Kowsik Gu­ruswamy, Menlo Se­cu­rity

Kowsik Gu­ruswamy, Chief Tech­nol­ogy Of­fi­cer, Menlo Se­cu­rity

HWM (Singapore) - - Contents - By Zachary Chan Pho­tog­ra­phy Or­land Pun­za­lan

What is this iso­la­tion method you’re talk­ing about?

Well, what makes the web ex­pe­ri­ence risky today are these codes, these scripts that are com­ing in. If you take away all of the scripts, all the in­ter­ac­tive el­e­ments, the web is al­most be­nign. It’s this in­ter­ac­tiv­ity that we’ve added over time, the thing that makes the web so lively, is the very thing that ul­ti­mately de­liv­ers breaches and in­fec­tions.

Most of the se­cu­rity prod­ucts today don’t do jus­tice to keep users safe. So, the con­cept of iso­la­tion is very sim­ple. In­stead of play­ing a game of try­ing to gure out what is good and what is bad, we as­sume that ev­ery­thing is bad; we take all these scripts and run them in the cloud.

So, what ac­tu­ally hap­pens?

Say I want to visit Hard­ware­zone. We put the Menlo cloud in the mid­dle, and when the Menlo cloud re­ceives my re­quest to go to Hard­ware­zone.com, it ba­si­cally gives me a brand new browser in the cloud. And it is this browser that ends up go­ing to hard­ware­zone.com and ex­e­cutes all the scripts with the as­sump­tion that ev­ery­thing is bad. When I’m done, and I close this browser in the cloud, ev­ery­thing gets deleted. That browser in the cloud? Also gets deleted. The whole ses­sion is com­pletely erased. If there was ac­tu­ally an in­fec­tion, it doesn’t have a place to linger any more and there is noth­ing to in­fect.

Our rst break­through was be­ing able to do this with mil­lions of users all do­ing brows­ing across the in­ter­net. Think of the mas­sive scale, hav­ing a mil­lion browsers in the cloud and man­ag­ing it all. The sec­ond part, which is also su­per in­ter­est­ing, is that for the user, you wouldn’t be able to tell the dif­fer­ence. All of the in­ter­ac­tiv­ity that you’re used to, the menus, scrolling, videos, ev­ery­thing still works, and feels ex­actly as be­fore.

Is this sim­i­lar to server-side com­pres­sion, that you send an op­ti­mized stream to the end user?

It’s more sim­i­lar with a vir­tual desk­top. But, a VDI en­vi­ron­ment is choppy and slow, you can’t re­ally copy and paste, and there’s just a lot of is­sues with video stream­ing tech­nolo­gies. What we’ve gured out is a way to take just the vis­ual com­po­nents of the iso­lated browser, and bring that into my (lo­cal) browser. End users don’t have to in­stall any­thing or do any­thing dif­fer­ent re­ally. The com­bi­na­tion of be­ing able to do this at scale while pre­serv­ing the user ex­pe­ri­ence is the magic Menlo brings to the ta­ble.

This sounds like a catch-all so­lu­tion to cybersecurity. Why isn’t iso­la­tion a thing?

We’re just get­ting started. It will be a thing at some point. The com­pany was formed at 2013, and our rst prod­uct was only launched in Jan­uary 2015. Our rst cus­tomer was JP Mor­gan Chase.

Well what I meant was this ap­proach to cybersecurity. Why hasn’t any­one thought this be­fore?

Well there are a few com­pa­nies that started do­ing this, and they have some vari­ance of what we do - in terms of ex­e­cut­ing a browser in the cloud. But, the part that’s su­per unique to us is our ren­der­ing tech­nol­ogy. Some of the oth­ers do this like what I told you be­fore, they run a browser in the cloud and send it to you via a video stream. Some oth­ers do this by mak­ing you in­stall a new browser, which then con­nects to their browser. If you look at the his­tory of cybersecurity, any tech­nol­ogy that forces the user to change their be­hav­iour or do some­thing un­nat­u­ral, has never suc­ceeded. The user will sim­ply go around be­cause it’s too cum­ber­some. Se­cu­rity by shack­les doesn’t work.

For this to suc­ceed, we’ve taken a lot of ef­fort to make sure the end user doesn’t know Menlo is in the mid­dle. We’ve done a num­ber of pi­lots where a small set of trial users have been put be­hind the Menlo plat­form over the week­end. They go home on a Fri­day, then IT comes in

and sets it up. Mon­day morn­ing they come in to work, they don’t know they’re iso­lated.

You men­tioned that tra­di­tional meth­ods like anti-virus and re­walls don’t do jus­tice...

If you look at the his­tory of cybersecurity, the anti-virus was in­tro­duced around 1987, I think, and the ini­tial re­walls came around the same time. I built the rst com­mer­cial in-line in­tru­sion preven­tion sys­tem around 2002. Over the course of 20 years, many prod­ucts were built around the threats at the time, so what hap­pened was that their shelf lives would be limited. Two to three years would go by after a new tech­nol­ogy is in­tro­duced and a whole new class of prob­lems would emerge and they would be­come ob­so­lete.

The thing about iso­la­tion, be­cause we’re not play­ing the de­tec­tion game, this is ef­fec­tively fu­ture proof. So, if there was a new type of threat that comes in six months from now, we don’t need to change any­thing to com­bat that threat. Just by the virtue of mov­ing the ex­e­cu­tion of all the ac­tive code to the cloud, solves that prob­lem.

Isn’t this just like sand­box­ing?

Well, a sand­box is still a way to do good vs. bad. Let’s say you have a Word doc­u­ment with macros. What a sand­box does is try to load the Word doc­u­ment in a sim­u­lated en­vi­ron­ment, and let the doc­u­ment run its course to see if the macros ex­e­cuted tried to en­crypt your le sys­tem (like in a ran­somware at­tack). If it picks up these sig­nals, it ags the le as bad. If it doesn’t, then ok, the Word doc­u­ment is ne and given back to the user. So, the sand­box is still a type of anti-virus. In­stead of ap­ply­ing sig­na­tures, it per­forms a kind of be­havioural anal­y­sis.

Again, we’re not try­ing to make a de­ci­sion if a web­site is good or bad. We’re just say­ing, ex­e­cute (ev­ery­thing) re­motely. We ba­si­cally have this dis­pos­able browser in the cloud.

If ev­ery­thing goes through your cloud, how do you stop that from get­ting in­fected?

Well, one of the things that we’re not do­ing, is that we’re not try­ing to build a bet­ter browser. What we’re us­ing in the cloud is Chrome. The en­tire Menlo iso­la­tion plat­form ar­chi­tec­ture is built un­der the as­sump­tion that the iso­lated browser is not some­how bet­ter than you (the user). We as­sume that this browser can be com­pro­mised.

So if it does, the ques­tion be­comes whether the in­fec­tion can move lat­er­ally within our cloud, and if it can some­how still de­liver the in­fec­tion to the user. Without go­ing into too much tech­ni­cal de­tail, what we’ve done is to make sure that this can­not hap­pen. So, even if the browser on the cloud gets in­fected, that in­fec­tion has no place to go.

Would iso­la­tion still work hand-in hand with tra­di­tional anti-virus?

If you talk to cybersecurity ven­dors, they will try to con­vince you there is this no­tion of a risky web. I think that’s com­pletely silly, be­cause no­body knows which slice of the web is risky. Any­thing good can go bad and so forth. Our whole vi­sion and phi­los­o­phy in the way we’re build­ing the prod­uct and the type of things we’re do­ing is un­der the as­sump­tion that we need to get to the point where we iso­late the en­tire in­ter­net for all the peo­ple. Be­cause that’s the only way to keep it risk free.

The thing about iso­la­tion, be­cause we’re not play­ing the de­tec­tion game, this is e(ec­tively fu­ture proof.

Newspapers in English

Newspapers from Singapore

© PressReader. All rights reserved.