How Container Isolation Can Protect Your Critical Systems From External Threats

It’s no secret that one of the most targeted–and therefore the most vulnerable­–aspect of any organization are its people. According to Proofpoint, a shocking 99% of attacks that their researchers observed required human interaction. And this is not because users are clueless or careless, it’s because hackers make it their priority to stay as far ahead of the curve as possible and are constantly thinking of new and innovative methods of attack. This makes it impossible to train users to perfectly respond every time (although security training certainly doesn’t hurt and is a useful tool to boost overall cyber security).

At the same time, it is evident that existing technologies based around signatures and heuristics have not been enough to maintain security, even when implemented alongside a robust security strategy. So, how can organizations improve their security and keep themselves protected against malware and ransomware attacks?

Matthew McClaskey, the CTO and co-founder of Kasm Technologies, met with us to discuss these security issues and their solution – browser isolation. Browser isolation relocates the risk of browsing the web to outside of the enterprise, allowing users to seemingly experience the web firsthand, while in actuality all web interactivity is being executed in docker containers in an isolated environment. This provides separation between users and any external threats or internal data.

“Today, Kasm provides an entire platform around container streaming. This platform can be used for virtual desktops, remote work, browser isolation, or just generally streaming a remote application to an end user’s browser.”

McClaskey–as well as Kasm co-founder Justin Travis–gained most of his experience in the Department of Defense and the intelligence community, becoming a subject matter expert in cybersecurity in both offensive and defensive contexts, with much of his career involving the development of cybersecurity software.

Because Kasm streams apps or desktops to the user’s browser, they never directly connect to whatever the remote source is. “So, for browser isolation that means they can interact with the internet without actually being connected to the internet. For data loss prevention, that means they can work remotely on data without the ability to take the data, and in both use cases the end users merely interact with pixels.”

Time To Approach The Problem Of Vulnerabilities Differently

“For decades, companies have been trying and failing using signature based or heuristic based methods of detecting malware. This is absolutely a losing game.”

McClaskey, alongside his co-founder, came to the conclusion that if the more traditional methods of approaching security are failing, then it was time to try something different. The idea behind Kasm was to run the browser remotely in an isolated environment and render it to the user, thereby completely shifting the risk somewhere else.

Kasm Workspaces is containerized and does not rely on virtualization. A virtualized solution is the more traditional way to approach the problem, but without this the overhead is significantly reduced. “Additionally, the entire stack was designed from the ground up on a REST architecture” McClaskey explains, “Therefore, it scales easily both horizontally and vertically. And then, workspaces is designed to run on premise or in the cloud or in hybrid mode, where you can utilize resources that you have on premise and then dynamically scale to the cloud as demand requires it. This helps reduce the cost.”

The weakest point of any enterprise network are the users, due to how frequently they are targeted by cyber attackers, McClaskey explains. “If you give a user internet access from inside your network, you’re really putting your business at risk. Browsers, like all software, have vulnerabilities. And I know this seems crazy, but all it takes is a user to click on a link for an advanced persistent threat actor to gain complete control of that user’s computer.”

Organizations will spend millions on signature-based solutions, heuristic behavioral based solutions, and “zero-day solutions” which have machine learning capabilities. However, according to McClaskey, those are “losing strategies”. What organizations really need is to achieve zero-trust.

Zero-Trust Is The Way Forward

“The core principles behind zero trust are that you never implicitly trust any system that you need to connect to, or that has interconnections between systems. You assume everything has a vulnerability.” This is the core concept behind Kasm workspaces. It’s also the inspiration for the company name, which is a play on the word “chasm”.

Every time we go online to browse, we are downloading code from the internet and then executing it on our devices. But when using Kasm for browser isolation, none of the website content is ever actually executed on your computer. “So, we’re getting rid of that altogether, we’re executing that code somewhere else in an isolated sandbox and then streaming the remote browser to your local browser. So, this is how we enforce zero trust.”

Ransomware, which has quickly grown into one of the most significant threats facing organizations today, is constantly evolving and adapting. According to McClaskey, ransomware is such a major problem because it is relatively easy for cyber criminals to carry out attacks, the potential payout is high, and the chances of getting caught are very low. “So, organizations should protect themselves from ransomware by keeping their critical systems isolated. Critical systems should never have access to the internet, nor should they be accessed directly by other systems that have internet access.”

What this essentially means is that businesses should not allow people to VPN into the network remotely, as this is a direct network connection which can expose the network to any potential threats those people might experience.

Post-covid, it appears than many businesses will be using a hybrid work model that blends traditional in-office working with the work-from-home style we have seen adopted widely in response to the pandemic. According to McClaskey, this is likely to have an impact on ransomware, or malware in general, within enterprises.

“I think organizations need to adopt a different security strategy. Like I’ve said earlier, those traditional solutions of signatures and installing security software on PCs and VPNs, they just don’t work.”

Gain Control Over Your Environments

For organizations currently struggling with the challenges of keeping their remote network secure, McClaskey’s advice is to give up on trying to manage the security of hundreds or thousands of remote systems, and instead use a secure remote desktop solution that is accessible without a client.

“Because if there’s no client, there’s nothing to manage on the client side” he explains, “And users never make a direct connection to your enterprise network like they would with a traditional solution like a VPN. With a VDI or DaaS solution, it’s easier to secure; it does not travel with the user, and it doesn’t connect to unknown wireless networks like it would with a company laptop. The environment is completely within your control, and you control what goes in and outside of that environment.”

While browser isolation may be a difficult proposition for some organizations due to issues like scalability and cost, its worth keeping in mind the alarming rate at which organizations of all sizes and sophistication are falling victim to malware and ransomware. Traditional detection mechanisms have proven ineffective at keeping enterprises secure.

“So, our solution is to provide absolute separation.”

To find out more about Kasm Workspaces visit their website here.