In the new normal where work-from-anywhere has given organizations a fresh lease of life, the role of the web browser has become even more critical. The browser is now the new endpoint that businesses need to protect from an increasing number of cyberattacks. Cyberinc, a Silicon Valley-based cybersecurity company, has endeavored to solve this puzzle with its Isla Isolation Platform. Isla uses the remote browser isolation technology to neutralize threats and prevent them in a remote, isolated environment before they can reach a user’s system. Dataquest caught up with Samir Shah, CEO of Cyberinc to understand the implications and importance of browser isolation and how it prevents sophisticated cyber threats. Shah also shared insights regarding his company’s growth trajectory and how it is helping customers globally.
DQ: What are the biggest cybersecurity challenges enterprises face today?
Samir Shah: Staying ahead of threat actors and taking preventive action before being exploited or hacked remains one of the biggest challenges for enterprises today. The key questions that plague almost every CISO are a) where are we exposed, b) when attacked, how effective are my security controls, and c) are we doing enough to minimize the business risk? In the digital age, with cybercriminals becoming smarter and more sophisticated, it is critical that businesses of all sizes and shapes hunt down threats instead of being hunted by them. Breaches are becoming commonplace as the victims of ransomware, phishing attacks, credential theft, and other attacks come from all industries. No one is immune to cyberthreats.
Further, as businesses move forward on their cloud journey, their cybersecurity challenges are leapfrogging significantly. The 2020 Trustwave Global Security Report states that the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of investigated incidents, despite the best efforts of organizations. As shown in a recent Coveware report, the average amount organizations paid for ransomware attacks increased by 60% from $111,605 in the first quarter of 2020 to $178,254 in the second quarter.
Unfortunately, organizations continue to lack sufficient cybersecurity professionals to defend systems and deal with the pace at which cyberattacks have been growing. Contrary to the law of demand, the skills gap is steadily widening in the cybersecurity domain. Studies show that the current cybersecurity workforce gap in the U.S. is nearly 500,000 and the global gap is over 4 million. And for those already in the cybersecurity profession, stress levels are only increasing. Managers struggle to find more time for the professional development of their existing staff while juggling unfilled job requisitions, even as attrition rates approach 30%.
DQ: What role does Cyberinc play for companies trying to address these challenges, particularly in the new normal when a huge majority is forced to work remotely?
Samir Shah: At Cyberinc we strongly believe in challenging the status quo. For too long, cybersecurity has evolved as a reactive domain where businesses chase attackers and people chase alerts. Businesses that find a way to get in front of threats will be the ones to succeed in the next wave of digitization, especially where remote working plays a much bigger role than ever before.
The end-user has always been one of our weakest links – so finding ways to protect them without impeding their productivity will be a game-changer for most organizations. And with cloud taking center stage at most organizations, the browser becomes an even more critical component of endpoint. A lot of the recent breaches have used the browser as a source of entry – whether via a phishing attack or a watering hole attack.
Cyberincis committed to making the Internet safer using a technology known as remote browser isolation. Built on the principles of Zero Trust security, the Cyberinc Isla Isolation Platform, is among the first remote browser isolation or RBI solution that protects businesses. The innovative aspects of the product helped us make it to Gartner’s cool vendor list.
DQ: Can you explain what browser isolation is and the value it delivers?
Samir Shah: Browser Isolation stops threats at the door by neutralizing 90% of internet-based attacks, including web, email, and document-based threats such as ransomware, spyware, phishing, social engineering attacks, malvertising, etc. Built on the principles of Zero Trust security, remote browser isolation transforms all incoming web code, renders it in a remote virtual browser and streams harmless pixels back to the user’s endpoint. In other words, actual browsing (fetching a page, executing the active elements and rendering the page) happens in a remote disposable environment and while the native browser and end-user remain safe to the exposure. It is also important to highlight that the end-user sees no change in their experience – they still continue to use the same endpoint and browsers, just with the risk shifted away.
DQ: What makes Isla stand out in the browser isolation space? What new functionalities does version 5.1 deliver?
Samir Shah: The browser isolation space has several vendors. However, not all solutions are alike. Some are implemented at the endpoint while others are implemented in the network (also known as remote browser isolation). The more prevalent implementations deploy in the network – especially given the variety of endpoints, managed / un-managed nature of endpoints as well as overall complexity.
The network solutions can be deployed as cloud-based or on-premise with different vendors offering different deployment options. Additionally, some vendors need a special browser or browser extensions, and yet others need special user training for use of RBI.
In our experience, the most successful RBI deployments minimize user experience impact while offering security, and Isla has been built to offer that. Isla Isolation Platform delivers true isolation-based security to proactively stop web, email, and document-based threats and protect businesses. Available as on-premise, virtual appliance or cloud-based service, Isla scales for small and large organizations alike. In fact, it lets you scale your security to your people, not the other way around.
Isla offers broad browser support through standard HTML5 rendering, which means no need for users to change their environment. Regardless of the browser choice, Isla provides businesses agentless isolation with a seamless end-user experience that minimizes latency and retains the native browsing experience, all while enhancing security.
The new Isla 5.1 release provides IT and security professionals a simpler, more effective, and scalable system to keep their organizations safe from cyber-attacks. It also delivers new key features critical to aid faster, more seamless deployments, including policy profiles for easier policy management, geolocation to improve the user experience, sandbox, and SIEM integration, etc. We are also excited to partner with industry leaders such as FireEye to further maximize our customers’ security.
DQ: How is the Zero Trust approach critical to safeguarding enterprise networks? What is meant when you say that the browser is the new endpoint?
Samir Shah: First introduced by Forrester analyst John Kindervag in 2010, the Zero Trust approach secures against all attacks, both external and internal, treating every interaction with the endpoint or server as a threat. The Zero Trust approach maintains strict access controls by not trusting anyone by default, even those already inside the network perimeter. ‘Never trust, always verify’ is at the core of Zero Trust to ensure that no unauthorized access is ever granted to the endpoint or network. By implementing a solution built on the principles of Zero Trust (e.g. Isla), organizations can minimize risk.
Zero Trust focuses on reducing the attack surface and impact using various technological approaches such as identity validation, privilege management, and endpoint isolation. By incorporating the right Zero Trust solutions into an organization’s security strategy, as we’ve stated in a whitepaper ‘Zero Trust: Reimagining Security for the Financial Services Industry’, it becomes possible to secure the entire portion of your attack surface from the web browser by closing the entry point to threats.
As organizations move various operations to the cloud, dependency on the browser is even more prevalent than before—thus, [SANS] are labeling the browser as the new endpoint. Many endpoint security solutions focus on detecting activities such as security bypasses, exploits and commonly used attacker commands. However, many of these activities originate with user actions such as clicking, often in a browser or an email client, a link that opens—you guessed it!—a browser.Cyberinc Research indicates that over 70% of employees use the browser for many of their daily tasks. In the work-from-anywhere model, whether you are on a managed or unmanaged device, connected from a home, work, or public network, using a VPN or not, securing the endpoint means browser security.
DQ: When approaching customers, what is your biggest challenge? Is it addressing competition or educating buyers about the need for browser isolation?
Samir Shah: Browser isolation is a relatively new category and still in its infancy. Many security practitioners are not familiar with what it is and what it does. Hence competition, even though it is there, is less a challenge than educating organizations about remote browser isolation and its capabilities.
Roughly a little more than two years ago Gartner released its report on remote browser isolation. The report underlined that the traditional detect-and-respond security approach is not sufficient to fend off web-based attacks. Instead it proposed that organizations should focus on limiting the attacker’s ability to inflict damage and reduce the attack surface. The report proposed that remote browser isolation is the ideal solution for containing attacks because it takes all web browsing activity out of the network and away from users’ devices to a remote location where malicious code does no harm. Even SANS Institute’s recent report ‘All Roads Lead to Browser Isolation’ underlines that with organizations moving several of their operations to the cloud, the browser has become the new endpoint and is a critical point of entry for attackers that needs to be secured. The report emphasizes that browser isolation can limit the impact that a browser can have on a victim system.
We’re also starting to see several businesses and government make browser isolation an important component of their security strategy. There is definitely a growing sense of realization that browser is a critical tool and solutions like browser isolation can protect businesses from web-based attacks more effectively than any other solution.
DQ: How many customers do you have and what are the industries or verticals that have reposed faith in Isla?
Samir Shah: Cyberinc has seen customers from various industries. Governments are definitely one of the leading entities looking at remote browser isolation – in fact Zero Trust is increasingly a key component in their architectures. Additionally, financial services, media & entertainment, retail and other such verticals are also looking to adopt browser isolation – to strengthen their security as well as achieve compliance.
DQ: In what ways is Cyberinc increasing its network across markets? At present, who are your partners?
Samir Shah: Cyberinc has a presence in several markets, such as North America, Asia, Middle East, etc. We are a partner-friendly organization and work with in-region partners to ensure local support. In fact, in North America, we have a strong relationship with Tech Data, a leading distributor, that has enabled us to further develop relationships with several of their resellers.