Having an employee download malware from a seemingly reputable website or fall prey to a well-crafted phishing campaign are pervasive threats for today’s employers. More and more often it appears that the technical ability of the bad actor is keeping pace, or even outpacing, our ability to stand up effective defenses. In keeping with our commitment to bring our readers innovative security solutions for today’s ever-changing security environment, we are pleased to present this conversation we had with David Canellos, President and CEO at Ericom Software. Ericom Software is a leading provider of Zero Trust secure access solutions that protect organizations from advanced cybersecurity threats.
We asked David to address today’s cybersecurity threats. He told us, “80% of attacks that occur against organizations are initiated either by users browsing the web or interacting with their email. These statistics come from IDC and other established organizations that look at this kind of research. These are websites and emails containing links and attachments. They seem safe. And why do they seem safe? Well, they have been authorized and delivered by the organization’s traditional cybersecurity gateways and firewalls. As an end-user or employee, that is an implicit endorsement that all is good. But, that’s not the case. And, so how did we get here?
We can see that our environment has changed dramatically. It has disrupted the industry that we participate in, that of cybersecurity. We are now dealing with distributed data and a distributed workforce that has been enabled by mainstream or cloud computing, mobility, and high-speed data networks.”
He went on to explain the specifics of how Ericom Shield works. “We assume a zero-trust posture with websites and emails. What does that mean? That means never trust, always verify. It assumes a paradigm that says that the perimeter has dissolved around the organization and now the new perimeter is around the individual.
With this zero-trust posture, we assume that any website, any attachments, or any email links are all malicious. Therefore we isolate that end-user, which is now the perimeter, from any threat. And most importantly, while implementing this type of security, we preserve the native user experience.
What that means is that with Ericom Shield any webpage that’s accessed by an end-user is actually accessed and rendered remotely in a virtual container in the cloud where the Ericom Shield is running. And that is air-gapped from the end-user on their browser whether they are using Chrome, Safari, or Firefox Edge on their device, whether it’s a Windows machine, Mac, mobile device or their corporate network.
What this remote browser does is send the content of the webpage in the form of a safe visual stream to the user. The user gets to see the website that they’ve clicked on, and more importantly, they have no idea that Ericom Shield is actually brokering that interaction with the web. To the user, it appears they are actually on the website using their preferred browser.
There is no agent or client to install on their devices. They can click links, play videos, and download attachments. So, from the user’s point of view – and this is really important with any kind of security solution – their functionality, their productivity, and the native web browsing experience are preserved.”
When asked about performance, he replied, “We use browser pools in the cloud and we distribute our servers. So, depending on where the user is, we will connect them to a server that is close to them. This delivers an experience with no perceptible latency.
Any malware that may be embedded in a website page is executed in the Ericom remote browser and shield which is safely isolated from the user and their network. When the web session is concluded, all the contents of that virtual container are safely disposed of and any download of an attachment is scanned by the Ericom Shield sanitization service to make sure the content inside the download is safe.”
Finally, David addressed phishing specifically, as follows. “The way Ericom Shield service works when it comes to phishing is that we give organizations three options that they can configure on how to treat unknown or risky URLs.
The first option is they can block the website. If the website is unknown or if it is a sufficient level of risk Ericom Shield can be instructed to block the URL and splash a message on the end-user’s browser saying the site has been blocked because it is a suspected phishing site. It could be done for an entire categorization of many sites such as gambling sites, porn sites, or whatever the organization wants to block.
The second option is where an organization can apply a read-only policy. They want to allow end-users to browse the site, but in read-only mode. Ericom Shield will safely deliver a visual stream of the website’s contents, but will not allow the user to enter information into the webpage.
With the third option, users are warned when accessing a potential phishing site but are allowed to enter information as needed.”
While BSM has not tested Ericom Shield and cannot, therefore, endorse this solution from experience, we love the premise of running a cloud-based shield between the web and the end-user to prevent the inadvertent download of malware. Also, having options for how to be aware of and protect against suspected phishing sites is a definite benefit.