Isolation has always been seen as the ultimate defense against a malware attack— whether it's the simple act of turning off your Internet connection to keep malware from sending out purloined data to more sophisticated virtualization use cases.
The problem is that these solutions can be cumbersome for the end users. Software needs to be downloaded, load times could take longer than average.
As for disconnecting from the Internet … well that is, for many, unthinkable or at least unbearable.
Menlo Security burst out of stealth mode this week with much fanfare with the claim that it has simplified — or is that solved? — these drawbacks of isolation through its new product, the Menlo Security Isolation Platform.
How It Works
Essentially, this is how it works, CTO Kowsik Guruswamy told CMSWire.
Any content a user receives, whether it's an email, PDF, video or something else, is immediately sent to the cloud or a "virtual container," to use Menlo's word choice, where it will be accessed. The user then uses his browser to navigate to this container to read the email, click on the link or whatever.
However, the active code in the content never interacts with the browser, keeping the user's computer safe, he said. "It's still a native user experience and it doesn’t take more time or change the process from how you would normally access an email," Guruswamy said.
Meanwhile, on the backend, the virtual containers are disposed as the user access the content. A new instance is started, thus cutting off any opportunity for the malware to proliferate or escape, Guruswamy said.
No special software of modification of the browser is necessary. Instead, Menlo Security's proprietary technology, which it calls adaptive client-less rendering, takes the presentation layer of the browser and gives the user a mirror image of what is now in the virtual container.
A Step Back
Taking a step back, it is easy to see the genius of the approach. Most malware defense to date has been based on the premise that content is either "good" or "bad" or "safe" or "infected."
The IT security industry's job was to be able to tell one from the other before it was opened or allowed to enter a company's ecosystem.
Isolation, Guruswamy said, "doesn’t care if the content is good or bad. It doesn’t matter." Because the source code of the content is always executed in the cloud, the malware won't reach the end user.
Menlo Security is hardly alone as it explores isolation as a security concept.
Isolation via "virtualization and containment strategies will become a common element of a defense-in-depth protection strategy for enterprise systems, reaching 20 percent adoption by 2016 from nearly no widespread adoption in 2014," according to Neil McDonald of Gartner.
There are open source software (OSS) initiatives (Menlo Security, in fact, is based on OSS) that are focusing on this approach.
Zero Wine is one example. It's an open source (GPL v2) research project that runs the malware in a safe virtual sandbox — an isolated environment — collecting information about the APIs called by the program.
Another tool that is becoming popular is Cuckoo Sandbox, an automated malware analysis system that examines suspect files in an isolated environment.
$25 Million Series B Round
Menlo Security also announced that it has closed a $25 million Series B round of funding in which Sutter Hill Ventures, General Catalyst, Osage University Partners and Engineering Capital had participated. Last year, the company raised $10.5 million in Series A funding.
Proceeds will be used to support the company's growth, it said.
Simpler Media Group, 2015