Menlo Security: Isolation Technology Gives Malware the Cold Shoulder

Menlo Security will announce Tuesday a deal to sell its cloud-based isolation platform through value-added distributor Cloud Harmonics.

Menlo Security brings $25 million in Series B funding and a roster of Fortune 500 and financial services customers. Cloud Harmonics will provide customized training, services and support on the technology to its channel partner community.

“We are exclusively channel,” said Doug Schultz, Menlo Security’s VP of sales, Americas and Asia Pacific, in a briefing, saying the company will announce a channel chief next month.

“We’re not exclusive to Cloud Harmonics, but we’ve given them a head start,” said Schultz. “They’re unique because they provide online training not just to their VARs, but to their VARs’ customers.”

The Menlo Security Isolation Platform (MSIP) technology moves processing of web content, email links and documents, including PDFs and Office formats, from endpoints into disposable virtual containers in the cloud. End users get a mirror image of the content delivered to their browsers via proprietary clientless rendering technology. The three-year-old company doesn’t try to parse good versus malicious sites — it isolates all traffic and routes email links through the MSIP directly. Schultz says the technology is appropriate for SMBs right up to Fortune 500 companies and financial services institutions. No client agents are required, and the MSIP works with any browser or OS on any device. A virtual appliance version is available for regulated industries. {ad}

A video of the isolation process is available here.

Menlo’s model is to contain potential threats in the cloud so malware never enters the endpoint or customer network. Bromium and Spikes Security’s Isla also operate on an isolation concept, though Bromium sandboxes content in a micro VM on the client device, and Isla is a network appliance.

“Partners love this isolation approach because it takes away much of that busy work of trying to prove something that can be hard to prove and detect something that can be hard to detect,” said Schultz. “As it is now, there are still breaches, and customers are scratching their heads and going to their partners and saying, ‘Hey, what’s going on? You sold me this technology and I’m still having challenges. Can you give me some free service?’”

No. 1 Security Risk: People

While executing user sessions away from the endpoint and delivering only scrubbed content to devices should protect against most malware, including ransomware, it only works if end users don’t scheme to bypass the system. That means not slowing down browsing.

“We remove a lot of the active content and render a clean version, and a clean version is fewer megabytes,” said Schultz. As a result, customers report very little or no latency. In fact, he says the caching effect can actually improve performance in some cases.

Security teams can choose to allow some users to …

{vpipagebreak}

… bypass the technology, though the company doesn’t necessarily recommend it.

“There is a risk component to what we believe are good sites,” says Schultz. The proof is in recent reports of pages within the Harvard, Stanford and UC Berkeley Internet domains selling an assortment of drugs, including possibly counterfeit antibiotics and Viagra. Moreover, the unsupported 8.0 version of Windows Internet Explorer is the No. 3 most-used PC browser, according to NetMarketShare.

If you have customers that must allow users to extensively surf the web or use outdated browsers, isolation technology is worth a look.

A customer could also use the tech as a proxy to set rules on browsing. For example, Facebook and Twitter may be set as read-only, so a service rep could monitor for social comments but be unable to engage directly with end customers. “We’ll take the keyboard function away,” said Schultz.

The software integrates with existing security systems, such as web security gateways. Partners activate protection by configuring user browsers with proxy auto-configuration or by routing traffic using an existing web proxy. The MSIP integrates with Active Directory for single sign-on and supports SAML to integrate with cloud identity providers, including Okta and Ping Identity. It’s got other announced technology partners, including Check Point, and Schults says the tech works well with endpoint security technologies such as Cisco AMP. Partners or IT can view logs within the MSIP administrative portal and export data to SIEMs.

A value-add for customers is reporting on activity by user and web category, browsing activity to sites with known vulnerabilities, threats averted and more.

Schultz declined to discuss pricing, saying that distributors manage the cost model and that it’s tiered based on number of seats. He says the product is simple enough to deploy and manage that it’s accessible for small and midmarket shops without IT expertise.

Reaching that market is why the partner community is so critical.

“We have a partner community out there that’s focused on SMB and midmarket and want compelling technologies,” said Schultz, citing Cloud Harmonics’ experience in cybersecurity and innovative approach to distributing next-generation technologies. “But they want it to be easy to use and deploy.”

Have you looked into isolation technology? Let me know, either in comments or direct. Follow executive editor @LornaGarey on Twitter.