetectable path for data to exit our computers and networks. • We simply can’t detect what we don’t know to look for. Detection is not sustainable Public Information 9
• Human Nature is to “Accept and Continue.” • Can’t change the user’s experience. • Access blocks don’t work. • End users to find ways to circumvent existing limited protections. Human Behavior and the Browser Public Information 10
Browsing solutions must evolve to maintain network integrity with minimal effort. Public Information 11
Without Isolation URL Filtering Network AV IDS/IPS DLP • Browsers download and execute program code from trusted and untrusted sites • Even defense-in-depth detection can’t stop unknown attacks • Once in, they can send your intellectual property to the world through the tiniest holes Public Information 80 443 12
13 Software-Based Browser Isolation • Browser is isolated from operating system with micro- hypervisor. • Micro-hypervisor is mini virtual machine. • If the browser is compromised, in theory, the hypervisor will block access to the OS and other programs. Public Information
• Software sandboxes can be penetrated • Need to manage each system • More powerful processors may be needed • Additional endpoint memory and disk usage • If something becomes resident, it’s on the internal network • If something does get out, it’s on the user’s system Issues with software based isolation Public Information 14
A New Approach. Hardware-Based Browser Isolation Public Information 15
Hardware Isolation URL Filtering Network AV IDS/IPS Sandbox 80 443 • Physically separate and isolate the browser from the endpoint. • Place the browser in an isolated network (DMZ). • Users enjoy complete web freedom and security while keeping your data secure • A highly managed user experience provides oversight into web-based activities 1200- 1299 1200- 1299 Public Information 16
Isolate™ Architecture 1) Architectural Isolation Separation and isolation of Layer 1 physical components between browser and users 2) Resource Isolation Isla server and endpoint Memory, CPU, Storage, and Peripherals are isolated from each other – and from malware Public Information 1200- 1299 1200- 1299 17
Isolate™ Architecture 3) Session Isolation Each user session is protected in its own VM, hardware-isolated with Intel VT extensions 4) Task Isolation Within a single session, each tab, or task, use processes isolated from each other 1200- 1299 1200- 1299 Public Information 18
Isolate™ Architecture 5) Connection Isolation AES 256-bit encrypted communication between appliance and each individual user 6) Content Isolation Proprietary command, control and display communication format that malware cannot compromise 1200- 1299 1200- 1299 Public Information 19
Isolate™ Architecture 7) Malware Isolation Any malware activity is isolated and contained within the appliance VMs are completely destroyed after each use and never have access to internal networks 1200- 1299 1200- 1299 Public Information 20
How it Works Provide an isolation area to render content in a secure network Malicious websites become harmless by rendering the content in the isolated area. You can now provide clean web content to your users with true hardware and network separation. 21
THE INTERNET • Isla sits in a DMZ/ isolated network Basic Deployment • Encrypted client to Control Center and appliance communications • Isolated VM for each user Interactive, Secure, Encrypted Viewer Streams • On command updates • Centralized reports and configurations SPIKES SECURITY SYSTEMS AND CONTROL CENTER Public Information 22
Interactive, Secure, Encrypted Viewer Streams THE INTERNET Control Center Communications • SSL Web-enabled Interface • Maintains user and group information • Retains log and usage information • Holds your primary copy of your appliance configurations (Can only be pulled down by your appliances and is only activated by administrators) • Can be isolated on-premises for additional security. SPIKES SECURITY SYSTEMS AND CONTROL CENTER Public Information 23
Issues with Hardware Based Isolation • Compatibility issues between browsing environment and the actual user environment – Proprietary Browser • Web Applications try to use local OS resources – Silverlight/SharePoint • Use of webcam, microphone, printing, and downloads breaks the principle of isolation – Bypass Mode • Additional Hardware Required Public Information 24
• The race to save the end point isn’t working. • Hardware based isolation removes 100% the possibility of malware or spyware entering a network. • With hardware based isolation, the need to capture browser based attacks on the endpoint is negated. Isolation Synopsis Public Information 25
Conclusion Hardware Based Isolation 1. Eliminates the web browser as a primary attack vector 2. Reduces unnecessary IT costs for forensics, remediation 3. Simplifies endpoint security complexity and admin 4. Restores secure web freedom for all employees Public Information 26
ISLA Deploying in the real world
Multiple Use Cases Public Information 29
EXAMPLES Typical Installation Scenarios
Basic Deployment Public Information 33
MOST COMMON DEPLOYMENT • Isla sits in a DMZ/isolated network • Only authorized users can connect • Encrypted client to server communications • Centralizes the source of all web requests Public Information 34
IN-LINE TOOLS DEPLOYMENT • Used with existing Content Filtering or other Information Security tools • Isla sits the network before egress through the existing InfoSec tools • Encrypted client to appliance communications • Outbound web requests route through the existing InfoSec tools at the perimeter Other In-line Security tools Public Information 35
MULTIPLE SITES • Isla sits in a DMZ/isolated network • Only authorized users can connect • Encrypted client to server communications • Centralizes the source of all web requests Public Information 36
THANK YOU Spikes Security www.spikes.com

Empfohlen

Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security EngineeringMd. Hasan Basri (Angel)
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSCamille Hazellie
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Zero day exploit
Zero day exploitZero day exploit
Zero day exploitAashiq Ahamed N
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 

Empfohlen

Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security EngineeringMd. Hasan Basri (Angel)
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSCamille Hazellie
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Zero day exploit
Zero day exploitZero day exploit
Zero day exploitAashiq Ahamed N
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)eLearning Consortium 電子學習聯盟
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Network security
Network securityNetwork security
Network securityNikhil Vyas
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionQuick Heal Technologies Ltd.
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
Web Security
Web SecurityWeb Security
Web SecurityGerald Villorente
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.HugoBarrionuevoSobri
 
Using skype and excel to auto dial
Using skype and excel to auto dialUsing skype and excel to auto dial
Using skype and excel to auto dialCybryx
 
Menlo Security Isolation Platform
Menlo Security Isolation PlatformMenlo Security Isolation Platform
Menlo Security Isolation PlatformMarco Scala
 

Weitere ähnliche Inhalte

Was ist angesagt?

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Network security
Network securityNetwork security
Network securityNikhil Vyas
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 

Was ist angesagt? (20)

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Network security
Network securityNetwork security
Network security
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware Menace
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway Protection
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
Web Security
Web SecurityWeb Security
Web Security
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.
 

Andere mochten auch

Using skype and excel to auto dial
Using skype and excel to auto dialUsing skype and excel to auto dial
Using skype and excel to auto dialCybryx
 
Menlo Security Isolation Platform
Menlo Security Isolation PlatformMenlo Security Isolation Platform
Menlo Security Isolation PlatformMarco Scala
 
Notes From Julie Hansen From Institute of Sales Excellence
Notes From Julie Hansen From Institute of Sales ExcellenceNotes From Julie Hansen From Institute of Sales Excellence
Notes From Julie Hansen From Institute of Sales ExcellenceCybryx
 
CCD_2013_BrowserIsolation
CCD_2013_BrowserIsolationCCD_2013_BrowserIsolation
CCD_2013_BrowserIsolationGregory Anders
 
Estimated Mean Presentation
Estimated Mean PresentationEstimated Mean Presentation
Estimated Mean PresentationRichard Foxton
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Derbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: SandboxesDerbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: SandboxesBromium Labs
 
Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Subash SN
 
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...ProductNation/iSPIRT
 
Using content to fuel your sales funnel
Using content to fuel your sales funnelUsing content to fuel your sales funnel
Using content to fuel your sales funnelProductNation/iSPIRT
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Spark Summit
 
The Now and Next of Learning and Technology
The Now and Next of Learning and TechnologyThe Now and Next of Learning and Technology
The Now and Next of Learning and TechnologyDavid Kelly
 
Development and Engagement in the Age of Social Media
Development and Engagement in the Age of Social Media Development and Engagement in the Age of Social Media
Development and Engagement in the Age of Social Media Paul Brown
 

Andere mochten auch (15)

Using skype and excel to auto dial
Using skype and excel to auto dialUsing skype and excel to auto dial
Using skype and excel to auto dial
 
Menlo Security Isolation Platform
Menlo Security Isolation PlatformMenlo Security Isolation Platform
Menlo Security Isolation Platform
 
WEB ISOLATION
WEB ISOLATIONWEB ISOLATION
WEB ISOLATION
 
Notes From Julie Hansen From Institute of Sales Excellence
Notes From Julie Hansen From Institute of Sales ExcellenceNotes From Julie Hansen From Institute of Sales Excellence
Notes From Julie Hansen From Institute of Sales Excellence
 
CCD_2013_BrowserIsolation
CCD_2013_BrowserIsolationCCD_2013_BrowserIsolation
CCD_2013_BrowserIsolation
 
Estimated Mean Presentation
Estimated Mean PresentationEstimated Mean Presentation
Estimated Mean Presentation
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Derbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: SandboxesDerbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: Sandboxes
 
Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17
 
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...
Content Marketing Strategies for Early Stage Startups by Ankit Oberoi, AdPush...
 
Using content to fuel your sales funnel
Using content to fuel your sales funnelUsing content to fuel your sales funnel
Using content to fuel your sales funnel
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
 
The Now and Next of Learning and Technology
The Now and Next of Learning and TechnologyThe Now and Next of Learning and Technology
The Now and Next of Learning and Technology
 
Development and Engagement in the Age of Social Media
Development and Engagement in the Age of Social Media Development and Engagement in the Age of Social Media
Development and Engagement in the Age of Social Media
 
Logistics Management
Logistics ManagementLogistics Management
Logistics Management
 

Ähnlich wie Spikes Security Isla Isolation

[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Chapter 11 computer security and safety, ethics, and privacy
Chapter 11 computer security and safety, ethics, and privacyChapter 11 computer security and safety, ethics, and privacy
Chapter 11 computer security and safety, ethics, and privacyhaider ali
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 

Ähnlich wie Spikes Security Isla Isolation (20)

[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
CyberSecurity.pptx
CyberSecurity.pptxCyberSecurity.pptx
CyberSecurity.pptx
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
NAC_p3.pptx
NAC_p3.pptxNAC_p3.pptx
NAC_p3.pptx
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
dccn ppt-1.pptx
dccn ppt-1.pptxdccn ppt-1.pptx
dccn ppt-1.pptx
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
TOPIC7.pptx
TOPIC7.pptxTOPIC7.pptx
TOPIC7.pptx
 
Chapter 11 computer security and safety, ethics, and privacy
Chapter 11 computer security and safety, ethics, and privacyChapter 11 computer security and safety, ethics, and privacy
Chapter 11 computer security and safety, ethics, and privacy
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 

Kürzlich hochgeladen

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 

Kürzlich hochgeladen (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 

Spikes Security Isla Isolation

  • 1. Drive-by Downloads, Malvertising, and Web Exploits Web-based isolation is now possible Paul Misner Federal Business Development Spikes Security pmisner@spikes.com 410-740-3490 Scott Martin Chief Information Officer Spikes Security smartin@spikes.com 408-755-5713
  • 2. THE WEB BROWSER IS THE MOST STRATEGICALLY IMPORTANT APPLICATION IN TODAY’S INTERNET- POWERED ENTERPRISE.
  • 3. Browsers and the web • Most strategically important application • Most insecure and vulnerable to cyber attacks • Most expensive business application to secure Public Information 3
  • 4. The web malware problem • 81% say web browsers are the primary attack vector • 55% of malware attacks coming through the browser • 86% patch/update browsers to keep them secure • 74% say detection-based tools no longer effective • 51 average number of successful attacks in 2014 • $3.1M average annual cost to clean up attacks Public Information 4
  • 5. The problem grows… We can’t keep up with the numerous security flaws detected every day.  Known Malware  Java Applets  Flash  Server-side scripts  Bad Websites  Zero-Day attacks Internal resources with approved access can breach confidentiality – intentionally or not. Public Information 5
  • 7. How many of your users… Click Here??? Public Information 7
  • 8. How many of your users… can spot a Fake?? Public Information 8
  • 9. • Data Loss Prevention is only as effective as what it knows about. • Almost 1,000,000 new malicious code signatures every day! • Each click of the mouse opens a clear, undetectable path for data to exit our computers and networks. • We simply can’t detect what we don’t know to look for. Detection is not sustainable Public Information 9
  • 10. • Human Nature is to “Accept and Continue.” • Can’t change the user’s experience. • Access blocks don’t work. • End users to find ways to circumvent existing limited protections. Human Behavior and the Browser Public Information 10
  • 11. Browsing solutions must evolve to maintain network integrity with minimal effort. Public Information 11
  • 12. Without Isolation URL Filtering Network AV IDS/IPS DLP • Browsers download and execute program code from trusted and untrusted sites • Even defense-in-depth detection can’t stop unknown attacks • Once in, they can send your intellectual property to the world through the tiniest holes Public Information 80 443 12
  • 13. 13 Software-Based Browser Isolation • Browser is isolated from operating system with micro- hypervisor. • Micro-hypervisor is mini virtual machine. • If the browser is compromised, in theory, the hypervisor will block access to the OS and other programs. Public Information
  • 14. • Software sandboxes can be penetrated • Need to manage each system • More powerful processors may be needed • Additional endpoint memory and disk usage • If something becomes resident, it’s on the internal network • If something does get out, it’s on the user’s system Issues with software based isolation Public Information 14
  • 15. A New Approach. Hardware-Based Browser Isolation Public Information 15
  • 16. Hardware Isolation URL Filtering Network AV IDS/IPS Sandbox 80 443 • Physically separate and isolate the browser from the endpoint. • Place the browser in an isolated network (DMZ). • Users enjoy complete web freedom and security while keeping your data secure • A highly managed user experience provides oversight into web-based activities 1200- 1299 1200- 1299 Public Information 16
  • 17. Isolate™ Architecture 1) Architectural Isolation Separation and isolation of Layer 1 physical components between browser and users 2) Resource Isolation Isla server and endpoint Memory, CPU, Storage, and Peripherals are isolated from each other – and from malware Public Information 1200- 1299 1200- 1299 17
  • 18. Isolate™ Architecture 3) Session Isolation Each user session is protected in its own VM, hardware-isolated with Intel VT extensions 4) Task Isolation Within a single session, each tab, or task, use processes isolated from each other 1200- 1299 1200- 1299 Public Information 18
  • 19. Isolate™ Architecture 5) Connection Isolation AES 256-bit encrypted communication between appliance and each individual user 6) Content Isolation Proprietary command, control and display communication format that malware cannot compromise 1200- 1299 1200- 1299 Public Information 19
  • 20. Isolate™ Architecture 7) Malware Isolation Any malware activity is isolated and contained within the appliance VMs are completely destroyed after each use and never have access to internal networks 1200- 1299 1200- 1299 Public Information 20
  • 21. How it Works Provide an isolation area to render content in a secure network Malicious websites become harmless by rendering the content in the isolated area. You can now provide clean web content to your users with true hardware and network separation. 21
  • 22. THE INTERNET • Isla sits in a DMZ/ isolated network Basic Deployment • Encrypted client to Control Center and appliance communications • Isolated VM for each user Interactive, Secure, Encrypted Viewer Streams • On command updates • Centralized reports and configurations SPIKES SECURITY SYSTEMS AND CONTROL CENTER Public Information 22
  • 23. Interactive, Secure, Encrypted Viewer Streams THE INTERNET Control Center Communications • SSL Web-enabled Interface • Maintains user and group information • Retains log and usage information • Holds your primary copy of your appliance configurations (Can only be pulled down by your appliances and is only activated by administrators) • Can be isolated on-premises for additional security. SPIKES SECURITY SYSTEMS AND CONTROL CENTER Public Information 23
  • 24. Issues with Hardware Based Isolation • Compatibility issues between browsing environment and the actual user environment – Proprietary Browser • Web Applications try to use local OS resources – Silverlight/SharePoint • Use of webcam, microphone, printing, and downloads breaks the principle of isolation – Bypass Mode • Additional Hardware Required Public Information 24
  • 25. • The race to save the end point isn’t working. • Hardware based isolation removes 100% the possibility of malware or spyware entering a network. • With hardware based isolation, the need to capture browser based attacks on the endpoint is negated. Isolation Synopsis Public Information 25
  • 26. Conclusion Hardware Based Isolation 1. Eliminates the web browser as a primary attack vector 2. Reduces unnecessary IT costs for forensics, remediation 3. Simplifies endpoint security complexity and admin 4. Restores secure web freedom for all employees Public Information 26
  • 27. ISLA Deploying in the real world
  • 28. Multiple Use Cases Public Information 29
  • 31. MOST COMMON DEPLOYMENT • Isla sits in a DMZ/isolated network • Only authorized users can connect • Encrypted client to server communications • Centralizes the source of all web requests Public Information 34
  • 32. IN-LINE TOOLS DEPLOYMENT • Used with existing Content Filtering or other Information Security tools • Isla sits the network before egress through the existing InfoSec tools • Encrypted client to appliance communications • Outbound web requests route through the existing InfoSec tools at the perimeter Other In-line Security tools Public Information 35
  • 33. MULTIPLE SITES • Isla sits in a DMZ/isolated network • Only authorized users can connect • Encrypted client to server communications • Centralizes the source of all web requests Public Information 36