Thursday, July 9, 2015

Spikes Security innovative approach to securing browser activity

Browsers present a special problem for security-conscious organizations. While essential as a ubiquitous interface to cloud-based applications, browsers also provide handy interfaces for attacks to penetrate endpoints and the network. Spikes Security is responding to this problem with a hardware appliance that hosts browser execution in a secure environment deployed outside the firewalls and away from the corporate network. The Ogren Group feels this is a significant architectural approach as it affords security teams a safe harbor for browsers, keeps attacks from spreading through the network, and provides security teams an opportunity to secure mobile browsing activity.

When an employee launches a browsing session, a secure connection is transparently made to the Spikes Security appliance. The appliance fires up a virtual image of the browser which executes in hardware-enforced isolation. The vendor promises that attacks cannot leap out of isolation to infect the network or other browsing sessions hosted on the appliance. It is a clever idea which also offers these benefits:
  1. Secure user browsing sessions, particularly those on smartphones and tablets, through a corporately supported security device without the hassles of managing endpoint software. This is huge, as IT can offer users heightened endpoint security that is transparent to browsing activity and offers a point of on-premise focus for securing cloud activity.
  2. Scan all downloads for known threats and audits mobile use of corporate resources. The IT supported appliance makes it easier to block infected downloads before the file reaches the endpoint.
  3. Accelerate the timeline for receiving the security advantages of hardware isolation to retard the spread of an attack without having to refresh PCs,  wait for Windows upgrades, or offer software solutions for mobile devices. 

Spikes Security is a new vendor so the Ogren Group recommends some practical prudence in evaluating the solution with real users. In addition to the usual growing pains of new products, there are specific issues that enterprise buyers must address during the proof of concept. These include:
  1. Ensure that users do not disable browser settings directing traffic to the security appliance. There will always be users that do not want security teams having visibility into their browsing activity - these users will be noticeable by their absence from the activity logs.
  2. Assure users that their browsing privacy is not being invaded. Use auditing responsibly - only look at browser access to corporate applications, ignore personal browsing activity and keep users on your side.
  3. Evaluate the number of concurrent browsing sessions in your organization to plan for the proper number of Spikes Security appliances, and be sure to understand the user impact if browsing demands exceeds appliance capacity.  

The Ogren Group believes this is a neat architectural approach for organizations relying on cloud-based applications - and every organization has a cloud-based application strategy. Spikes Security is a promising vendor that, with proper execution, can help organizations protect against browser-borne infections and confidential data loss.

No comments:

Post a Comment