What is Web-delivered Malware?

Web-delivered malware is hostile code that comes in through the browser, as opposed to by email or direct attack over the network. The vast majority of successful attacks use web-delivered malware.

Protecting Against Web-delivered Malware

Existing anti-malware solutions are failing to protect businesses against malware infections coming through the browser. As a result, more than 90% of corporate security breaches come through the web.

The web creates a uniquely difficult security problem. Firewalls have to allow users to visit an enormous range of possible websites where they may access or download a huge range of content. The difficulty is compounded by the fact that the browser is requesting all these connections. It is nearly impossible for a firewall to know whether the user actually wanted a given file, or if the browser was tricked into requesting it.

In the famous words of Symantec SVP Brian Dye “antivirus is dead”. Anti-malware signatures can’t keep up with the rapid evolution of exploits and the sophistication of the techniques used to disguise the payloads.

Finally, the browser itself is a giant security problem. It is a hugely complex piece of software which can execute a number of different complete computing languages, like JavaScript and HTML5, inside web pages. On top of that, most users have Java and Flash plugins installed which add two more language interpreters. Any of those parts could, and do, have vulnerabilities which allow attackers to compromise the endpoint to deliver malware.

In face of all this risk companies need to adopt a new approach to security.

The browser and associated web-delivered malware must be contained and isolated from valuable business data and infrastructure. This simultaneously minimizes the damage from any attack, and makes mitigation much simpler.

Passages accomplishes this isolation and containment using three interlocking technologies, the Passages Virtual Machine (PVM)Passages Virtual Private Network (PVPN), and Safehold.

Passages starts each browsing session with a clean state. The PVM is started from the same clean copy each time so no malware can persist between sessions. The PVM is designed to prevent all unwanted communication between the local machine and the virtual environment. The PVM has no access to the local file system at all.

The PVPN then takes the isolation to the next level by segregating all network traffic from the browser away from the physical local network. Before the browser even launches, the PVPN is established, terminating at a point outside of the sensitive corporate perimeter. This VPN is the only route for Internet packets in or out of the virtual machine. The system is designed with fail-safes so interruption of the VPN does not create any vulnerabilities.

Finally, Safehold allows users to access files they want without allowing unintentional (drive-by) or malicious downloads. All files downloaded from the web end up in the Safehold server, where they are automatically checked by multiple best of class malware scanners. Only files that test as safe are made available to the user, who manually initiates the download. It is impossible for hostile files to accidently end up on the user’s computer.

Whether the attacker is using links in spear phishing emails or drive-by downloads, the attack is contained and quickly eliminated.