On Feb 1, 2022, Bloomberg ran a piece of news about a cybersecurity startup seed fundraising USD100M. This number is huge for a company without any proven record of sales.
What led to such impressive, quick success then? After all, we are not talking about booming industries such as blockchain, NFT or AI related projects. This is a company proposing to do something related to very traditional and legacy software, a software that was in fact invented at the same time as the Internet. Your browser!
What's so special about a browser?
The startup name is Island and its goal is to build a secure enterprise browser. It is time to reinvent browsers, it’s the message that seems to come from investors in Silicon Valley (Sequoia Capital and Insight Partners). The browser you are using is a consumer application whose fundamental design is the same as it was back in 1995, when Marc created Mosaic. All browser variants (Firefox, Safari, Chrome, Edge or even Brave) are operating by the same logic: they download content from a web server and process the display elements (the technical term is rendering) or the interactive codes by using your PC’s memory and CPU.
Downloading files from a webserver and processing downloaded content using the PC's CPU is now one of the main attack channels. There are numerous vulnerabilities exploiting your browser to inject malicious code into your computer. This type of attack is able to cause severe damage with a one-click action by the victim user. A report from CyberRating in 2021 found that even with safe browsing enabled, Chrome browser is only able to stop 86% of attacks - comparatevily, Microsoft Edge can stop 97%. VPN is not able to stop these types of attack either since it cannot prevent content from being downloaded to your PC. Firewalls also do not stop web based attacks targeting your browser. Evan Gilman and Doug Barth explained this risk in much detail in their book Zero Trust Network.
The zero trust principle
Almost every user device (desktop computer or mobile phone) relies on the web browser to work. A successful attack achieved by exploiting the user’s browser can allow the attacker the ability to remotely control the victim’s device. Several cyber security companies have been trying to solve this problem. Anti-virus companies try to stop malicious content after it has been downloaded. Web filters go a step further by preventing such content from downloading at all. These technologies have had some sort of success and yet very often they are still unable to prevent attacks. Recently, companies and even public institutions such as the Government of Singapore have started to consider a completely different approach : ASSUME BREACH. This means assuming all defences are already compromised and the adversary is already inside the network. The “Assume breach” approach focuses on finding the traces of network intrusions and detecting lateral movements when the attacker is infecting more nodes in the enterprise network. Threat hunting and intelligence gathering hence becomes a must have for any company serious about cybersecurity. Millions are invested in attack detection technology like EDR and SIEM projects among banks and highly-regulated industries. However, all the methods or technology investments have their weaknesses. As explained in an earlier post, cybersecurity today is akin to an arms race. Public and private organizations try to defend themselves, while cyber attackers keep adjusting their tactics accordingly.
This is why a secure browser is a game changer. Companies like WebGap, Isoolate, Menlo Security, Cloudflare, Cisco, Citrix and Symantec all are offering browser isolation software that stops the downloaded content from causing damage. Windows 10 professional version also has a sandbox browser builder. The underlying idea is to treat ALL web content as malicious and do not trust anything from the web. In a secure browser of this type, the content is not elaborated by the local machine, but rendered using remote computers or via a sandbox. Island is following the same direction - which might not come as a surprise considering one of their founders Mike Fey had previously worked at FireGlass, a startup focusing on browser isolation technology back in 2017 and later acquired by Symantec.
AP Lens Private Browser
AP Lens Private Browser follows the same direction. By providing a remote browser running in a cloud virtual machine, the web content is totally segregated from the user PC’s CPU and memory. When developing our software, we interviewed CISOs in banks, hospitals and government agencies. They all said browser isolation is good from CISOs' perspective BUT users are complaining! The user experiences are not there yet. Users are not able to correctly visualise some websites due to modern web design uses many different technologies like HTML5, web components and multimedia libraries. CISOs are holding the cheque book until they see a quantum jump in user experience. What is missing in the massive adoption of browser isolation is actually NOT on its ability to stop phishing attacks or ransomware, but on user experiences. When zooming in the problem, we found that distrusting ALL web content is the root cause. It is an overkill. Why does a user need to open a banking website inside a sandbox? Websites from well-known and reputable organisations should be trusted and all the website functions are not interfered with. Browser isolation with degraded user experiences should NOT apply to all websites, unconditionally.
A new player joins the game: augmented whitelisting
AP Lens is not trying to re-invent the browser. One of AP Lens aims as a cybersecurity software is to reduce human error and de-risk phishing links. This is why, when users click on a link, AP Lens see TWO scenarios:
- Whitelisted websites: these websites have been previously marked as safe: the user can browse them as usual
- Unknown websites: the user will be sent to AP Lens – Remote Browser; like a stuntman our cloud software visits the website on the user behalf, keeping the user safe and the browsing experience unaffected.
AP Lens' approach consists into bringing together whitelisting combined with a remote browser, a solution we call augmented whitelisting. We consider this balanced approach to be the key in achieving successfull cybersecurity, bringing together safety and user experience.
How it works video?