Previous approaches towards web and email security sought to stop attacks outright. The idea was to identify every risky transaction and stop it in its tracks. This approach is increasingly being seen as untenable, as the sheer number of attack vectors increases.
An approach with growing promise is one that lets attacks occur but isolates the content so that the attack cannot cause extended harm. Essentially, it says to attackers "do your worst," secure in the knowledge that their worst will only harm a specific and contained area.
Menlo Security is one vendor trying this approach. Menlo offers an "Isolation Platform" that works by isolating all web content on the cloud, away from a user's machine. Users interact with websites, links, and documents on the cloud, without compromising the security of their physical devices or on-premises equipment.
Which all sounds great, but the issue remains about how to identify what is a threat. Menlo's new integration announcement seeks to resolve this issue. The company is integrating its platform with Webroot, itself a vendor that delivers real-time, actionable threat intelligence. The idea of the integration is to offer granular threat intelligence - it means that Menlo can have a granular approach towards policy and forensics depending on the risks involved.
It would be possible to think of this as slightly counter-intuitive. If Menlo allows risky code to run without deleterious impacts, then why do they need to classify the level of those risks at all? According to the company, the Web classification data and threat intelligence from Webroot enable administrators of the Menlo Security Web Isolation Platform to establish granular policies that selectively allow, block, or isolate websites based on a multitude of different categories. In the view of the company, this combines the productivity-enhancing benefits of advanced Web filtering with the unique malware-prevention benefits of the Isolation Platform. Additionally, the classification intelligence from Webroot augments the logs and reports provided by the Web Isolation Service, enabling administrators to track and analyze all Web usage.
I kind of get what Menlo is up to here - combining classification with isolation allows them to be more strategic with their approach towards security. That said, Menlo has gone out to market with a "damn the torpedoes, let the threats run" story, and they have a bit of a messaging job to do in order to explain the value and strategy behind this integration.
Menlo is a really interesting company taking a very interesting approach towards security. It is going to be interesting to see where the company ends up.
This article is published as part of the IDG Contributor Network. Want to Join?