Native Browser Isolation as an Extension | TAG Cyber

By Katie Teitler on June 25, 2020

The internet can be a scary place. Most end users don’t give much thought to browsing for information, work related or otherwise. The internet is simply a vehicle and it’s the first place most people go when they need to quickly find what they want. While an employee may be diligently looking at competitors’ websites for an assigned work project, searching for cyber security training to enhance their skills, or ordering new supplies for the office, they may inadvertently stumble upon a malicious site crafted by criminals for the purposes of stealing credentials, delivering malware, or initiating some other form of cyber attack against the user’s employer. In this sense, the device become the vehicle, but for nefarious purposes.

The ephemerality of organizations’ webpages allows crafty criminals take advantage of unsuspecting users and turn harmless web browsing into potential threats. What may look like a legitimate website could easily be an impersonation, with only minor details changed and which are invisible to the naked eye. Or the threat actor may capitalize on a common typing errors and host a malicious website where the only perceptible difference is the URL, which a user could easily typo and end up in the wrong place before noticing anything has gone awry. Without any malintent, when a person hits one of these websites, criminals can scrape all sorts of information, from cookies to the user’s browser history to saved login information.

All of this poses a problem to the user and the user’s employer, especially if the device in use is also accessing company data and systems (which is more often the case than not in today’s work from home economy). This is not a new problem-cyber crime has been around for as long as cyber space has-and in 2013, Rick Deacon and Erhan Justice decided to start a business focused on phishing and cyber security awareness campaigns. Their initial idea was to give companies workforce risk analytics that would simulate phishing campaigns, test employees’ security awareness, score behavior, and inform employers about the state of their workforce’s security readiness.

By 2017, the pair had evolved past their initial product offering and decided to pitch Y Combinator, a startup advisory and funding resource. It was there that Deacon and Erhan decided to scrap their initial idea and built a new product, today known as Apozy.

Blocking browsers from risky activity

On a recent call with Deacon, he called Apozy Airlock, the company’s current product, a “browser defense platform” that uses native browser isolation and AI to identify malicious websites and block users from browsing to them. With a 3-petabyte visual database containing nearly 68 billion indexed webpages as the intelligence engine, Airlock analyzes website information for fake pages and impersonations, homing in on everything from slightly adjusted versions of logos, color palettes that are minor gradations away from the original, or altered text sizes or fonts. More obvious visual indicators are also contained within Apozy’s database.

Apozy Airlock is installed as a browser extension which can be centrally pushed to employees and deployed in seconds, without any configuration or infrastructure changes, proxies, or enrollments. Once on the endpoint, whenever an employee browses to a website, Airlock instantly checks the site against the visual database and if the site is deemed malicious or potentially malicious, the site is converted to read-only and the real site is sent to a sandbox where it is further analyzed. This method allows employees to access the data they need without turning their device into a tool for criminal activity.

No difference in browsing experience

Deacon told us that Airlock can instantly block malicious extensions, ads, and network requests, and it replaces the SSL inspection proxy and reports all data (including incidents) back to a dashboard which can be integrated with the customer’s SIEM. Airlock can also be used to replace VPNs, which have proven to be problematic, creating latency and bandwidth issues for both employers and employees. Airlock, Deacon said, doesn’t break the user experience and is seamless to the user: “They won’t notice any difference, either in speed or access, from their insecure browsing.”

Based on our short conversation, there seems to be little downside to deploying browser defense via Apozy Airlock. It’s one more layer of security that can keep busy employees safe. One has to wonder, though, why a company like Google wouldn’t already be in this space. The browser isolation, anti-phishing, and endpoint protection markets are crowded, without a doubt, but the key to Apozy’s success appears to be in its visual database that no other company known to TAG Cyber can rival.

About TAG Cyber

Founded by Dr. Edward Amoroso in 2016, New York-based TAG Cyber democratizes cyber security research and advisory services for enterprise professionals around the world. The TAG Cyber Security Annual provides free guidance on the cyber security industry based on fifty+ identified controls. The company also offers expert consulting services, as well as a Cyber Corps platform designed to help students learn the craft of cyber defense.

About the Author

Katie Teitler is a senior analyst at TAG Cyber where she collaborates with security product companies on market messaging, positioning, and strategy. In previous roles, she has managed, written, and published content for two research firms, a cybersecurity events company, and a security software vendor. Katie is a co-author of “Zero Trust Security for Dummies.”

Author picture

by Katie Teitler

About Apozy

Founded in April of 2014 in San Francisco, we are a venture-backed motley crew of passionate hackers building cybersecurity technologies to make the world's information faster, cleaner and safer to access.