Posted: 3 Min ReadProduct Insights

Symantec High Risk Isolation

Improving Security and Enabling Productive Web Access

If there is anything that can cause fear, it is fear of the unknown. Not knowing what lies ahead can lead to decisions made in haste and panic, potentially resulting in events that could make the situation even worse.

When users interact with the web, the sites they go to can broadly be viewed as known good, known bad and unknown. The unknown is where there is a classic security trade-off between risk and usability. Organizations can choose to either block unknown and potentially block legitimate sites (or components of those sites) or allow unknown, and depend on reactive security controls to provide protection. What if there was a better way to maintain accessibility and usability without introducing new risks?

Symantec High Risk Isolation

In order to help organizations fight back against network attacks and assure the productivity of their workers, Symantec High Risk Isolation (HRI), part of the Symantec Web Protection Suite, provides an easy way to isolate traffic that is considered risky, but which also lets users get to the where they need to be without having to deal with being blocked from sites that are legitimate.

HRI is a new cloud based capability that relies on a Symantec Intelligence Services risk level assignment: A ranking on a scale of one to ten, with one being the least dangerous risk, and ten being something that needs immediate attention. When we do risk assessments, anything up to a Risk Level of three is considered something very well-known and relatively low risk.

Low risk sites are typically major websites operated by reputable organizations. A risk level four site does not trigger any of our models and is most likely not well known enough to be considered low risk are new, hard to categorize, and until now, have been mostly unknown.

HRI is a new cloud based capability that relies on a Symantec Intelligence Services risk level assignment: A ranking on a scale of one to ten, with one being the least dangerous risk, and ten being something that needs immediate attention.

Risk Level six is the beginning of what we consider truly risky (and not just unknown).  Typically a risk level of six means that something about the site or domain triggered our models for higher risk. Risk Level seven and above are generally either associated with known malicious behavior or directly used in a campaign. We find that Risk Level five and six attacks are the sweet spots for many hackers, but companies can also be lax when it comes to addressing such issues. When a site gets categorized at Risk Level seven or higher, companies tend to be happy to block these out of hand.

With HRI, network administrators are able to isolate websites that are either unknown or assigned a Risk Level five or higher. HRI will then execute the web content remotely and send safe, rendering information to a user’s browser, and give administrators the ability to set sites as read only, if necessary, for additional network protection.

Symantec Web Isolation

Symantec Web isolation, also known as Remote Browser Isolation (RBI), isn’t new to Symantec. We dove into the technology with our 2017 acquisition of the cyber security company Fireglass. While Web Isolation can be used as a full Secure Web Gateway (SWG) replacement there are many advantages of applying it in a more targeted way. An organization can walk down risk while minimizing user and operational impacts. A very security conscious organization can choose to maximize the traffic that is isolated while another can concentrate on the highest risk traffic first and find the optimal solution.

Once implemented, Symantec Web Isolation connects the user’s browser to a disposable web browser that does the browsing for the individual. This is done with no endpoint client necessary. When someone goes to a web page, a real page is then recomputed so that a person is interacting with our web application instead of the actual web page. No original content is allowed to be sent through and multiple attack vectors are blocked in the process.

Once implemented, Symantec Web Isolation connects the user’s browser to a disposable web browser that does the browsing for the individual.

It goes without saying that changing workforce requirements over the last year has served as an impetus for organizations to rethink their network security stack. The huge surge in the number of employees working remotely because of the pandemic has only boosted the interest in web security as we have also seen an expansion in the numbers, and types of attacks. But, as we all anticipate the pandemic’s end in the foreseeable future, and the return of some employees to their offices, there is no question that a significant number of people will continue to work from home. This reality should demonstrate to enterprises to not let their guard down when it comes to their security needs, and continue to explore and consider the benefits of Symantec Web Isolation.

What HRI really comes down to is giving enterprises the ability to provide their employees with the web access they need while also ensuring that their devices are protected. It isolates web browsing privileges for authorized users, provides a seamless web browsing experience, supports all devices without the need for an agent and integrates easily with Symantec Secure Web Gateway and the Symantec Web Security Service.

Symantec Enterprise Blogs
You might also enjoy
Feature Stories4 Min Read

Symantec Named Top Player in Radicati Group’s APT Protection and Web Sec Industry Report

Technology and innovation to protect the enterprise

Symantec Enterprise Blogs
You might also enjoy
Video
Product Insights5 Min Read

Enhanced Application Visibility and Control with your Symantec Secure Web Gateway

Symantec gives customers easier, stronger ways to implement new network policies

About the Author

Christopher Newman

Senior Product Manager - Web Isolation

Christopher Newman is the Product Manager for Symantec Web Isolation. He has worked at Symantec/Broadcom for the last 4 years and has spent over 15 years in the security industry in various roles specializing in web and data security.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.