Page 78 - Cyber Warnings
P. 78
to detect, analyze and destroy threats attempting to enter computers through their browsers,
while also providing a safety net that eliminates problems and keeps a system secure even if
everything else fails. It expects the worst, that a threat will eventually be able to slip past those
defenses undetected, and acts accordingly to protect a system even if it can’t see the danger.
Virtual isolation uses the science of virtualization to remove the threat window posed by
browsers. Every time a browser is activated, a new instance is created that is kept separate
from the rest of the system and other programs. The virtual browser acts normally for a user,
who may not even realize that the program is running inside a protected container.
Any threat that tries to alter the browser can be detected normally by whatever protection is
active on the system. Threats can thus be captured and analyzed if an organization wants to do
that as part of a threat intelligence program. However, virtual browser isolation also assumes
that detection, no matter how sophisticated, will eventually fail. An advanced threat may be able
to avoid detection and make changes to the browser program or settings so that it can come
back later and compromise a system. That won’t work when virtual isolation is on the job.
Every time a browser is closed, the entire container – including any undetected threats that may
be lurking there – is destroyed. Each time a user brings up a browser, a brand-new instance is
created in an isolated container with nothing persisting from previous browser sessions. Virtual
isolation thus assumes that every browser instance has been compromised – it expects the
worst – and acts accordingly.
Using browser isolation keeps systems working outside of a firewall secure by isolating the
browser and burning it down after every use. Protection programs can still catch incoming
malware, but even if they don’t, the system is never in danger of compromise. In today’s
cybersecurity landscape where battles are fought without the benefit of a traditional perimeter,
only a robust and innovative technology like virtual isolation can keep systems working outside
of an agency completely safe from all threats – both the ones you discover, and the invisible
ones you will never see.
About the Author
Lance Cottrell, Chief Scientist, Passages – Lance Cottrell founded Anonymizer in 1995,
which was acquired by Ntrepid (then Abraxas) in 2008. Anonymizer’s technologies form the
core of Ntrepid’s Internet misattribution and security products. As Chief Scientist, Lance
continues to push the envelope with the new technologies and capabilities required to stay
ahead of rapidly evolving threats. Lance is a well-known expert on security, privacy, anonymity,
misattribution and cryptography. He speaks frequently at conferences and in interviews. Lance
is the principle author on multiple Internet anonymity and security technology
patents. He started developing Internet anonymity tools in 1992 while pursuing a PhD. in
physics, eventually leaving to work on those technologies full time. Lance holds an M.S. in
physics from the University of California, San Diego and a B.S. in physics from the University of
California, Santa Cruz. He has served on the advisory board of the UCSD Libraries and the
American Public University IT Industry Advisory Council.
78 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide