More threat actors are exploiting the browser as an attack vector, largely because it’s becoming a popular way to access corporate applications and resources. As a means to counter browser-borne malicious software—such as Trojans, worms or ransomware—Conceal, an endpoint security company, introduced this week ConcealBrowse.
ConcealBrowse, which supports all popular operating systems, can be planted on an endpoint by a network administrator where it will monitor all code as it runs to determine if it presents a threat to an organization. Suspicious content is run in isolation where, if the software is malicious, any damage it might cause can be contained.
“Any application running on the endpoint is going through our intelligence engine,” Conceal CEO Gordon Lawson tells CSO. “If it’s suspicious or unknown, it’s being pushed to an isolation environment in the cloud. I think that’s transformative because no one has done that sort of isolation technology across the operating systems like we’re doing it.”
Virtual instance adds a layer of protection
Where ConcealBrowse shines is in dealing with code that is suspicious or whose malevolence is unknown. By isolating that code in a virtual instance in the cloud, its ability to have lateral movement and do real damage when it runs is eliminated. If code exhibits malicious behavior, the virtual instance will automatically shut down.
“If malicious code makes it into the organization and a user tries to interact with it, in the worst case, it’s going to be in an offsite, cloud-based, container environment, and it won’t be able to do the damage it would usually have done,” Lawson says. “It’s a way for a company to allow its employees to do what they want on personal email but be assured that when bad things make it through, there’s a layer of protection in the enterprise to prevent negative consequences.”
ConcealBrowse does not change the user experience
According to Conceal, formally known as NetAbstraction, ConcealBrowse does not change an endpoint user’s experience when it’s moving browser sessions in and out of isolation as necessary. “The latency is much better than even Safe Links in Microsoft,” Lawson says. “It’s working very quickly and if something isn’t suspicious, it’ll let it through.”
The ConcealBrowsse agent is installed on an organization’s endpoints by a system administrator, who is given robust controls, such as single sign-on authentication, Active Directory integration, white- and black-listing, and download prohibition. “They’re really able to control user behavior in a very positive way,” Lawson says.
“The issue with some of these security controls is they can frustrate employees,” Lawson adds. “They live in an interconnected world where people have to access a plethora of applications. We’re trying to give them some flexibility, let them do their daily work, while giving an added layer of preventive medicine to the enterprise.”