The browser has become the most important application people use, whether for accessing business applications or leisure purposes. 451 Research says three out of every four applications will be delivered via the cloud by 2017, and of course the browser is the front end to all those apps.
Unfortunately, today’s browsers are inherently insecure. If you do a search on the term “browser” in the National Vulnerability Database hosted by the National Institute of Standards and Technology (NIST), you’re likely to turn up about 700 reported vulnerabilities, many of which are high criticality. The list covers a range of browsers for PCs, Macs and mobile devices. The summaries of the vulnerabilities include scary phrases like, “allows remote attackers to inject arbitrary HTML code,” and “allows remote attackers to spoof URLs via a crafted document,” and so much more. Simply using a browser to access a website or hosted application can open a gaping hole through which attacks can gain a network foothold.
But the security problem goes deeper than browsers being vulnerable to exploits. We humans are at fault, too. We do careless things, like clicking on an unfamiliar link in an email, opening an unsolicited attachment, or visiting web pages that have been surreptitiously compromised. Our actions inadvertently lead to credentials being stolen, malware being planted and networks being hacked.
The methods used today to fix the vulnerabilities, stop the exploits and educate end users are insufficient. Too many breaches that start with the browser continue to happen. The fact is, the typical browser is outside of any sort of policy control that IT implements.
To tackle these problems Authentic8 developed Silo, which essentially runs the browser in the cloud instead of on the endpoint. The system allows the browser to run in a secure container environment in a remote location. This virtual browser isolates users from web-borne exploits and protects sensitive data by enforcing policies that control what people can and cannot do with their browser.
To get started, the user installs a client app that is said to be similar to a Webex app in that it’s small and simply displays the remote information. This app establishes a secure point-to-point SSL connection to the Silo cloud application and renders the benign image data from the remote session, but no Web code (e.g., HTML, cookies, files, etc.) is downloaded or run locally.
When a user launches Silo Authentic8 builds a one-time-use browser in a secure container in the cloud. That browser is built fresh from a clean image at the start of each session and all Web code executes in the container, not on the endpoint, so it is Authetic8’s surface area that gets exposed to exploits, threats and attacks—not the end user’s environment.
To the user it looks and feels just like a normal browser session, including full rendering of all content, web elements, audio and video, and yes, even the ads. However, all the code is executed in the cloud with only a remote rendering of that information on the client device. Authentic8 calls this an insulation layer between the Web and the client. When the user is done with his session, Authentic8 destroys the virtual machine and there is no “residue” from the session left behind.