SME Security - Malware Protection For Australian Businesses
Practical cybersecurity defensive measures for busy small and medium enterprises (SME)

Cyber Security Awareness Training

The Cybersecurity Blog

Enabling Secure Open Source Intelligence Gathering

 
The conflict between IT security and OSINT
 
 

There’s a stand-off between those charged with keeping the business safe, and those tasked with gathering information and evidence from open sources such as the web…

  • Security concerns result in company-wide web access restrictions.

  • OSINT professionals need open and secure access to the web.

The path-of-least-resistance solution?

Web Isolation

Conventional browsers run locally on our devices. As we browse the web, content including (unseen) code is being downloaded to our device and executed inside the firewall. This is a security risk. There are two ways to mitigate this risk:

  1. Disconnect from the web altogether

  2. Relocate the browser outside the firewall

Today, many businesses permit web content to pass through the firewall and then use multiple perimeter defences to identify and filter out malicious content, including but not limited to:

  • The implementation of a firewall

  • The implementation of an anti-virus solution

  • The implementation of employee cybersecurity awareness training

All of these measures are applied to content so that nothing bad happens when web content passes from an external web server to an internal web browser. The problem with this approach is that web content is still entering the business. All the while that potentially malicious web content is being brought inside the firewall there is an opportunity for failure.

But beyond filtering out suspicious and malicious content, there is another way to reduce the risk from the web. And it’s called web isolation.

 
the extent that web code ingresses into the business - local browser versus isolated browser
 

When we implement web isolation, we move all browsing activity offsite and into the cloud. No web content ever reaches the firewall and so the opportunity the business to become compromised as a result of its employees accessing the web is reduced.

So, when we need to give OSINT investigators and researchers open access to the web without fear of compromise, we can turn to web isolation.

Silo Toolbox

Silo is a re-engineered web browser that runs inside a secure, one-time virtual machine in the cloud. The Silo Toolbox is an extension to the standard Silo Isolated Browser and has a number of features that are the driving adoption within the OSINT community:

Secure – because no web content ever reaches the open source intelligence researcher’s device when using Silo, there is no risk of compromise, for example, from malicious ads, malicious websites or malicious documents. This guarantee of infection-free browsing means that open source intelligence workers can go to the darkest corners of the web safe in the knowledge that their work will not result in their business or network being compromised. Furthermore, IT security professionals can know that web-borne malware is not going to enter the business as a result of relaxing web access permissions specifically for the OSINT and investigations teams.

Anonymous – because all browsing happens in the cloud, open source intelligence researchers are completely anonymous – both untraceable and untrackable. There is no way that a website visit or data download can be traced back the researcher or the business. Moreover, using Silo Toolbox, researchers have the ability to control their appearance (fingerprint) while online, for example, defining where in the world they are browsing from.

Instant – when we start up a Silo Toolbox session, a clean virtual machine is built in the cloud automatically. There is zero manual work required or any reliance on IT necessary. In fact, researchers can have multiple virtual machines running in different locations around the world at the click of a button. And at the end of an intelligence gathering session, those machines are destroyed along with any infections or tracking instruments (e.g. cookies) that have been picked up along the way. In seconds, virtual machines can be spun up on-demand and torn down permanently after the job is done.

Simplified Open Source Intelligence Gathering

Unlike a standard browser, Silo Toolbox includes targeted functionality to aid the collection of data from the web. These features include:

  • Video download – native functionality for the capture and conversion of online video

  • Screengrab and annotation – native functionality for the capture and on-the-fly annotation of screenshots

  • Document viewer – native functionality to support the remote viewing of Adobe PDF and Microsoft Office documents, with the option to store virtually or download locally in benign PDF format (subject to local security policy settings)

  • Language translation – native functionality to support on-the-fly translation of foreign language web content

  • Shared secure virtual file system - Silo Toolbox includes a virtual file system where gathered open source intelligence and documents may be stored and shared with team members

Administration features

Finally, it is worth mentioning that Silo Toolbox is configured by security policies defined by Administrators. This allows security policy to be defined at any level from Organisation down to the individual. The administrative sub-system supports a full and encrypted audit trail.

Conclusion

Web isolation provides a way for OSINT professionals to gather intelligence data from anywhere on the web in a way that is self-service, secure, untraceable and untrackable. This means that IT Security can have the tools to make an exception for investigators and researchers safe in the knowledge that their work will not compromise the network or the business, nor make heavy demands on internal resources.

The Silo Toolbox does not require any additional hardware nor place any additional load on existing devices. Silo Toolbox is a desktop application that can be deployed quickly and tactically within an organisation.

Click for more information on Silo Toolbox or fill out the form below to arrange a quick call.

 
 
Name *
Name
 
Simon GibbardComment