Interview: Preventing Ransomware With Zero Trust Content Security
Expert Insights interviews Henry Frith, VP of Customer Success and Sales Engineering at Votiro.
Ransomware, crypto scams, and malware continue to be major security challenges for CISOs and security teams of all sizes, driven by huge increases in malicious files and email attachments. In a digital landscape where employees have access to millions of these files at their fingertips, how can teams stop the spread of these attacks?
Henry Frith is the VP of Customer Success and Sales Engineering at Votiro, a file protection solution that sanitizes and secures documents, preventing malware from being delivered to users. He leads two sales teams at Votiro after beginning his career working in cybersecurity for the US military.
We spoke to Frith from the conference floor at Black Hat 2022 in Las Vegas to discuss the threat of these malicious files, the Votiro platform, and how organizations can get started with Zero Trust content security.
This interview has been edited for clarity and length.
What is the problem that Votiro is solving?
Bad actors are learning new ways to get past our current security stack. Think about antivirus—what does an AV vendor do? They look for “known bad” or something that’s similar to known bad.
It’s easy to obfuscate and get a weaponized file past an AV vendor. The next generation AV vendors are doing a much better job using machine learning to improve their catch rate, but things still get past.
We use sandboxes as another security control, but the sandbox impacts productivity. Users have to wait for a file to be analyzed. And again, with a sandbox we are looking for something that looks malicious, something that is acting out of the normal.
And then we have firewalls, intrusion detection, reputation lists, and all these great tools that we build into our security stack. Again, they’re all looking for the “known bad.” As a result, the unknown attacks, the zero-day attacks, the attacks that were tweaked just enough to get past the security control are a huge problem.
It’s funny, I spoke to security professionals at RSA this year, and again at Black Hat, and a lot of them will say: “We are protected, we have the security stack covered and we have all these layers of security controls.” And I ask: “How do ransomware attacks still occur? How do all the other attacks still happen?”
That’s the problem we solve. We aim to be that last level of control to eliminate any files that can be malicious that have passed through all of your other security controls.
What are we protecting against? Ransomware is the big one. But, if you look at what’s going on out there today, there are also lots of other things. There are crypto mining tools that are being installed so that bad actors can do crypto mining on using your systems. There is espionage software being installed, there are actors trying to get into the supply chain, wipers to destroy your data and the list goes on.
And they’re almost all doing this by the easiest method, and that is to get a user to open a file or click on a link. That is the primary attack vector that organizations are seeing out there today. We want to eliminate that threat when it comes to weaponized files.
How does Votiro solve the issue of unknown and zero-day malicious files?
We know these files are getting past, and still ending up on the end user’s computer. And because of new trends from COVID, like working from home, there has been rapid adoption of cloud file sharing services like Box, Dropbox, SharePoint and an endless number of other SaaS solutions. There are files coming into the organization from so many new channels, not just email. Most of these channels do not have security controls natively. There’s not even AV on most SaaS applications.
At Votiro we take a Zero Trust File Security approach. That means we don’t trust any files, no matter if it came through all your other security controls, we’re going to process it the exact same way. We do this with email, file uploads, file downloads, connectors to SaaS solutions and API integration.
When we talk about malicious files—also referred to as weaponized files—the actual payload may not even be in the file. There may just be a macro in a document or a script that pulls something malicious down from another location.
And these files—no matter what you’re talking about: Office documents, video files, PDFs, are made up of multiple smaller documents. For example, a word document may have XML files, OLE objects, macros, and images.
What Votiro does is break every file down to its basic elements. And instead of looking for anything bad in that file, we look for the known good, and then we build a new file in near real-time. As a result, it doesn’t impact user productivity and we build a new file that is safe for the user.
Gartner refers to this as Content Disarm and Reconstruction. Because that’s what we’re doing, we disassemble it and reassemble it. So, it is disarmed of anything that can be weaponized inside of it.
One of the common things we have heard, particularly since COVID, is the need to protect users who are now working in much more varied ways. They may be at home, they may be using their personal devices, all of which can create new security challenges. How does your solution solve these use cases without impacting productivity?
Since the original file never reaches the user, it doesn’t impact the user at all. They have no visibility into the fact that anything is different than what they expect, which is great.
It doesn’t matter if they’re on their mobile phone or their computer, or whether they’re working from home or from Starbucks. It doesn’t matter because the file has been sanitized before it reaches the end user. I think that’s huge because security tools are often seen as reducing productivity, but with Votiro we help to make sure companies are secure and productive.
The example I like to use is that of an insurance agent on the phone processing a claim. If you’re waiting for the person on the other end to send a photo of the car accident they just had, you’re expecting it right away, so you can keep processing the claim. If that picture must go through all these security controls that may slow it down or completely block it, we’re doing just the opposite.
Zero Trust is a huge theme in the security industry today, but we often hear from companies that it’s very difficult to implement it on a practical level. You described Votiro as a “Zero Trust File Security” approach, so how does Votiro see the importance of Zero Trust, and where would your solutions fit into that Zero Trust framework?
It’s funny, when you’re in the security department of a large corporation, right off the bat nobody likes you because they feel you’re impacting the performance of their computer and security is nothing but a pain.
Then you come in and you say: “All right, we’re going to jump on this new model, and it’s called Zero Trust! We’re not going to trust any of our employees!” I feel for the CISO’s that are trying to deploy Zero Trust. It’s a tough, tough project to take on, but it’s one that we absolutely must do.
The great thing about Votiro is that since it’s transparent to the end user that we’re even doing this Zero Trust model, it’s easy to deploy. As a matter of fact, I think it’s one of the first Zero Trust projects that companies can take on, because it’s transparent; you don’t have to tell users that they are using anything different.
You’re not trusting the files that come into the organization, so no matter where they come from, you can sanitize them with Zero Trust content security, and deliver those files to the end user.
I think that with Votiro, Zero Trust is much easier to implement than if you’re going to come in and build a Zero Trust model around identity and access. Those projects have to be done, and that’s where a lot of organizations actually start and probably should, but I’d like to see them jump into Zero Trust file security as part of that.
Finally, what would your advice be to CISOs that are dealing with those challenges that we outlined, around ransomware, crypto and the supply chain, how can they improve their security processes and get started with these solutions?
Come visit Votiro’s website and let us talk with you and explain what the technology does. We know that weaponized files and malicious files are one of the biggest threats out there today.
Find out more about Votiro here: https://votiro.com