Spikes Security launched the Isla family of Web malware isolation appliances which are designed to protect against malware delivered through Web browsers.
Isla is designed to eliminate this attack vector by processing all Web content on secure appliances deployed outside the network, where content remains in hardware-isolated virtual machines (VMs) created for each user session.
All Web content – audio, video, text, and graphics-- is then continuously transformed into a malware-free format and delivered to end user browsers using technology developed by the company. No original Web content is ever delivered to endpoint devices.
"The Web browser has become the most strategically important and widely used application in business today. Unfortunately, it is also the application most vulnerable to cyber-attacks for two reasons," Branden Spikes of Spikes Security, told eWEEK. "First, every browser offers cyber- criminals a massive attack surface loaded with software vulnerabilities that can be easily exploited through targeted malware. Second, browsers are unique because they are the only application permitted to download program code from unknown, untrusted external sources, then fully execute that code inside a secure network."
Key features of Isla include secure, hardened Linux appliances optimized for high performance, isolated Web sessions and private VMs completely isolated from each other, with additional hardware-assisted isolation using Intel-VT processor extensions.
"We recently conducted research projects in conjunction with the Ponemon Institute and Enterprise Strategy Group, which showed most organizations actually do a pretty good job of keeping their browsers up to date and properly patched as needed," Spikes said. "In addition, these customers take cyber-security seriously and typically build a multi-layer, defense-in-depth architecture designed to detect and block Web malware attacks. And yet, despite these best practices, they still suffered an average of one successful breach every week in 2014."
Isla is currently in limited release, with general availability scheduled for later in the third quarter of the year.
Pricing starts at $35,000 for the Isla appliance, plus an annual software license for Control Center and multiple customer support options.
"The root cause of the browser security problem is that there is no detection-based technology capable of preventing 100 percent of all Web malware attacks. There simply is no such product, and never will be," Spikes said. "Our view is that the only way to solve this problem is to stop detecting, assume all Web content is bad, then isolate everything off the endpoint and outside the network. That is what we’ve achieved with Isla. It essentially creates an external island where malware goes to die, while users inside the network enjoy complete Web freedom without fear of attack."