Download all the web without the risk

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

HTTP cookie wikipedia , lookup

Wireless security wikipedia , lookup

Information security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Security-focused operating system wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Do Not Track legislation wikipedia , lookup

Malware wikipedia , lookup

HTTPS wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Browser hijacking wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Enable Your Enterprise to Browse
ALL THE WEB WITHOUT THE RISK
Introduction
Over 90 percent of undetected malware infects the enterprise
via the Web browser.* Historically solutions have been built
around the idea of 100 percent prevention either by removing
vulnerabilities or detecting attacks before they are executed.
Neither of these approaches has been completely effective.
In fact, Brian Dye, Symantec’s senior vice president for
information security, went as far as saying that Antivirus is dead
in a 2014 interview with the Wall Street Journal.
Browsers have become far too complex to be free of bugs and
vulnerabilities. They execute multiple types of active content,
including some or all of Java Script, Java, Flash, Active X, and
HTML 5. A flaw in any of these, or in the browser engine itself,
opens the host computer to compromise, and ultimately puts
the enterprise at risk.
Detection has similarly fallen short in the cat-and-mouse game
between attacker and defender. Encryption and malware
polymorphism allow known threats to continue to evade antimalware tools. Intelligent and targeted malware now takes care
to avoid executing in the virtual environments used by security
researchers, avoiding identification as malware. Many attacks
are starting to be highly targeted, only triggering the malignant
behavior when in the presence of the chosen victim.
The risks from browsers go beyond just malware infection.
Intentional, accidental or passive loss of sensitive information
also happens most often through the browser. Ubiquitous
active content and increasing use of encryption by websites
makes this harder to monitor and control.
The browser is the enterprise’s Achilles’ heel. Securing the
browser must be our No. 1 priority, but doing so requires a
completely different approach.
Ntrepid’s Solution: Passages
Passages is a secure, virtualized browser that evolved from
Ntrepid’s secure cyber operations platforms. These tools
allowed our government customers to engage in online
activities in extremely hostile environments without risk to the
mission or compromising their infrastructure. While many of
the capabilities in those solutions are applicable only to a few,
the security and identity control capabilities are desperately
needed everywhere.
We created Passages to address the full range of Web-based
vulnerabilities. We start from the assumption that browsers
themselves will never be invulnerable to attack, and that
many of those attacks will evade detection. The key to nextgeneration defenses is containment and mitigation. When
the browser is compromised, that should not lead to further
compromise of the host computer, exposure of company
information, or access to company assets. Furthermore,
compromises must be quickly and effortlessly repaired, and
*http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March-2013.pdf
US Patent 8,375,434 B2 System For Protecting Identity In a Network Environment - allows users
to securely browse online by masking their true location and other identifying information.
©2014 Ntrepid Corporation. All rights reserved.
www.NtrepidCorp.com
12-14-002
Enable Your Enterprise to Browse
ALL THE WEB WITHOUT THE RISK
all systems returned to a known good and pristine state at a
moment’s notice. Finally, the browser must be fully and directly
integrated into the larger enterprise through monitoring, alerting
and enabling oversight systems to ensure control over what
enters and exits the enterprise networks.
To accomplish this, the Passages secure browsing platform is
built around a conventional Web browser running in a hardened
virtual environment. The browser can only communicate with
the Internet over a secure VPN, isolating its activity from the
host network. This provides an ideal single and accessible
choke point for monitoring and filtering.
Three Paths to Security
Passages takes three paths to provide comprehensive
protection for Web activities.
• Isolate the Vulnerability
• Control Identification
• Integrate into the Enterprise
Isolate the Vulnerability
Because the browser itself can’t be trusted to remain secure,
it is critical to keep it isolated from the valuable data and
infrastructure in the business. This ensures that any malware
that penetrates the browser is contained. If it can’t access
local files or processes, it will not be able to take control of the
local host. Passages provides full system isolation through a
hardened virtual machine.
If the malware can’t even see any other devices on the local
network (printers, servers and other often poorly secured
devices), it can’t expand its beachhead to other devices.
Passages uses a VPN to create complete network isolation.
By isolating the attack within a small restricted environment,
nascent compromises can be quickly remediated. The entire
virtual machine can be destroyed and re-created from a known
good copy, in a matter of seconds. Because of the near zero
cost to do so, it can be done frequently and automatically to
remove even undetected malware.
Because all Web traffic can be constrained to come from this
single browser, all of the communications can be monitored
and stored to ensure oversight and compliance.
Control Identification
Increasingly, attacks are very narrowly targeted. For anyone
not in the target population, the malware remains completely
inert. This is a clever tactic by attackers to avoid detection and
maintain the utility of their exploits for as long as possible.
This tactic also creates an opportunity for the defender. If you
can’t be identified as who you are then the targeted malware
will ignore you.
Identification also leads to a different kind of data loss: passive
information leakage. Every website can easily monitor the
activities of all their visitors. By analyzing this activity they can
gain valuable information about investment plans by financial
institutions, acquisition plans by other companies, R&D efforts
by competitors, and more.
By hiding the identity of the visitor and preventing tracking,
Passages ensures that the website is unable to effectively
analyze or apply the information they collect.
Additionally, many websites provide different information,
including pricing, products and messaging, based on who and
where the visitor appears to be. Sometimes that information
or misinformation is targeted to competitors. In many cases
it is useful to be able to look at a website from multiple
perspectives to get a full understanding of what they are doing.
Integrate into the Enterprise
Stand-alone point solutions are no longer appropriate for
enterprise security. It is critical that all aspects of operations
and security are integrated in terms of monitoring, alerting,
deployment and maintenance. Security tools need to be able
to feed their monitoring data to a centralized repository where
anomaly detection and alerting tools can consider a holistic
view over the entire enterprise at once. Additionally, increasing
US Patent 8,375,434 B2 System For Protecting Identity In a Network Environment - allows users
to securely browse online by masking their true location and other identifying information.
©2014 Ntrepid Corporation. All rights reserved.
www.NtrepidCorp.com
12-14-002
Enable Your Enterprise to Browse
ALL THE WEB WITHOUT THE RISK
use of encryption, like SSL, and highly dynamic website
content is making firewall-based monitoring of Web activity
more difficult and less effective.
Passages provides the ideal source of ground truth about user
behavior by capturing user activity directly from the browser
before any encryption. Passages also integrates with existing
enterprise security assets already in place and is designed to
work with existing firewall, IDS, DLP, and Web filtering devices.
Furthermore, Passages leverages existing deployment and
management tools and integrates with single sign-on systems
including active directory.
Four Key Technologies
Passages’ secure browsing platform is composed of four key
components:
•
•
•
•
Virtual Machine
Virtual Private Network
Safehold
Insight
Virtual Machine
The core of Passages is a secure virtual machine (VM). When
Passages launches, it cryptographically verifies the integrity of
the ISO image used to create the virtual machine. That image
is read-only, so every time the VM is run it is guaranteed to be
clean and safe. The secure VM can run locally, or along side
the user’s image in a VDI environment.
Passages’ VM runs a hardened and lightweight Linux operating
system. We have stripped out all unnecessary components to
reduce size and minimize possible vulnerabilities. This provides
the smallest possible attack surface. Almost none of the
attacks launched are even capable of executing against a Linux
system.
Once it is proven secure, the VM boots up and locks itself
down before launching the browser. The browser is the
only part of the VM visible to the user, and from the user’s
perspective, Passages is just a standard browser. The browser
in the VM runs as an unprivileged user, further reducing the
possibility of even temporarily infecting the restricted Passages
environment.
The VM is completely destroyed at the end of every session,
or any time the user desires. This eliminates any malware,
trackers, or anything else that may have gotten onto the VM.
For user convenience, bookmarks and some other information
(as allowed by the administrator) are persisted to the Passages
servers and loaded back onto the VM each time it runs.
Virtual Private Network
Passages uses a VPN combined with routing and firewall rules
within the VM to completely isolate the VM and the browser
from the local network. As part of the lockdown phase, after
the VM boots but before the browser is launched, Passages
establishes a VPN connection to a server located in Ntrepid’s
cloud network or at a customer’s facility outside the secure
perimeter. The VM is configured so that the VPN is the only
allowed network device for any Internet traffic in or out of the
VM.
This restriction ensures that, were malware to access the
VM, it would not be able to see, map or attack any other
infrastructure within the network.
Using a second VPN from the server, users have the option
to direct their traffic through a Global IP hub of their choice,
allowing them to easily control who and where they appear
to be. This is what allows users to avoid targeted attacks
and prevent others from capitalizing on passively leaked
information.
Maximum security can be achieved by setting up the enterprise
network so the Passages VPN is the only allowed path for
Internet connections outside the local network. Passages is
easy to monitor and filter, making it the perfect platform for
DLP. Locking down other paths to the Internet forces all activity
through that choke point.
US Patent 8,375,434 B2 System For Protecting Identity In a Network Environment - allows users
to securely browse online by masking their true location and other identifying information.
©2014 Ntrepid Corporation. All rights reserved.
www.NtrepidCorp.com
12-14-002
Enable Your Enterprise to Browse
ALL THE WEB WITHOUT THE RISK
Safehold
Insight
One of the biggest vulnerabilities associated with a browser
is its ability to download files directly onto a local machine
without prior vetting. It is far too easy for hostile websites
to initiate “drive-by downloads” that will place malware on
the user’s local desktop. Passages saves all files to a folder
remotely mounted from the Passages Safehold server in our
secure cloud environment (located in Ntrepid’s data centers or
at the customer’s facility).
In the Safehold server, the files are tested against multiple bestof-class anti-malware tools. If they are shown to be safe, the
user can initiate a download to their local computer. Only safe
files that are intentionally requested by the user can ever make
it to the local desktop (although administrators can provide
access to flagged files for analysis).
SSL encryption and active Web applications make conventional
firewall-based user monitoring less effective. Insight provides
monitoring and analytics for user activity within Passages.
Activity monitoring takes place through a browser plug-in, so
it is captured directly at the source before any encryption can
take place. Insight may be configured to capture basic URL
logs or extremely detailed and granular information and file
captures.
All captured information is streamed to the Insight servers
(located in the Ntrepid cloud network or at the customer’s
facility) effectively in real time. Due to the challenges with
analyzing raw data, Insight provides two options for turning
it into actionable information. First, Insight includes a
sophisticated interactive analysis tool for quickly discovering
patterns and anomalies, and drilling down to their source.
Second, Insight can stream all the captured information into
third-party platforms already in use in the enterprise (like
Splunk) and through syslog.
Conclusion
With over 90 percent of undetected attacks coming through the browser, the
enterprise is in a perpetual state of compromise. Threats now go beyond simple
malware to highly targeted spear attacks, targeted misinformation and information
leaks. The existing browser paradigm fails to mitigate any of these vulnerabilities.
Passages is the only solution to offer the enterprise all the Web without the risk by:
• Isolating all browser vulnerabilities — ensuring that attackers are unable to
access or damage sensitive data or equipment.
• Controlling your identification — preventing targeted attacks and mitigating
passive information leakage.
• Integrating into the enterprise — guaranteeing full user oversight,
comprehensive monitoring, and central management of user Web activity.
US Patent 8,375,434 B2 System For Protecting Identity In a Network Environment - allows users
to securely browse online by masking their true location and other identifying information.
©2014 Ntrepid Corporation. All rights reserved.
www.NtrepidCorp.com
12-14-002
Related documents
Presentation PPT
Presentation PPT
Chapter 2 The Internet and Multimedia
Chapter 2 The Internet and Multimedia
Disclaimer
Disclaimer
Computer Users
Computer Users
Chapter 8
Chapter 8
URL-Uniform Resource Locator-it is the address for a web page
URL-Uniform Resource Locator-it is the address for a web page
Introduction to Web Application
Introduction to Web Application
What are Web Pages
What are Web Pages
INTRODUCTION ANATOMY OF THE COMPUTER CPU (Central
INTRODUCTION ANATOMY OF THE COMPUTER CPU (Central
here
here
Internet terms
Internet terms