The word Isolation becomes the key words of the announcements from Symantec and Proofpoint, the two experts specialized at providing emails security solutions.
Symantec says, in its announcement,
“integrated email security solution with threat isolation technology”.
That means within an email hygiene system, the rate of real-time filtering probably has reached its ceiling. The system has to balance between effectiveness and usability. No one likes a 30-minute delay in mail due to security scanning.
Symantec continues with
“Despite significant efforts by our industry to detect and block email-borne threats, messaging remains the primary vector for malware and scams within the enterprise. The industry requires a paradigm shift to properly secure messaging”.
This has no difference as saying what can be do has already been done. The industry needs a new way to solve the same old problem.
The answer from Symantec is “Isolation”. It offers a layer of isolation between the Internet and the end users. Sounds familiar? Isn’t this a Secure Web Gateway (SWG) ? Not really. Secure web gateway handles all the web traffic. Every packet is inspected in order to stop attacks. This is a heavy-duty job calling for perfect performance.
The isolation layer, as highlight by Symantec, is more like a customized browser. Every link in inbound emails, if its nature cannot be resolved in real time, will get rewritten to the browser. In turn, when the link is actually clicked by someone, the browser will on behalf of the users, fetch web contents. Selectively, the content of the web page will be displayed. As commented in the announcement,
“Symantec Email Threat Isolation can render such sites in read-only mode which prevents unsuspecting employees from disclosing sensitive information such as corporate credentials.”,
the layer may freeze the input boxes when it feels necessary.
Is this the future? Let’s take a look at a recent announcement from Proofpoint.
Proofpoint announced its “Targeted Attack Protection Isolation Personal Webmail Defense”. It can be viewed as a response to the movement to online collaboration service.
Proofpoint clearly states it is a cloud-based solution (Symantec Isolation can be deployed as an on-premises solution).
Proofpoint doesn’t specifically mention in which way the isolation is implemented, as a in-the-cloud browser or in-the-cloud web proxy.
It’s beyond doubt that people are being defeated by email phishing. And yet traditional, static, real-time inspection method has been proven insufficient due to the dynamic nature of the Internet. It’s virtually impossible to crawl every site to determine the nature.
Instead of imprisoning mails in the queues of email gateways, redirecting end users to a place where security measures are implemented in a friendly way is a more economic solution.
Is this the future of anti-phising?
 Announcement of Symantec : http://investor.symantec.com/About/Investors/press-releases/press-release-details/2018/Symantec-Announces-Industrys-First-Integrated-Email-Threat-Isolation-Solution-to-Render-Advanced-Email-Attacks-Harmless/default.aspx