Web Isolation as a Powerful Anti-Phishing Tool
Why Web Isolation
Email security solutions are great to prevent emails with phishing links and malicious attachments. However, these solutions may still let some phishing emails slip through. For these “false negative” emails, we need a way to protect a user who may be tricked into clicking on a phishing link or downloading an infected file in one of these emails.
What is Web Isolation
Web isolation is a technology in which the web server code is isolated from the user’s browser. This code like html and Java Scripts is run in a “cloud-based” isolated container. The code is executed and analysed in the web isolation engine and only 100% safe data is streamed to the user’s browser, which merely act as a monitor.
How can Web Isolation Protect Users from Phishing Attacks
In addition to the first layer of defence, which is an email security solution, we need a tool to deal with the few emails that slip through this first layer. Web based isolation can be integrated with your web-based emails, like Gmail, MS Exchange and Outlook for Office 365.
Web Isolation can be setup in combination with URL risk rating technology, which companies like Broadcom provide. For example, URLs with rating of 1-4 are deemed safe, URLs with rating of 5-6 are deemed suspicious and URLs with rating of 7-10 are malicious. Based on these ratings, the Web Isolation engine can be setup to analyse links in these emails based on their risk rating.
When the user opens one of these emails and clicks on a link inside it, if the link is rated safe, then we allow its data to be streamed to the user’s browser, if the link is rated malicious, then we block the user’s attempt to fetch its data and serve an error to the user. Finally, if the link is rated suspicious, we render the link’s data in the Web Isolation Engine’s Container and display a read only version of the web page in the user’s browser. This way, we prevent the user from entering her/his credentials into the login page of a “phishing site”. The logic here is that “in the vast majority of cases”, legitimate login web pages should have a low riskrating of 1-4.
When the user downloads an attachment from one of these emails, Web Isolation can have these attachment AV scanned and sandboxed. Only files that pass sandboxing are allowed to be downloaded by the user.