It’s become a commonplace in the industry that the perimeter is vanishing (if indeed it hasn’t already done so, with the possible exception of a few tightly controlled and secured enclaves). Bring-your-own-device (BYOD), pervasive mobile computing on increasingly powerful devices, and the swift movement of data and services to the cloud have all contributed to this trend. How does an enterprise approach security in this new world? We spoke with Ntrepid’s Chief Scientist Lance Cottrell about how his company sees the challenge. One thing he’s convinced of: “Detection is a failed strategy. Detection's not a bad thing; you want to detect malware but thinking you can count on detecting things is the road to ruin.”
Ntrepid began building tools for government use against extremely high threat targets, Cottrell said, and ended up realizing they had the tools to make an extremely secure web browser. “Browsers are the Achilles heel of network security,” he observed. Other aspects of a network are easier to lock down, but browsers use complex paths and very diverse interactions. By comparison with the browser, email is easy. To be sure, email probably remains the largest source, numerically, of malware attempts. “But you can also scan emails at your leisure,” Cottrell said. “You can look for patterns, whereas with web-based attacks you have a millisecond to decide whether something is good or bad, whether to let it through or not. And that requires some sort of signature-based scan which is manifestly ineffective now. So we're focused on building a technology that encapsulates the browser. The browser's too big ever to be secured itself, so we're going to wrap it inside a virtual machine. Anything that does get in is trapped, and can be easily destroyed at the end of every session whether you detect it or not.”
Cottrell thinks Ntrepid’s our core customers will be in highly sensitive businesses at considerable risk of losses through web-based attacks. They’ll also be in high-compliance industries, like financial services and healthcare. And any company that holds a lot of third-party data would be another customer—consider the reputational disaster a compromised cloud provider faces.
Scanning downloads turns out not to slow users down, Cottrell said. The number of files people actually download to their desktop turns out to be surprisingly small. Most of the time users are, say, viewing a pdf or a video in a browser, and there's no need to move anything to the normal desktop. For the few files a user actually wants to download, the system imposes a delay of only a few seconds. "This is important, because anything that's annoying to a user, they'll rapidly try to circumvent it. Experts need to stop victim-shaming. Normal people have normal work to do, and our security systems need to recognize that and work within that rather than saying ‘no, no, no, you're doing it wrong’.”