Isolating browsers from the web’s ‘cesspool’: Why Symantec bought FireGlass

Last year a report by the ubiquitous technology analysis company Gartner concluded that browser isolation — a concept employed by fewer than 1 percent of enterprises — would mushroom to a 20 percent adoption rate by 2021 because of the way the internet has become a “cesspool” of malicious content.

Security giant Symantec is betting that Gartner report becomes a reality, having announced the acquisition of Israeli start-up FireGlass for an undisclosed sum last week.

“When you install this technology [in an enterprise network], you end up with a 70 percent reduction in the number of events reported to the security operations center,” Symantec CEO Greg Clark told CyberScoop, calling it “a huge step forward that no one can ignore.”

Browser isolation works by executing code from a website, email or plugin in a so-called DMZ, a sealed, disposable container on a server remote from the endpoint — computer, smartphone, tablet — that the user is employing. All the endpoint receives is an image of the content the user wants to look at.

The endpoint, and the corporate network to which it’s connected, is otherwise isolated.  Visual information, like an HTML 5 feed, goes to the endpoint, while mouse and keyboard actions travel to the remote container. At the end of the web session, the DMZ container is collapsed, along with any malware that’s picked up.

Source: Gartner

“Since the vast majority of attacks on enterprises are carried over the public internet, simply moving the browsing process directly from the end-user device and getting it off of the enterprise network will reduce the impact of an attack,” states the Gartner report.

Clark said that Symantec would develop an on-premise version of the technology, aimed specifically at federal customers who don’t want or aren’t allowed to use the cloud-based version.

“We want to sell it the way you want to buy it,” he said.

Fireglass CEO Guy Guzner has said that browser isolation is a development of earlier technologies like virtual desktops or thin clients. Fireglass is one of a half-dozen or so companies offering browser isolation solutions, with others including Authentic8, Aurionpro, Digital Guardian, Light Point Security and Menlo Security, according to Gartner.

“These guys are the leader, we’re buying the leader,” said Clark. “We’re the king of the web gateway and number one player in email security and this fits in perfectly with those.”

Gartner says there are risks with adopting the technology, most notably that the remote container becomes both a target for attackers and single point of failure for the enterprise. If the containers are offline, the users cannot access the internet so “a high availability architecture is essential,” the report states.

“The browser servers [housing the DMZ containers] are multi-tenant and will themselves become a target for attack … a compromise of the host OS could lead to a loss of isolation,” the report states.

“Anything that can drop SOC events by 70 percent, every CISO needs to look at that,” said Clark. “The technology radically reduces the attack surface … It has a huge effect on the ability of malware to actually get inside the company.

The technology still has hurdles to cross if it is to become ubiquitous. The Gartner analysis states that most browser isolation instances are Linux-based, meaning they cannot run Microsoft Edge or Apple’s Safari browsers. And of course, any applications which rely on the endpoint’s microphone or the camera, like video conferencing, won’t work either.