Adopting a Zero Trust Web Policy could be the Answer to Remaining Free of Malware
Perfect prevention from malware and cyber attacks might not be possible, but with the right approach we could be close to it. Joshua Behar, President and CEO of Ericom Software discusses how Remote Browser Isolation (RBI) helps organizations to safeguard networks in a proactive manner what with the proliferation of evasive types of hacking
Today, cyber threats and attacks are more pervasive – and evasive than ever before. Inventive hackers are finding new and improved ways to penetrate networks, going beyond traditional vectors such as phishing and browser-based threats. As more businesses of all sizes come to depend on web-based applications and collaboration tools, they become increasingly susceptible to cyber attacks.
And here’s where things get lopsided – for businesses, defensive success requires deflecting 100% of the attempted attacks. Yet for hackers, just one click by one user on one malicious link results in a win. Send enough phishing emails or infect enough sites, and the law of large numbers ensures hacker success. Despite firewalls, sandboxing, anti-malware solutions, URL filtering, and more, users just don’t stand a chance against the malware flood.
The Evolution of Hackers and their Threats
The threat landscape is evolving rapidly. Malware is growing smarter and better at evading defenses, and is even available as services that help cyber criminals get started with hacking.
Companies, large and small, are increasingly falling victim to hackers. In 2017, there were 160,000 cyberattacks worldwide, nearly double the 82,000 attacks recorded in 2016. And when they are hacked, along with immediate effects, businesses face the loss of reputation, lawsuits, and financial repercussions of placing customers and employees at the risk of identity fraud.
The New Security Mantra: Trust No One
Many companies are starting to conclude that the traditional defensive approach to security is no longer enough – if indeed, it ever was. While perfect prevention remains an unreachable goal, today cyber security leaders are trying tough new proactive approaches like Zero Trust security to vastly reduce the chance of a breach.
The Zero Trust Security model posits that companies should never automatically trust anything or anyone, whether inside or outside their network – a stance borne out by high-profile breaches in which trusted insiders accessed and sold customer data, or outside hackers moved through company networks unimpeded, once they got in.
To prevent such attacks, under the Zero Trust approach, machines, networks and IP addresses are micro-segmented. Access to each segment is restricted according to verified user profiles that specify who can connect when and from where.
While the “never trust, always verify” paradigm is gaining in strength, there are several hurdles to reach widespread adoption. Extensive efforts are required to configure and maintain micro-segments, user classes and verification procedures, and slip-ups can result in work interruptions or delayed corporate transactions. In addition, complex access and authentication processes often make for a poor user experience. Users don’t want to jump through hoops to get to the tools and data they need. They want to just power on quickly and work.
The Internet cannot be Micro-segmented
As Zero Trust matures, solutions will undoubtedly emerge to streamline authentication and access management processes.
However, when it comes to internet use, Zero Trust advocates are remarkably silent. And, for good reason! It’s difficult – in fact, nearly impossible to project exactly which sites individual users will need. When organizations limit access to all but the sites known to be needed, productivity suffers for both end-users and IT staff. For end-users, because they must request – and wait for – permission to access sites that they need, and for IT teams, because they must handle constant requests to enable access to those sites.
Perhaps more importantly, even if companies were able to whitelist every possible site needed, they’d still be at risk from malware that penetrates legitimate sites. Since there is no way to know precisely what is present on any website, or prevent malicious code from running as soon as the site opens in a browser, even a Zero Trust strategy of explicit permissions leaves companies at risk from web-borne malware and threats.
Remote Browser Isolation: Zero Trust for the Web
So, how can businesses “trust no one and nothing” when it comes to the web, where there’s simply no way to actually know what lurks on a site?
The simplest way is to prevent absolutely everything from the web from touching browsers on endpoints, and spreading from there to company networks. Remote Browser Isolation (RBI) enables users to interact naturally with any site that they need, while browsing takes place from a far-removed browsing host away from vulnerable organization assets.
RBI stands out for its “trust no one and nothing” approach to all internet content. In fact, Gartner recommends that risk-averse industries such as Finance, which are increasingly adopting Zero Trust Security, should immediately implement RBI as an effective technology for protecting against “unpatched browsers and plug-ins; browser and browser plug-in zero days; and targeted attacks carried in web content.”
With RBI, when a user opens a site in a browser tab, the site actually runs on a virtual browser in an isolated disposable container remotely located in the DMZ (demilitarized zone) or the cloud. A clean data stream sent to the device browser allows users to browse naturally and interactively, in real time. When the tab is closed or the user stops browsing, the container along with all content from the site, benign or malicious, is destroyed.
Secure Future with Remote Browser Isolation
Hackers will undoubtedly continue to work tirelessly to break through networks for data that they can use and sell. But, as businesses adopt more secure measures, it’s likely that they can avoid being hacked.
Gartner recently reported that, “Through 2022, organizations that isolate high-risk internet browsing and access to URLs in email will experience a 70% reduction in attacks that compromise end-user systems.”
As smart businesses increasingly take a proactive, preventive approach to cyber security, they must carefully assess each individual threat vector and determine how to best apply the Zero Trust concept. For internet access, RBI can enable companies to avoid threats that are as yet unknown, while ensuring that users and IT staff do not lose valuable work time to irksome access requests.