SlideShare a Scribd company logo

Browser isolation (isc)2 may presentation v2

Wen-Pai Lu
Wen-Pai Lu

Browser isolation provides protection for your devices from malware, phishing and many other web-based attacks. The air gaps between your browser and the devices you're on isolate all your browser activities from being affected your devices, thus protect you from malicious attacks.

1 of 41
Zero-Trust Breach Protection Browser Isolation 1 Wen-Pai Lu May 14, 2019 (ISC)2 Silicon Valley Chapter
Contents • The Problems? – Phishing, Malicious Web Sites, Threat injections • Current available solutions • What is Browser Isolation? • Two types of Browser Isolation – Client side – Server Side • Current players • Issues & Challenges 2
It starts with the Wild Wild Internet 3
Update Your Official Record
Phishing Example – Services Restart your membership Suspended Account
Phishing Examples – Bank Account 6
Phishing Examples – Unexpected Refunds and Payment 7
Spear-Phishing Examples Sent “From” Recipient’s Bank Sent “From” Recipient’s CFO 8
Spear-Phishing Examples From Recipient CEO 9
How to Id Phishing 10
Malicious Websites and Drive-by Download • Suspicious Domain on the Internet from isc.sans.org* – Malware Domain List.com – Domain Blocklist From Malwaredomains – Abuse.ch Ransomware Domain Blocklist – Threatexpert.com Malicious URLs – Virustotal Domains – Zeus Command And Control Server from Abuse.ch • Malware Domain List – https://www.malwaredomainlist.com/ • Drive-by Download – concerning the unintended download of computer software from the Internet [wiki] – Downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically. – Any download that happens without a person's knowledge, often a computer virus * https://isc.sans.edu/suspicious_domains.html 11
The Data say … 12
Breaches • 2014 Yahoo had at least 500 million user accounts were affected • 2015, Office of Personnel Management (OPM) had experienced two separate incidents that affected 22 million personnel files • 2017, Equifax and 2018, Marriott • Cyber crime will cost the world $6 trillion annually by 2021, from $3 trillion in 2015* • In 2018, average cost of a data breach is $3.86 million, up 3.86% from 2017§ – Mean time to identify a breach in 2018 was 197 days – Meantime to contain a breach in 2018 was 69 days • Average cost for each lost record rose from $141 to $148 in 2018 Cost of Data Breach Study • From 2009 to 2018, the total number of malware incidents grew from 12.4 million to 812.67 million • Number of crypto malware incident remained < 1 million in 2017, but skyrocketed to 5.5 million in 2018 • Worldwide spending on information security products and services was at 86.4 billion in 2017, up 7% over 2016 (Gartner Report) * 2017 Annual Cybercrime Report from Cybersecurity Ventures § 2018 Data Breach Study by Ponemon Institute, 13 https://www.bloomberg.com/graphics/corporate-hacks-cyber-attacks/
14 https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ World’s Biggest Data Breaches & Hacks
15 from the user's physical desktop and enterprise network, any attacks on the remote browser session are constrained in their ability to cause damage. Every browser session is isolated and treated as if it might have been compromised and, ideally, every session is reset back to a known good state from immutable templates when completed. The very act of users browsing the internet and clicking on URL links opens the enterprise to significant risk. Symantec's  2017 Internet Threat Report (https://www.symantec.com/security-center/threat-report) found that an average of 2.4 new browser vulnerabilities are discovered per day, and its labs detected an average of 229,000 web-based attacks per day. In the Kaspersky Security Bulletin: Overall Statistics for 2017 report, 1 browser-based exploits still represented the bulk of exploits used in cyberattacks (see Figure 2). Figure 2. Distribution of Exploits Used in Cyberattacks, by Type of Application Attacked, November 2016 to October 2017 Source: Adapted from Kaspersky Lab Attacking through the browser is too easy, and the targets are too rich. Depending on the nature of the underlying vulnerability What Symantec 2017 Internet Threat Report: • An average of 2.4 new browser vulnerabilities are discovered per day • An average of 229,000 web-based attacks per day • 76% of all websites contain a critical vulnerability Kaspersky Lab
It’s all Because of … 16
17
18
What Can We Do? 19
Provide Protection • Perimeter-based – Firewall – Secure Web Gateway – Web Application Firewall – Signature-based Malware Scanning – AI/ML • Endpoints – Anti-Virus – Malware Detection – Agent-based – Device Control – Endpoint intelligent – Asset Management – Compliance 20
Do they works? May be… • Agent-based software • Scale – # of endpoints – Platform manageability and scalability • Resources – Resource-intensive platform productivity • Accuracy and Efficacy – Detection rate – False positive • Administration and Deployment – Large enterprises – Small business • Can’t effectively protect 21
So… What is the Alternative? 22
23
Security Through Physical Isolation 24 Internet Enterprise Air Gapping
We Know that … • Web-based attacks prevention is the goals but difficult to achieve • Perfect prevention of breaches is not possible. Strategy must be the isolation and containment of an attacker’s ability to do damage • Browser-based attacks are primary threat vector • Vulnerable browser and plug-ins are easy targets • It is never good enough no matter how good we do patching and attacks blocking • Need to acknowledge and accept some attacks will succeed no matter what we do • Should focus on contain attackers’ ability to cause damage and reduce attack surface 25
Browser Isolation Concept
The Browser Isolation Provides … • Using browser isolation can separate end user internet browsing session from enterprises endpoints and networks • Browser isolation can dramatically reduce web-based attacks • An air-gap between the device and the browser • Detach web browser from the endpoint. • Software to secure endpoints by providing end-users with virtual, abstracted web browser • Protection from intrusion or malware injection, only browsers, not devices, are infected • Zero Trust Framework 27
Browser Isolation Types 28
29
Client-Based Browser Isolation • Actual isolation on the user local machine • Create new virtual instance in the client • Local hypervisor • Advantages – No need additional server – Leverage local machine computing resources • Problem – Physical isolation? – Potentially break out the virtual instance 30
31 Internet Content Rendered Into stream of pixels Back to devices Attacks isolated HTML5, Web Apps Email, PDF, DOC JavaScript, WebApps Browser Servers Out-of-band Attacks
Server-based Browser Isolation • Isolation on remote machines • New virtual instance created for each session • VM or container based • Advantages – Better Isolation – No Agent software installed – Can implement without any changes • Problem – Need appliance/server – Bandwidth 32
The Players 33
Current List of Players • Apozy • Appsulate • Authentic8 Silo • Bromium • Cigloo • Crusoe Isolation Platform • Cyberinc Isla • Cyberwall • Ericom Shield • Garrison • Light Point Web • Menlo Security • Ntrepid Passages • ProofPoint • Randed Isolation Technology (RITech) • Symantec Web Isolation (acquired FireGlass) • WebGap 34
Benefits and Challenges 35
Benefits • Completely isolated browser activities and the devices • Agentless implementation – in server-based • Breaches in the browser do not affect devices • Protect from unpatched browsers and plug-ins • Effectively web-based cyber attacks and malware protection • Browser session reset to a known good state after use • Centralize policy management • Additional security functions with SWG, WAF, etc. 36
Challenges • Latency • Performance • Bandwidth • Scalability & high availability • Cloud-based vs. on-prem • Seamless experiences • Some browser capabilities may be limited (cut/paste) • Mobile devices 37
Browser Isolation Services Internet Cloud Browser Services DMZ On-prem Appliance Content Rendered Into stream of pixels Attacks isolated HTML5, Web Apps Email, PDF, DOC JavaScript, WebApps 38
Summary • Provide alternative for isolating and containing attackers’ ability to damage • Reduce of web-based attack impact and breach prevention • Eliminate the persistent of undetected and stealthy attacks • Isolated user activities from Internet attacks • Current adoption rate is 1% in 2017 to 25% in 2022* • Organization can experiences 70% reduction in attacks that compromised end-user systems* • Still have some challenges. Plan carefully. • Start with high-risk user groups (financial, etc.) 39 * March 2018 Gartner Report on Remote Browser Isolation
40
41

Recommended

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
Vipin Batra
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud security
Cloud securityCloud security
Cloud security
Purva Dublay
 
Cloud computing hybrid architecture
Cloud computing hybrid architectureCloud computing hybrid architecture
Cloud computing hybrid architecture
Abhijeet Singh
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
Denitsa Dimova
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Responsive web design ppt
Responsive web design pptResponsive web design ppt
Responsive web design ppt
NAWAZ KHAN
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
Mohammad Ilyas Malik
 

Recommended

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
Vipin Batra
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud security
Cloud securityCloud security
Cloud security
Purva Dublay
 
Cloud computing hybrid architecture
Cloud computing hybrid architectureCloud computing hybrid architecture
Cloud computing hybrid architecture
Abhijeet Singh
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
Denitsa Dimova
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Responsive web design ppt
Responsive web design pptResponsive web design ppt
Responsive web design ppt
NAWAZ KHAN
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
Mohammad Ilyas Malik
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptx
EverestMedinilla2
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service ModelsAbhishek Pachisia
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
amiable_indian
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
Zachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureZachman Enterprise Security Architecture
Zachman Enterprise Security Architecture
Joaquin Marques
 
Web engineering lecture 1
Web engineering lecture 1Web engineering lecture 1
Web engineering lecture 1University of Swat
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloud
rohit_ainapure
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Deployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptxDeployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptx
Jaya Silwal
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
kinish kumar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
client-server.pptx
client-server.pptxclient-server.pptx
client-server.pptx
EbukaChikodi
 
Best cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKBest cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CK
Shriya Rai
 
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Simplilearn
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
SecureDocs
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 

More Related Content

What's hot

Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptx
EverestMedinilla2
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
amiable_indian
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
Zachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureZachman Enterprise Security Architecture
Zachman Enterprise Security Architecture
Joaquin Marques
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloud
rohit_ainapure
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Deployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptxDeployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptx
Jaya Silwal
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
kinish kumar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
client-server.pptx
client-server.pptxclient-server.pptx
client-server.pptx
EbukaChikodi
 
Best cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKBest cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CK
Shriya Rai
 
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Simplilearn
 

What's hot (20)

Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptx
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
Zachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureZachman Enterprise Security Architecture
Zachman Enterprise Security Architecture
 
Web engineering lecture 1
Web engineering lecture 1Web engineering lecture 1
Web engineering lecture 1
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloud
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Deployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptxDeployment Models of Cloud Computing.pptx
Deployment Models of Cloud Computing.pptx
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
client-server.pptx
client-server.pptxclient-server.pptx
client-server.pptx
 
Best cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKBest cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CK
 
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
 

Similar to Browser isolation (isc)2 may presentation v2

Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
SecureDocs
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
schwarz10
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
Cybryx
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
Cristian Garcia G.
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
Panda Security - Endpoint Protection Plus
Panda Security - Endpoint Protection PlusPanda Security - Endpoint Protection Plus
Panda Security - Endpoint Protection Plus
Panda Security
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)
Priyanka Aash
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
Jim Kaplan CIA CFE
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
Netpluz Asia Pte Ltd
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)
Ben Woelk, CISSP, CPTC
 

Similar to Browser isolation (isc)2 may presentation v2 (20)

Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
Panda Security - Endpoint Protection Plus
Panda Security - Endpoint Protection PlusPanda Security - Endpoint Protection Plus
Panda Security - Endpoint Protection Plus
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Cloud security
Cloud securityCloud security
Cloud security
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

Browser isolation (isc)2 may presentation v2

  • 1. Zero-Trust Breach Protection Browser Isolation 1 Wen-Pai Lu May 14, 2019 (ISC)2 Silicon Valley Chapter
  • 2. Contents • The Problems? – Phishing, Malicious Web Sites, Threat injections • Current available solutions • What is Browser Isolation? • Two types of Browser Isolation – Client side – Server Side • Current players • Issues & Challenges 2
  • 3. It starts with the Wild Wild Internet 3
  • 5. Phishing Example – Services Restart your membership Suspended Account
  • 6. Phishing Examples – Bank Account 6
  • 7. Phishing Examples – Unexpected Refunds and Payment 7
  • 8. Spear-Phishing Examples Sent “From” Recipient’s Bank Sent “From” Recipient’s CFO 8
  • 10. How to Id Phishing 10
  • 11. Malicious Websites and Drive-by Download • Suspicious Domain on the Internet from isc.sans.org* – Malware Domain List.com – Domain Blocklist From Malwaredomains – Abuse.ch Ransomware Domain Blocklist – Threatexpert.com Malicious URLs – Virustotal Domains – Zeus Command And Control Server from Abuse.ch • Malware Domain List – https://www.malwaredomainlist.com/ • Drive-by Download – concerning the unintended download of computer software from the Internet [wiki] – Downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically. – Any download that happens without a person's knowledge, often a computer virus * https://isc.sans.edu/suspicious_domains.html 11
  • 12. The Data say … 12
  • 13. Breaches • 2014 Yahoo had at least 500 million user accounts were affected • 2015, Office of Personnel Management (OPM) had experienced two separate incidents that affected 22 million personnel files • 2017, Equifax and 2018, Marriott • Cyber crime will cost the world $6 trillion annually by 2021, from $3 trillion in 2015* • In 2018, average cost of a data breach is $3.86 million, up 3.86% from 2017§ – Mean time to identify a breach in 2018 was 197 days – Meantime to contain a breach in 2018 was 69 days • Average cost for each lost record rose from $141 to $148 in 2018 Cost of Data Breach Study • From 2009 to 2018, the total number of malware incidents grew from 12.4 million to 812.67 million • Number of crypto malware incident remained < 1 million in 2017, but skyrocketed to 5.5 million in 2018 • Worldwide spending on information security products and services was at 86.4 billion in 2017, up 7% over 2016 (Gartner Report) * 2017 Annual Cybercrime Report from Cybersecurity Ventures § 2018 Data Breach Study by Ponemon Institute, 13 https://www.bloomberg.com/graphics/corporate-hacks-cyber-attacks/
  • 15. 15 from the user's physical desktop and enterprise network, any attacks on the remote browser session are constrained in their ability to cause damage. Every browser session is isolated and treated as if it might have been compromised and, ideally, every session is reset back to a known good state from immutable templates when completed. The very act of users browsing the internet and clicking on URL links opens the enterprise to significant risk. Symantec's  2017 Internet Threat Report (https://www.symantec.com/security-center/threat-report) found that an average of 2.4 new browser vulnerabilities are discovered per day, and its labs detected an average of 229,000 web-based attacks per day. In the Kaspersky Security Bulletin: Overall Statistics for 2017 report, 1 browser-based exploits still represented the bulk of exploits used in cyberattacks (see Figure 2). Figure 2. Distribution of Exploits Used in Cyberattacks, by Type of Application Attacked, November 2016 to October 2017 Source: Adapted from Kaspersky Lab Attacking through the browser is too easy, and the targets are too rich. Depending on the nature of the underlying vulnerability What Symantec 2017 Internet Threat Report: • An average of 2.4 new browser vulnerabilities are discovered per day • An average of 229,000 web-based attacks per day • 76% of all websites contain a critical vulnerability Kaspersky Lab
  • 16. It’s all Because of … 16
  • 17. 17
  • 18. 18
  • 19. What Can We Do? 19
  • 20. Provide Protection • Perimeter-based – Firewall – Secure Web Gateway – Web Application Firewall – Signature-based Malware Scanning – AI/ML • Endpoints – Anti-Virus – Malware Detection – Agent-based – Device Control – Endpoint intelligent – Asset Management – Compliance 20
  • 21. Do they works? May be… • Agent-based software • Scale – # of endpoints – Platform manageability and scalability • Resources – Resource-intensive platform productivity • Accuracy and Efficacy – Detection rate – False positive • Administration and Deployment – Large enterprises – Small business • Can’t effectively protect 21
  • 22. So… What is the Alternative? 22
  • 23. 23
  • 24. Security Through Physical Isolation 24 Internet Enterprise Air Gapping
  • 25. We Know that … • Web-based attacks prevention is the goals but difficult to achieve • Perfect prevention of breaches is not possible. Strategy must be the isolation and containment of an attacker’s ability to do damage • Browser-based attacks are primary threat vector • Vulnerable browser and plug-ins are easy targets • It is never good enough no matter how good we do patching and attacks blocking • Need to acknowledge and accept some attacks will succeed no matter what we do • Should focus on contain attackers’ ability to cause damage and reduce attack surface 25
  • 27. The Browser Isolation Provides … • Using browser isolation can separate end user internet browsing session from enterprises endpoints and networks • Browser isolation can dramatically reduce web-based attacks • An air-gap between the device and the browser • Detach web browser from the endpoint. • Software to secure endpoints by providing end-users with virtual, abstracted web browser • Protection from intrusion or malware injection, only browsers, not devices, are infected • Zero Trust Framework 27
  • 29. 29
  • 30. Client-Based Browser Isolation • Actual isolation on the user local machine • Create new virtual instance in the client • Local hypervisor • Advantages – No need additional server – Leverage local machine computing resources • Problem – Physical isolation? – Potentially break out the virtual instance 30
  • 32. Server-based Browser Isolation • Isolation on remote machines • New virtual instance created for each session • VM or container based • Advantages – Better Isolation – No Agent software installed – Can implement without any changes • Problem – Need appliance/server – Bandwidth 32
  • 34. Current List of Players • Apozy • Appsulate • Authentic8 Silo • Bromium • Cigloo • Crusoe Isolation Platform • Cyberinc Isla • Cyberwall • Ericom Shield • Garrison • Light Point Web • Menlo Security • Ntrepid Passages • ProofPoint • Randed Isolation Technology (RITech) • Symantec Web Isolation (acquired FireGlass) • WebGap 34
  • 36. Benefits • Completely isolated browser activities and the devices • Agentless implementation – in server-based • Breaches in the browser do not affect devices • Protect from unpatched browsers and plug-ins • Effectively web-based cyber attacks and malware protection • Browser session reset to a known good state after use • Centralize policy management • Additional security functions with SWG, WAF, etc. 36
  • 37. Challenges • Latency • Performance • Bandwidth • Scalability & high availability • Cloud-based vs. on-prem • Seamless experiences • Some browser capabilities may be limited (cut/paste) • Mobile devices 37
  • 39. Summary • Provide alternative for isolating and containing attackers’ ability to damage • Reduce of web-based attack impact and breach prevention • Eliminate the persistent of undetected and stealthy attacks • Isolated user activities from Internet attacks • Current adoption rate is 1% in 2017 to 25% in 2022* • Organization can experiences 70% reduction in attacks that compromised end-user systems* • Still have some challenges. Plan carefully. • Start with high-risk user groups (financial, etc.) 39 * March 2018 Gartner Report on Remote Browser Isolation
  • 40. 40
  • 41. 41