Threat Isolation – Additional Symantec Protection from Web and Email-Based Threats

In last year’s survey on top new technologies for information security, Gartner has highlighted “Remote Browser” techniques, together with ten others, that can enhance organization security. This technique significantly reduces surface area of user systems vulnerable to attacks and isolates threats by separating – isolating – end-user sessions from malicious content.

Generally speaking, 90% of all threats aimed at organizations are delivered via web and email channels – risk is created due to browser vulnerabilities; apparently legitimate but infected websites; short-lived domains used to inject malware; phishing emails and links; careless and unknowing users who open attachments and click on malicious links without checking… Threat Isolation eliminates the possibility of malicious content being delivered to the user while simultaneously solving the over-blocking issue, i.e. inadvertently prohibiting access to legitimate content.

Categorization and classification of network traffic with Symantec ProxySG Secure Web Gateway is among the best – we could even say it is THE best – in the market and extremely effective in blocking malicious content, while the Content Analysis platform carefully checks delivered files using advanced anti-virus and sandboxing features. However, users can still find themselves within so-called gray content zones – browsing unclassified, suspicious and potentially dangerous websites.

One solution is to use the Threat Isolation technique which can completely distance the user from original, potentially malicious content. Users can still access their preferred content as it was originally created – delivered pages look visually identical. However, potentially malicious elements are not delivered via the browser – JavaScript, ActiveX and VB scripts, embedded Java and Flash applets, various malicious documents, and executable files are all blocked.

Elements of accessed websites are downloaded and executed on the server, inside the isolation engine, while the user is provided with fully secured visual stream of rendered content. This way websites keep their original format, all elements and functionalities of original documents, without the possibility of malicious content reaching the user. This technology is also known as “Remote Browsing”.

Isolation can be applied to all network traffic which is why this product can be deployed as a stand-alone security solution, or as an upgrade to existing Secure Web Gateway (ProxySG, ASG) or Secure Mail Gateway installations. Integration with other web gateway solutions is also possible by using proxy chaining.

In a typical scenario, Symantec Web Isolation would be used to filter-out only the unclassified, suspicious and potentially dangerous web content; expand the number of categories and isolated network traffic for VIP users and thereby increase their protection level. Additional email channel integration (Symantec Messaging Gateway) allows rewriting potentially dangerous links that will deliver an isolated website to the end user. You could also disable various input forms and simply deliver “read-only” pages – protecting users from phishing attacks aimed at hijacking personal data and credentials.

This solution is available as an on-premise virtual appliance or cloud service, and it is possible to license isolation of complete web traffic or parts that are considered suspicious (up to 5% of total traffic).

Contact us for more information or to test this product, also make sure to view the following demonstration video:

Additional information:

• Web Isolation na Symantec.com
• Datasheet