Australia’s top 50 websites could be helping steer end users towards malware, according to cyber security company Menlo Security, which is about to enter the Australian market with what it says is a solution to the problem.
Menlo Security’s CTO, Kowsik Guruswamy, told Computerworld that many of the country’s most popular websites link to external sites that are running old software with known vulnerabilities.
“We looked at the top 50 sites in Australia, 26 per cent are linking to sites running vulnerable versions of software some of them Microsoft IS 6.0 [web server software] released in 2003” he said.
“I have seen live sites running Microsoft IS 5.0, released in 2000, which reached end of life in about 2003,” Guruswamy said. “This is the root of all evil. If I’m a bad guy I don’t need to go to a popular site, I just need to hack one of these sites running really old software.”
Menlo Security has developed an analysis tool which examines a website, lists all the external links to other websites, identifies the software running on those sites and flags versions that are not current.
Web Isolation to the rescue
Menlo Security’s solution to this problem is its Web Isolation Platform and its recently patented Adaptive Clientless Rendering technology. The Menlo Security Isolation Platform sits between an end user’s browser and the Internet.
“The isolation platform allocates a new browser for you,” Guruswamy said. “It goes to the website on my behalf and it talks to these other sites and the adaptive clientless rendering takes the benign aspects of the visual elements and delivers them to your browser so you can [browse] wherever you want without risk.”
Menlo Security offers the platform as a cloud-based service, hosted on AWS, and also as a virtual appliance for installation in a company’s data centre.
Guruswamy said: “We are 100 per cent agnostic to devices, and there is no client we need to install on the device.” He added: “Isolation is a proven technology the thing people have not been able to figure out is how to do it at scale, without compromising user experience. We believe we have done that.
Patented web page rendering
Menlo Security has just announced the award of a US patent (No. 9,391,832) for its Adaptive Clientless Rendering technology. It was filed in 2011 and, is based on the work of professor Dawn Song, a cyber security researcher at the University of California at Berkeley
Menlo Security’s cofounder and chief architect Gautam Altekar started a spinoff from the university, Safely, with Song to develop and commercialise the isolation technology that is now is the core of Menlo Security's offering.
Menlo Security has yet to formally enter the Australian market Guruswamy said it would be naming local partners shortly.
In April Menlo Security announced a partnership with Check Point enabling Check Point’s security gateways to selectively steer network traffic to Menlo Security's Isolation Platform.
In June it announced a partnership with Cloud Harmonics under which Cloud Harmonics will provide customised training, services and support to the value added resellers in Cloud Harmonics' channel partner community.
Menlo Security also has a global resale agreement through Fujitsu.“They taking our virtual appliance, white labelling it and they are putting it in their data centre and offering it to customers,” Guruswamy said, adding that the company expected to announce other similar deals in the near future.
Out of stealth mode with US$35m fundingMenlo Security emerged from stealth mode in June 2015, announcing a US$25 million round of Series B funding led by Sutter Hill Ventures. Existing investors General Catalyst, Osage University Partners and Engineering Capital also participated. That took the company's total funding to US$35 million.