The Acronis Global Cyber Summit 2019 will be held at the Fontainebleau Miami Beach Resort on October 13–16, 2019, and it promises to be the must-attend event for IT infrastructure managers, CIOs, service providers, value-added resellers, ISVs, and developers.
Secure browsing products & comparison
https://www.garrison.com/browsing.php
I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.
We have corporate Wifi too, so need to take this into consideration if it's relevant.
Q1:
Can suggest a few products & local resellers (if available)?
Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.
We have corporate Wifi too, so need to take this into consideration if it's relevant.
Q1:
Can suggest a few products & local resellers (if available)?
Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
I havent got any clue on the 'garrison' product yet but got a feeling
it's something like using VDI to browse Internet? For sure VMWare's
VDI is too costly for us
it's something like using VDI to browse Internet? For sure VMWare's
VDI is too costly for us
Ok, it's basically "Remote Browser" & Gartner UK listed the following players as alternatives to garrison's :
• 1. Spikes Security
• 2. Menlo Security
• 3. Light Point Security
• 4. Authentic8
• 5. Fireglass
• 1. Spikes Security
• 2. Menlo Security
• 3. Light Point Security
• 4. Authentic8
• 5. Fireglass
Basically needs reviews/comparisons of the various Secure Browsers below:
• 1. Spikes Security
• 2. Menlo Security
• 3. Light Point Security
• 4. Authentic8
• 5. www.garrison.com <== esp this one
• 1. Spikes Security
• 2. Menlo Security
• 3. Light Point Security
• 4. Authentic8
• 5. www.garrison.com <== esp this one
Type of secure browsing will be either below.
(a) client side isolation
- hosted on client and delivered to the user as a app, with browser isolation done on client.
(b) server side isolation
- hosted on server and delivered to the user as a service, with the browser isolation being done on server. Can be on-premise or remote based access to the cloud services entirely.
Criteria of secure browsing using virtual browser (VB) are mostly
1. Isolated & Remote - client or server side as mentioned in (a) and (b).
But the safest is still airgap which is why the browser isolation using server side solutions (remote) will be preferred. So a client VB within the intranet can still subject to malware if it does escape or break the isolation. So better to locate VB in the cloud or the network DMZ. The intranet need to be segregated and mostly air gap to reduce direct exposure.
2. Transparent & Built-in handling - Still need to maintain the experience and as responsive in real time. VB should not affect the look and feel of text, images, video, audio or any interactive feature in the web pages. And VB need those traffic and data be inspected and sanitised and this need to be built in as part of the solution. Most of the time is file based minimally as they are main bulk carrier for malware.
3. Clientless and Device-Agnostic - Operationalising with less hassle will be more preferred. So no installation or plug-ins, can minimise overhead and bring complexity to minimal. And the value add is to support whatever device, operating system or browser use. Part of user experience transparency too.
4. Security-First Infrastructure - The provider need to demonstrate the assurance of the infrastructure of VB. Having regular security testing regime and good compliance track record increase confidence as they are ground up with security in mind.
I did not mentioned any costing which should be another criteria to sustain the solution in long term.
With those criteria in mind, you probably can try to map to your list of option.
Authentic8 - Based on (b). Diagram speaks for itself. It has ‘disposable’ browser (non-persistent), anonymous, so not exposing IP address or affiliation. However need to install Authentic8 browser app and from there start the session. The good is that there will be tool to encrypt your data with your key, and delete your data from their services. Also no need any plugin from browser since apps "consume" this needs.
Menlo Security - Based on (b). Good isolation like Authentica8 but no client app to be installed as far as I understand. Secures not only web browsing but also email applications. Not too bad but it can have a high price tag coming with it.
Lightpoint Security - Based on (b). The difference is it does a remote based access, no on-premise. So far, unknown virtualized platform and not that openly published the "inside" technology (note is that this is by National Security Agency (NSA) employees). Need to talk with them and not straightforward from their website on the tech info (caveat - not browse through).
Specially for Garrison, it looks like it has differentiation too.
Garrison - Based on (b) too. What it differs is that they preach hardware-secured browsing (details below) . Rather similar to concept of Virtual Desktop Infrastructure, VDI. Same as Authentica8 and need a standalone application—which same as VDI, need a remote display client. There is a nice summary here. Here are some takeaways. By the way they are form my defence contractors (BAE).
>> Garrison hardware is large number of nodes (280 in the standard model), and each node is a pair of ARM processors. A user is allocated a free node, which is wiped upon every connection made by a Garrison client application. The user session can be managed to make sure there are fair share of experience. When user connect to the hardware, it is connecting to the first processor that runs the browsing functionality and connects to internet. And user session is passed over to second processor that runs the encryption and compression to stream what is seen in the browser to the user. Quite a neat separate handling.
>> Though Garrison is on-premises use, they are working towards a cloud-based service hosted in their secure data centre. So likely it can be integrated with existing VDI installations such as Citrix and VMware. If you have that can explore further with them. They are administrator auditing and logging tools to enable users’ web usage (include keystroke) to be securely monitored, recorded, and forensically examined. Can be intrusive though but supposed it should not be dealing with sensitive business data and also not doing own personal activity unnecessarily.
>> Likely due to the secure hardware, the costing model may be dependent on the sizing of the load (your user population). Can be tough to compare hardware solution like Garrison with others but it does give you the edge to controlling every activity within one visible box for such (b) type of solution. Operationalisation of the service and maintenance service are part of parcel for greater manageability compared to total outsource subscription like Lighting Source.
I leave Spike security for you to check out :)
Overall
If we will to rank them, and using the criteria, I personally see choice as below. The isolation would have met for them already.
a) Full control - Garrison (see and manage the hardware)
b) Cost effective with hybrid control - Authentica8 (has app to restrict who can access)
c) Client friendly - Menlo (can be costly but a better experience)
c) Focus on outsourcing - LightPoint Security (not much info. Need to build closer support rapport)
Hope the above helps!
(a) client side isolation
- hosted on client and delivered to the user as a app, with browser isolation done on client.
(b) server side isolation
- hosted on server and delivered to the user as a service, with the browser isolation being done on server. Can be on-premise or remote based access to the cloud services entirely.
Criteria of secure browsing using virtual browser (VB) are mostly
1. Isolated & Remote - client or server side as mentioned in (a) and (b).
But the safest is still airgap which is why the browser isolation using server side solutions (remote) will be preferred. So a client VB within the intranet can still subject to malware if it does escape or break the isolation. So better to locate VB in the cloud or the network DMZ. The intranet need to be segregated and mostly air gap to reduce direct exposure.
2. Transparent & Built-in handling - Still need to maintain the experience and as responsive in real time. VB should not affect the look and feel of text, images, video, audio or any interactive feature in the web pages. And VB need those traffic and data be inspected and sanitised and this need to be built in as part of the solution. Most of the time is file based minimally as they are main bulk carrier for malware.
3. Clientless and Device-Agnostic - Operationalising with less hassle will be more preferred. So no installation or plug-ins, can minimise overhead and bring complexity to minimal. And the value add is to support whatever device, operating system or browser use. Part of user experience transparency too.
4. Security-First Infrastructure - The provider need to demonstrate the assurance of the infrastructure of VB. Having regular security testing regime and good compliance track record increase confidence as they are ground up with security in mind.
I did not mentioned any costing which should be another criteria to sustain the solution in long term.
With those criteria in mind, you probably can try to map to your list of option.
Authentic8 - Based on (b). Diagram speaks for itself. It has ‘disposable’ browser (non-persistent), anonymous, so not exposing IP address or affiliation. However need to install Authentic8 browser app and from there start the session. The good is that there will be tool to encrypt your data with your key, and delete your data from their services. Also no need any plugin from browser since apps "consume" this needs.
Menlo Security - Based on (b). Good isolation like Authentica8 but no client app to be installed as far as I understand. Secures not only web browsing but also email applications. Not too bad but it can have a high price tag coming with it.
Lightpoint Security - Based on (b). The difference is it does a remote based access, no on-premise. So far, unknown virtualized platform and not that openly published the "inside" technology (note is that this is by National Security Agency (NSA) employees). Need to talk with them and not straightforward from their website on the tech info (caveat - not browse through).
Specially for Garrison, it looks like it has differentiation too.
Garrison - Based on (b) too. What it differs is that they preach hardware-secured browsing (details below) . Rather similar to concept of Virtual Desktop Infrastructure, VDI. Same as Authentica8 and need a standalone application—which same as VDI, need a remote display client. There is a nice summary here. Here are some takeaways. By the way they are form my defence contractors (BAE).
>> Garrison hardware is large number of nodes (280 in the standard model), and each node is a pair of ARM processors. A user is allocated a free node, which is wiped upon every connection made by a Garrison client application. The user session can be managed to make sure there are fair share of experience. When user connect to the hardware, it is connecting to the first processor that runs the browsing functionality and connects to internet. And user session is passed over to second processor that runs the encryption and compression to stream what is seen in the browser to the user. Quite a neat separate handling.
>> Though Garrison is on-premises use, they are working towards a cloud-based service hosted in their secure data centre. So likely it can be integrated with existing VDI installations such as Citrix and VMware. If you have that can explore further with them. They are administrator auditing and logging tools to enable users’ web usage (include keystroke) to be securely monitored, recorded, and forensically examined. Can be intrusive though but supposed it should not be dealing with sensitive business data and also not doing own personal activity unnecessarily.
>> Likely due to the secure hardware, the costing model may be dependent on the sizing of the load (your user population). Can be tough to compare hardware solution like Garrison with others but it does give you the edge to controlling every activity within one visible box for such (b) type of solution. Operationalisation of the service and maintenance service are part of parcel for greater manageability compared to total outsource subscription like Lighting Source.
I leave Spike security for you to check out :)
Overall
If we will to rank them, and using the criteria, I personally see choice as below. The isolation would have met for them already.
a) Full control - Garrison (see and manage the hardware)
b) Cost effective with hybrid control - Authentica8 (has app to restrict who can access)
c) Client friendly - Menlo (can be costly but a better experience)
c) Focus on outsourcing - LightPoint Security (not much info. Need to build closer support rapport)
Hope the above helps!
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet / Email Software
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
launch Outlook to access corporate emails or use webmail (ie IE or
any other browser) to access corporate emails.