Menlo Security Turns to an Isolation Tactic to Limit Risks

Menlo Security emerges from stealth mode with a new platform that aims to secure enterprises by limiting the attack surface.


Web-based attacks executed over Web browsers are a common attack vector. To combat such attacks, Menlo Security today officially emerged from stealth mode with its Isolation Platform, which makes use of Linux containers to limit risks.

In addition to launching its Isolation Platform, Menlo Security announced that it has closed a $25 million Series B round of funding that included the participation of Sutter Hill Ventures, General Catalyst, Osage University Partners and Engineering Capital. Menlo Security had raised a $10.5 million in Series A funding in November 2014, bringing total funding to date for the company to $35.5 million.

Amir Ben-Efraim, co-founder and CEO of Menlo Security, said that trying to determine good versus bad Web traffic is a failing proposition, which is what led to the creation of his company's Isolation Platform.

"When a user visits a Website, we take the traffic and run it through our Isolation Platform," Ben-Efraim told eWEEK. "Inside the Isolation Platform we launch an isolated container, and that container goes to visit a Website on the user's behalf."

Ben-Efraim explained that inside the container is a full-fledged browser that will load all of the content from a given Website, running it in full isolation on Menlo Security's platform. To preserve the full user experience, Menlo Security has invented a technology it calls adaptive client-less rendering.

The adaptive client-less rendering technology takes just the presentation layer of the browser that runs in Menlo Security's Isolation Platform and enables what Ben-Efraim refers to as the browser rendering tree.

"We take the browser rendering tree and synchronize it to the user's native browser without any client software," he explained. "So basically, the native browser—be it Safari, IE, Chrome or Mozilla, doesn't matter—and the user gets a mirror image of what the Isolation Platform sees, effectively delivering a high-fidelity session while all the content is isolated on the Isolation Platform."

The container technology used by Menlo Security is open-source LXC (Linux Containers), which the company is using in a highly secured manner with locked-down configuration, Ben-Efraim said. Menlo Security is also using the open-source AppArmor mandatory access control technology to lock down processes. The whole system runs Ubuntu Linux, he added.

"The only thing that's allowed to run in our containers are the files and processes associated with the Web browser that we're running and nothing else," Ben-Efraim said.

The idea of providing an isolation experience for browsers and other applications as a way of reducing risk is not a new one. Security vendor Quarri provides its user with secure, isolated browsers. Security vendor Bromium takes its isolation approach to the client device, providing isolation on an existing desktop.

Ben-Efraim explained that his company's Isolation Platform acts as a proxy through which Web traffic is routed. The Isolation Platform is available in a hosted software-as-a-service (SaaS) offering as well as an on-premises edition. One particular type of use case that Menlo Security is aiming to enable is that of SaaS Web applications like

"We have a management platform that enables administrators to decide what they want to isolate and what they don't want to isolate," Ben-Efraim said. "We can and do support access to where you can print your screen and open documents."

Menlo Security has an additional layer of protection for Web-delivered documents, whether they come from or another source.

"So if there is a PDF document that a user downloads from the Web, it can be routed through the Isolation Platform and opened there first," Ben-Efraiam said. "If there is some form of malware in the document, the malware stays on the Isolation Platform and doesn't reach the user endpoint."

The actual content of a Web document is converted by Menlo Security into HTML5, which is then downloaded to the user's native browser, enabling the user can see online document content without being exposed to potential risks of malware execution.

From a security perspective, Ben-Efraim explained that Menlo Security is relying on isolation as the primary defense, rather than some form of threat intelligence to protect users. That said, information about malware that is executed on the Isolation Platform can be made available as a forensic feed to Menlo Security's customers.

Looking forward, the big challenge for Ben-Efraim will be figuring out what to do first when there are so many security issues that enterprises face.

"As we architect a new approach with our Isolation Platform, we can be pulled in a lot of different ways," Ben-Efraim said. "We're working with our customers and making sure we're building things that solve the biggest problems for most people first."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.