- Two major announcements bring application isolation into the spotlight
- Microsoft and HP elevate the importance of isolation in the endpoint security stack
- Isolate risky browser activity, but don’t forget files are risky too
This week, two major announcements came out highlighting the need for application isolation in the security stack for endpoint security – HP DaaS Proactive Security and Microsoft Windows Defender extensions for Chrome and Firefox. The spotlight on application isolation is an excellent way to raise awareness for this technology, and I applaud HP and Microsoft for going all out with isolation as a way to boost endpoint security. Here is a closer look at what both announcements are highlighting.
Microsoft Defender Application Guard (WDAG)
Microsoft Windows Defender Application Guard (WDAG) was announced over a year ago, it introduced client virtualization on Windows. The initial release was designed to redirect untrusted (or not explicitly trusted) Edge browser activity into a VM. The end-user would surf the web using Edge, and if they typed in a URL or were redirected to a site that was untrusted, the website would open in a separate instance of Edge that was running isolated inside a VM. The end-user would have two instances of Edge running and the protected instance was noted with a red background.
Everyone was excited when WDAG came out, as browsers continue to be a major attack vector, and we even wrote a blog supporting Microsoft entering the isolation market. As any security specialist will tell you, the safest way to stop malware is to keep end-users from opening emails or surfing the web altogether. However, while true, this is clearly not practical, but isolation is the technology that can change the game. Unfortunately for Microsoft, it was not practical to expect users to abandon Chrome and Firefox for Edge. You win some and you lose some, and Microsoft did not win the browser market. BUT they also didn’t lose sight of the importance of isolating potentially risky browser activity, which brings us to their announcement this week.
Microsoft WDAG now allows users to surf the web using their browser of choice. When a user types in or is redirected to an untrusted site, the Chrome or Firefox extension directs opening of the website to Edge, which is running inside a VM. WDAG is still about client virtualization aiming to isolate risky websites into a separate VM on the user’s PC, but now the user is not required to use Microsoft Edge as their default browser. The end-user will have most of their browser activity take place in their default browser. However, when the user encounters an untrusted site, they will access that website in an isolated instance of Edge. Welcome back to browser isolation, Microsoft, and thank for you validating the application isolation market!
The second announcement this week that validates application isolation was from HP.
HP and Bromium have enjoyed a productive relationship for over two years, since HP launched HP Sure Click, which uses Bromium Secure isolation technology for hardware-enforce browser isolation. Our relationship continues to grow and evolve, and this week HP announced the next step –including Bromium Secure isolation for browsing and files in their HP DaaS Proactive Security powered by HP Sure Click Advance. This announcement further validates that major players in the hardware and software market are recognizing the need to move the responsibility for endpoint security away from the end-user. Microsoft and HP are choosing to rely on application isolation as the way to prevent malware from invading Windows endpoints and spreading onto corporate networks.
Isolate Only Browsers?
While we applaud Microsoft’s decision to use isolation for surfing the web and for links that come in emails, there’s an obvious gap in their coverage. What about emails with attachments? And how about files that users download from the Internet? Browsers are indeed a major attack vector, but files are equally a major attack vector. If you don’t think files are a threat, you might want to visit some of our latest Threat Intelligence posts below.
What do you think of this week’s announcements? Share your thoughts and questions in the comments section. Happy reading!
See Bromium threat intelligence in action:
- Location-Aware Malware Targets Japanese and Korean Endpoints
- How Ursnif Evades Detection
- Disabling Anti-Malware Scanning
- New Malware Launches in Preview Pane
- Gandcrab Ransomware Code Found Hiding in an Image
- Bromium breaks down Emotet