Security Market Segment LS
Thursday, 16 June 2016 00:33

A quick glance – Menlo Security


It's simple, really.  If you don't want to have a web page dump malware on your device, don't render it there.

Such is the essential premise of the Menlo Security Isolation Platform (MSIP) where all Web pages visited by any subscribing device will be rendered on Menlo Security's servers and only the resultant page, devoid of any scripts or other executable content, is delivered to the device.

In this scenario, any form of drive-by hijacking of Web pages via corrupted advertising links (or any other form of Web-sourced intrusion) is neutered by the fact that Menlo's servers are the only computing devices that will actually experience the illicit behaviour – and they're well-equipped to deal with it.

Thus, only a fully rendered "clean feed" Web page is delivered to the user.

Menlo claims that there will be "no noticeable latency" although it might well be that in fact page loading is actually improved since Menlo's servers are certainly going to be more efficient at rendering a page than the typical smartphone and the actual content delivered to the user's device has been stripped of a great deal of scripting and other background code.

After obtaining $US45 million in two rounds of fund raising, Menlo Security is ready to conquer the world with a slew of recruitments of ex-Juniper and FireEye people (amongst others).

iTWire had a chance to sit down with Peter Lunk, Menlo Security's vice-president of marketing, at a conference recently. First we were interested in what made MSIP a significant new product.

Peter Lunk: The whole purpose behind Menlo is to prevent malware from reaching the users. It's a different approach entirely. So rather than trying to make a determination of good traffic versus bad traffic at the device, it isolates the browser and removes the need for recovery.

When I load a Website onto my machine here I'm going to see the main site. Maybe it's Forbes or CNN or what have you, but I'm going to see a ton of scripts executing – ad networks, content delivery networks from all over the world. On average, you're going to load 35 different scripts. Some people are bigger offenders than others, that one [Lunk pointed to a specific item on a presentation slide] loaded over 200 scripts — that was probably an entertainment site  they tend to be the noisiest.  

And they download a bunch of code, and then, to make it worse, we fingerprinted all those servers that were providing all those scripts. Whereas your main site might be trusted – you might be going to The Straits Times or some trusted site, the scripts are coming from all manner of places. This is why we keep seeing malware infections – not that people are spending a bunch of time on sites they shouldn't be on anyway, but even legitimate sites are delivering malware.

iTWire: ...and there are regular reports of reputable sites serving "crap" which is not under their control.

Lunk: It happens. Someone compromises one of their network sites, someone forgets to renew the registration and someone else uses it to start serving malware...

The traditional way of handling this problem has been, "well, I'm going to have a whole stack of security devices and they're going to make a decision for me." Originally this started with AV and this grew to IDS systems, to sandboxing. And those guys [the 'stack of security devices' vendors] would say well we're 99 point something percent accurate at stopping things, but they won't say they're 100 percent.  It's fundamentally too hard to go to 100%.

So, rather than taking that approach, where it's really bad, we say let's take all of it and run it in isolation.  

So today, you're going to go to a Website, fetch the content, you're going to execute it and you're going to present the information; render it on your screen. Rather than doing fetch, execute and render all on your device, the Menlo approach is to say 'let's do the fetch and execute steps out on the MSIP that sits in the cloud'. So this is all happening on virtual machines, and they just provide the safe rendering information to your device. That way we don't have to make a decision on whether it's good or bad.

It's almost like IT giving you a new laptop every time you change sites, but of course there are some things that won't work. Obviously your microphone and webcam ought to be connected to a virtual machine somewhere out in the cloud!

iTWire: So, how does the system dealt with Web downloads.

Lunk: Say I wanted to download a document. MSIP would say that's probably not a good idea, do you really want to download that? What we'll do is scan it and give you a PDF.  So, if you want to pull down a PowerPoint of an Excel spreadsheet, we'll give you the same option to get a PDF, which is probably a good idea – you probably don't want to be downloading spreadsheets from random places of the Internet.

But let's say you're adamant, 'I really want to do that' – we have the settings capability where the security settings can say 'yes, you're allowed to do that' but gives you a warning to say 'are you sure you want to do that?' And if you're adamant, it will let you do it. Or you can have a security setting in there that says, 'you are NOT allowed to download Excel spreadsheets from the Internet'.

iTWire: What about image files? Does MSIP deliver the actual picture? I'm thinking about steganographically encoded images that might be embedded on a Web page.

Lunk: Yes, it is the actual image that's delivered to the user.

iTWire attended the conference as a guest of NetEvents.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News