In my last blog post, I discussed the benefits of using innovative approaches, to reduce the amount of cybersecurity noise your organisation has to deal with. Therefore freeing up your valuable resources to concentrate on the incidents that have the potential to have a large detrimental effect.
Here, I will touch on an innovative type of technology that I have been aware of for some time yet it puzzles me as to why more organisations are not adopting this new capability. The technology capability that I am referring to is 'isolation'.
Isolation technologies do just that. They isolate users from the raw content served to them over web and email channels, but maintain the user experience that users know and love. By completely isolating the web and email channels this means that zero malicious content is only ever executed on the end user device. It is executed within the isolation platform and dealt with as required. Depending upon which solution type you were to choose, the malicious content may never even enter your network. It could simply be dealt with in the cloud.
However, the real jewel in the crown for isolation techniques is when you start to consider how it can be applied to the email channel.
If you consider the majority of all breaches occur today due to credentials being compromised. The simplest way for an adversary to obtain credentials is to go phishing.
How do we as defenders traditionally stop phishing attacks? We use normal filtering techniques (reputation based, anti-spam etc) and rely on user education. No matter how much we educate people, this approach will always fail. An example here is the Punycode exploits we saw earlier this year, where even hovering the mouse over a link, displayed what looked to be a legitimate URL. This would have fooled anyone.
This is where isolation plays its top trump. By isolating the phishing link within the email, you can prevent a user from ever entering their credentials anywhere outside your organisation (unless explicitly allowed).
In summary, isolation has the capability to remove all web based, and email based threats, or in my case noise. So why isn't more of the market taking advantage of it? Perhaps this might change in 2018…