Sandboxing technology: A safety net for online threats

Author: Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto

According to figures from the Australian Bureau of Statistics, 83% of the Australian population accessed the internet last year, and in the workplace, more and more time is spent online.

Today’s technologically enabled workers expect full access to online content in order to do their jobs effectively. With the rising influence of Generation Y, an increasing number of employees expect to be able to access social media and other personal content at all times too. Indeed, K3 Managed Services found that 14% of the workforce spends almost 50% of their time surfing the internet for personal use.

It's perhaps unsurprising then that IT security breaches are at their highest level in history, with the 'McAfee Labs threats report, fourth quarter 2013' noting 288,000 global malware samples each day - around 200 per minute. Symantec's '2013 internet security report' also found that data breaches have grown by 62% between 2012 and 2013. The Heartbleed virus affected an estimated 600,000 internet sites, while an experiment by McAfee in 2014 revealed that 80% of workers fall for a phishing email at least 14% of the time.

There are a number of security strategies that IT professionals can adopt to combat this rise in security breaches. But we know from research with Ponemon, as part of the Get on with IT campaign, that perceptions of effectiveness bias efforts towards managing traditional, reactive technologies—which may be easier to implement—rather than prioritising those which are proven strategies, likely to reduce time wasted elsewhere.

The report, entitled Cyber Strategies for Endpoint Defense 2014, found an average of 31% of staff have admin privileges, increasing the risk of insider threats. Avecto’s own analysis of Microsoft’s Security Bulletins, further substantiates the benefits of removing admin rights – mitigating 92% of Microsoft vulnerabilities. So why was minimising users with admin privileges deemed the least effective of eleven security controls in our research, even less effective than updating antivirus software, when significant sources of real world data analysis contradict this perception of effectiveness completely?

Ponemon found that IT and security professionals in the US spend 34% of their time managing user profiles and 48% securing the endpoint. The challenge is therefore to determine ways to improve the IT department’s productivity and free up time to be strategic, creative and profitable.

To ensure workers have the online freedom they need while preventing attacks, a holistic approach to security based on DiD (defense in depth) strategies is needed. To combat increasingly complex attack vectors, organisations need to adopt a layered strategy that prioritises high-impact solutions, such as privilege management, application whitelisting and patching.

However, sometimes advanced persistent threats can still slip through the net. Vulnerabilities in web browsers, Java and software such as Adobe Reader and Microsoft Office still exist and malicious code can enter a network as workers go about their daily tasks if the latest patches are not in place.

To close the gap, organisations can turn to sandboxing, which safely contains web threats, isolating any malicious activity. This final layer of defense allows individuals to browse the web freely, so that productivity is unaffected.

Layering and prioritising technologies

The Australian Department of Defence names application whitelisting and privilege management as part of its four key mitigation strategies, alongside patch operating system vulnerabilities and patch applications. By implementing these four quick wins, real world data shows that 85% of cyber intrusions can be stopped.

With a solid security foundation in place, the challenge is to find a solution to mitigate the biggest window of opportunity for malware to enter the network: the internet. Employees browsing websites carrying hidden threats or opening untrusted documents are becoming direct targets for attackers. Vulnerabilities in software and applications such as Java, Silverlight and Adobe Reader can result in an employee being unknowingly compromised simply by viewing a website or downloading a document.

So that user productivity is unrestricted, there is a need for internet sites and documents to be isolated from sensitive private data whilst still being viewable by the user—their online activity is protected by a safety net.

This is where sandboxing comes in. Effective sandboxing is seamless to the end user, keeping untrusted documents in a contained environment, preventing malware from executing.

Documents downloaded from the internet are automatically merged with the user's profile, allowing them to edit, save and print as normal while the file remains protected by the safety net of the sandbox. However, any private files are protected and when reopened, they will automatically remain isolated; increasing security without impacting on the user experience.

With solid security foundations in place with privilege management and application control, sandboxing is the natural third pillar in an effective endpoint security strategy.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags social mediaEnex TestLabVulnerabilitiesmalwareemployeesmcafeegeneration yAustralian Bureau of StatisticsPonemononline threatsAvectoCSO Australiadirectors for CSO AustraliaIT security breachesHeartbleed virusCyber StrategiesSandboxing technology

Show Comments