AirGap™ web security stops all browser-borne malware from entering your network.
Malware detection systems do just that, they detect the malware on your system— leaving you, nevertheless, with malware on your system. Unfortunately, malware has already done its job by the time traditional malware detection security systems have a chance to start their work.
The new truth is that the web browser is, increasingly, the primary threat vector for cyber attacks on the enterprise. Confidential research available to Gartner members confirm this, as well as a 2013 review by Palo Alto Networks which found that over 90 percent of undetected malware comes through the browser. Traditional detection-based security technologies are reactive and ineffective in stopping the ever growing number of complex zero-day attacks, APTs, and polymorphic threats delivered through the browser.
The AirGap web security solution solves this problem with a patented, highly secure, virtualized browser isolated outside the firewall. All web content is accessed by end users through a lightweight, high performance viewer on the user desktop (and soon mobile devices). This “air gapped” separation between the user and the browser ensures that the enterprise network will never be infected by browser-borne malware. Just as important, end users are empowered to use the web without fear.
Security, Performance, and Flexibility
With the AirGap™ web security solution, a specialized, hardened browser is deployed on a server outside the firewall. The AirGap browser application instantly creates secure, virtualized sessions for end users accessing the web. In addition, each tab within a web session provides its own process isolation. All content requested by the end user is instantly rendered and delivered to the endpoint via an encrypted, isolated connection. AirGap’s focus on end-to-end separation and isolation ensures complete prevention of browser-borne malware, enabling businesses to safely leverage the power of the web.
The AirGap solution can be deployed on Spikes Security appliances or existing servers within the customer organization. In either case, deployment scales linearly to support the security requirements of virtually any size organization, without impacting overall system performance. For end users, the AirGap viewer on desktops is a lightweight, easily deployed application that delivers the features and performance expected from any desktop browser. AirGap uses specialized compression algorithms to accelerate the delivery of web video, audio, and text to the desktop, so performance is optimized and end user experience is as good as – and often better than – traditional web browsers.
The flexibility of the AirGap web security solution allows it to be deployed as an on-premises solution managed by the internal IT team, as a cloud solution managed by Spikes Security, or as a hybrid solution to ensure that both internal and remote users are always protected from browser-borne malware. In addition, AirGap can be deployed using optimized appliances supplied by Spikes Security, or on the customer’s existing server infrastructure. Regardless of the deployment configuration, IT security teams have full visibility into and control of the deployment through AirGap Administrator.
How AirGap delivers value to your organization
The browser is a powerful business application, but it also provides a clear path for malware to penetrate directly through to endpoint devices. Reactive detection technologies don’t solve the problem. The AirGap web security solution, on the other hand, shifts the focus from reactive protection to proactive prevention of all browser-borne malware. As an integral part of a defense-in-depth strategy, AirGap effectively eliminates the #1 threat vector for malware attacks on the enterprise.
The AirGap client viewer makes it easy to switch between your devices seamlessly, preserving open tabs and windows mid-stream. A user watching a YouTube video on his/her notebook can switch to a PC, then back again, with every change being instant, seamless, and without causing any interruption of the video playback. Favorites, bookmarks, cookies, and other user profile preferences are maintained consistently between devices.
Spikes Security understands that end users will not tolerate sluggish browser performance. The AirGap solution delivers superb web performance, even for high bandwidth video content. This is accomplished by using multiple compression technologies and high efficiency encoding techniques to render and deliver web content with virtually no latency.
The time and costs associated with remediating infected devices can easily reach tens of thousands of dollars each year, even in a mid-size enterprise. In addition, taking a laptop out of service can cause disruptions to the productivity of end users and the business. By preventing browser-borne malware from reaching the endpoint, IT organizations are able to avoid these costs and focus IT resources on more important projects for the business.
Other security products focused on isolation typically require complex installation and maintenance of endpoint devices, which makes large-scale enterprise deployment difficult and time-consuming. In contrast, the powerful elegance of the AirGap solution is consolidated in one place - the server. At the end point, a simple lightweight viewer is all that is required for users to access the web. The viewer can be installed in 60 seconds with no special configuration or IT involvement required.
Policies that attempt to limit or control Internet access are typically ineffective, with savvy employees always finding a way to circumvent these controls. Because AirGap eliminates the delivery of browser-borne malware, it also eliminates the need for whitelisting, URL filtering, or any policies that limit Internet access. Instead, end users can fully embrace the power of the web without any fear of being a victim of zero-day attacks, APTs, or drive-by downloads.
AirGap is an innovative, enterprise-class security software solution that effectively eliminates the possibility of all browser-borne malware from entering the corporate network and infecting endpoint devices. This is important because traditional Web browsers were never designed to be security tools. Despite incremental improvements in browser security, the web browser is still the primary threat vector for 90 percent of all malware attacks on the enterprise – including zero-day attacks, APTs, drive-by downloads, malicious adware, and more. The AirGap solution makes web browsing 100 percent secure, and thus makes the entire business more secure.
The term “air gap” is traditionally used in real-world engineering, where air gaps provide separation and isolation of liquids and gases. In cybersecurity, the term is frequently used to describe the complete separation of two networks or systems for the purpose of security. The AirGap solution from Spikes Security consists of a secure, purpose-built browser deployed in the DMZ, and lightweight viewer clients deployed on endpoint devices. Together, AirGap effectively isolates the end user – as well as all endpoint resources and data – from potential browser-borne malware. This comprehensive level of isolation is achieved with true hardware separation, remote application services, operating system hardening, intrusion prevention technology, and secure application designs. Finally, convenience is preserved, and even improved, through cutting edge remote multimedia technology and intuitive interface designs. All of this works together to provide end users with a truly elegant, high-performance browsing experience.
The web browser you’re using right now is probably the most strategically important application in your business. It is a powerful tool that gives you access to all the information you need. It was never designed to be a security tool though. In recent years, browser vendors have made security enhancements to their browser platforms, but these browsers – and their various plug-ins - remain the primary threat vector for cyber attacks on the enterprise. For example, Microsoft’s Silverlight plug-in was recently targeted by cyber criminals. In addition, browser-specific exploit kits are being sold on the black market so that hackers can easily gain access to endpoint devices to launch internal attacks.
The only way to prevent these malware attacks is to completely isolate the browser from end-user devices and network resources, while still providing complete web freedom, optimal performance, and a great user experience. The AirGap solution meets all of these requirements.
The AirGap client viewer is currently supported on Windows XP, 2000, 7 and 8, as well as Mac OSX 10.7 and later.
The Spikes AirGap browser is a client/server application. The client is a very lightweight app that is easy to deploy, without requiring IT intervention, special configuration, or any prerequisite software. The server component is specialized, patent-pending software that can be quickly deployed in the DMZ on a customer’s dedicated server.
Optionally, customers can run the software pre-loaded on a hardened, high performance, virtualized AirGap appliance. This appliance comes in various sizes and configurations, scales linearly, and features automatic failover and load balancing to provide the maximum performance per dollar to meet the necessary deployment requirements of IT departments.
In either case, the underlying architecture of the AirGap solution is flexible enough that it can be deployed on the customer’s network (private cloud), on the Spikes Security network (public cloud), or a combination of the two (hybrid cloud). This flexibility ensures that all local and remote users are fully protected, regardless of where they are working.
VDI offers IT organizations a centralized, efficient, and easily maintained way of scaling operations and responding quickly to the changing needs of their business. VDI was not, however, purpose-built to provide optimized web performance or protection against browser-borne malware. For example, VDI server platforms are characterized by a large attack surface protected with only limited, conventional security safeguards. If the server is compromised, the hacker can quickly gain access to sensitive data and resources.
In contrast, AirGap is deployed on a specialized server that contains only the AirGap browser application. In addition, the solution is built with Spikes Security’s patented Isolate™ technology, which provides seven different elements of protection, separation, and isolation. These elements work together to make it virtually impossible for any browser-borne malware to compromise the AirGap server, the network, or the endpoint device.
In addition, the performance of the AirGap client viewer is far superior to any desktop VDI browser application because AirGap has the ability to automatically detect and optimize performance based on the type of content requested by the end-user. As a result, browser sessions are launched instantly, and end-users experience superb audio/video performance with no discernible latency.
Anti-virus software, which is typically installed on every enterprise endpoint device, does a great job of protecting end-users against most known viruses. That’s the easy part though. The bigger security challenge involves trying to protect against complex new threats that have never been seen before. For example, APTs, polymorphic threats, and zero-day attacks — for which there is no defense. These “unknown” threats are the new normal for malware attacks on the enterprise. They can’t be detected and, therefore, they can’t be stopped. Symantec estimates that zero-day attacks survive an average of 312 days before they are detected. In other words, it can take nearly a year before you realize that your organization has been attacked.
Think about that. Despite the use of sophisticated detection technologies deployed within a multilayer, defense-in-depth architecture, companies still get hacked. How can that be? The underlying problem is that every detection technology will ultimately fail, regardless of whether it involves signatures, heuristics, behavioral analysis, etc. You simply can’t detect the unknown with 100 percent accuracy.
Given the inherent limitations of all detection technologies, Spikes Security believes the focus must shift from reactive detection to proactive prevention. The isolation architecture of the AirGap solution enables it to prevent 100 percent of all known and unknown browser-borne malware, which means that no malware can enter the network, infect endpoint devices, or disrupt business operations.
Sandboxes work by isolating potentially dangerous operations within a more secure, virtually separated space on the client machine. For example, if an end user launches a browser session, the sandbox solution might isolate that session in a separate virtualized environment. This idea has merit because it does not rely on any detection technology. Instead, it simply isolates the session, along with any malware that may be contained in that session.
The problem is that modern malware has the ability to escape from sandboxes. The sharing of operating system resources across the mechanisms of virtual isolation, as well as the idiosyncratic behavior of browser plug-ins, make it nearly impossible to fully secure all the available attack vectors for breaking free of a browser's sandbox. In particular, computers running Java and Flash are especially vulnerable to web based malware.
In the recent Pwn2Own hacking competition in 2013, for instance, Internet Explorer, Firefox and Chrome were all hacked on the first day. Chrome’s sandbox was fully breached, providing clear evidence of the limitations of software sandboxes. When the malware escapes from the sandbox, it then has full, unrestricted access to the client files and data, and the ability to access network resources.
AirGap is significantly more secure than a traditional browser in a sandbox, as it benefits from true hardware and network isolation. As a result malware is never able to enter the network and infect any end-user device.
It is a common misconception that XSS vulnerabilities are a browser vulnerability, so it is the website developers that are charged with the sole responsibility for preventing XSS exploits from circumventing their website security measures. That said, Spikes AirGap browsers do provide countermeasures such as those provided by traditional browsers. For example, by preventing cookies from being accessed by websites that did not issue them.
No problem, the AirGap browser can be configured to allow easy access to your trusted websites through a traditional browser by policy.
The AirGap solution is deployed outside your firewall and does not have any “backdoors” into your network or devices, nor does it collect any sensitive information. With AirGap you can be assured of maximum privacy.
The engineering team at Spikes Security is continually adding new features to both the Windows and Mac versions on AirGap. The latest features may not always be reflected on this web site. If you work at a business that is concerned about web security and would like to prevent all browser-borne malware from infecting your network, we invite you to contact [email protected] . We can arrange for a short product demo or a full evaluation of the product in your network.
Learn more about Spikes Security and the power of AirGap web security.
Learn how AirGap prevents all browser-borne malware.
Discover the seven elements of Isolate that make it so effective.
Browsers pose the greatest threat to enterprise.
In 2012 “User” surpassed “Server” as the top compromised asset category. 99 percent “inevitability” of a click on email campaigns which send over 10 emails.
Drive-by malware attacks are far more likely to come from hacked, legitimate web sites than from malicious websites. Two percent of websites in the United States contain malware.
94 percent of undetected malware comes from the web, and remains undetected an average of 20 days.
As cyber criminals continue to develop more advanced and targeted attack strategies, it is important to understand the risk that their activities pose to credit unions everywhere
The web browser is the most strategically important application in today’s Internet-powered enterprise. But the browser is inherently insecure, and is now the #1 threat vector for cyber attacks on the enterprise.
Join us on Facebook and Twitter
Spikes Security is a venture-backed Silicon Valley start-up founded in 2012. The company is focused on delivering secure, scalable, high performance software solutions that empower businesses with the freedom to safely leverage the web without fear of cyber attacks. It's initial offering is AirGap™, a powerful browser security solution that prevents all browser-borne malware from entering corporate networks and infecting endpoints.
It's a great one.
Branden Spikes founded Spikes Security in 2012 with a mission to stop rampant cybercrime and solve the most pressing engineering challenge of our time, information security. Prior to starting the company, Spikes spent 20 years designing and building high performance, highly secure IT systems. He served as the technology right hand of Elon Musk for over 15 years at Zip2, PayPal, Tesla, and SpaceX where helped pioneer, architect, and build some extraordinary technology. Having been mentored by one of the world's top entrepreneurs, Spikes brings experience, perspective, and a unique skill set to his role as CEO at Spikes Security.
Scott Bennett has made a career out of inspiring those around him to deliver the seemingly impossible. He has been directly responsible for deploying end-to-end comprehensive solutions for a variety of applications, from a Seattle-based tech giant to some small Hollywood media houses— and the list goes on. Bennett's leadership skills stem from a unique blend of experiences ranging from military service, to senior management experience, to product development time. His agile management methodology has been instrumental in reducing our time to market and it is his laser focus that drives our vision.
Scott Alexander is both a computer scientist and a business-savvy entrepreneur with extensive startup experience. He was a pre-IPO employee of FactSet as well as one of the first pre-website employees at PayPal. After eBay acquired PayPal, Alexander shifted his focus to new business startups where he acted as both an angel investor and a strategic business advisor to help young companies effectively manage their business operations and guide their long term planning. At Spikes Security, he is applying that same expertise to help the company achieve its growth potential in the enterprise network security market. Alexander has a B.A. In Computer Science and Business Administration from UC Berkeley.
Franklyn Jones has been providing marketing leadership for innovative start-ups and established market leaders for more than 20 years. His experience in network security includes VP of Marketing at Bromium (end point security) and nearly five years at Palo Alto Networks (next-generation firewalls), including living two years in London to help lead the company's revenue growth in EMEA from zero to $60 million in preparation for a successful IPO. Jones also ran Solutions Marketing at BlueCoat, helping the company accelerate its revenue growth and expand its leadership in the web gateway security market. Earlier, he was VP of Marketing at ShoreTel and led the Global Solutions Marketing team at 3Com. Jones holds a BA from Michigan Technological University.
James Watts brings a wealth of business experience to Spikes Security, both in sales and operational roles. Watts has a 31 year track record of successfully managing sales, customer service, and marketing programs for top-tier start-up companies and leading information technology firms— including Bay Networks (later purchased by Nortel), ECTel Ltd (IPO company), Securesoft (acquired by NCube), eTelemetry, Force10 Networks and AlienVault. Watts began his career with sales and sales management positions at Lucent Technologies and Bay Networks. Most recently, however, Watts led the Sales, Corporate Operations, and Business Development departments at AlienVault, which offers a Security Information Event Management (SIEM) solution to small and medium enterprise customers.
Scott Martin has nearly 20 years experience in building high performance Information Security and Enterprise Network infrastructures. With roots in the Symantec Corporation, Martin played a critical role in helping develop their standards, processes, information security policies, and creating core IT infrastructure to bring them into a leadership position in enterprise security. Martin was also the head of IT for automotive innovation leader Tesla Motors - enabling their corporate and manufacturing infrastructures to grow exponentially during the production of the Tesla Roadster and the development of the Model S. At Spikes Security, he is responsible for supporting the company's expanding operations with the same demands for high performance, highly secure infrastructure. He also leads Spikes Security's customer support operations.
Jeff Routledge has a passion for finding the best innovators, and then expeditiously providing the most efficient systems infrastructure to help shape these projects into organically grown, world-changing companies. He has architected and scaled such companies as the highly successful enterprise cloud provider Box.com, where he was the Director of Data Center Operations, and this just after having designed and built the infrastructure for the fastest growing website in history, MySpace.com. Routledge defined the term “2.0 scale” based on the work of building to support over 220 Million users in 18 months. Simultaneously he was the architect/builder of Hulu.com and he then moved up to Top 5 Ad platform FOX Audience Network. He also comes from a long tenure in the massively multiplayer online video gaming world “where milliseconds matter”. He was with such companies as Vivendi Universal and Sierra, as well as Valve and Blizzard. Routledge's motto, “We use innovative technology to change the way people change the world” holds true when you look at the unequivocal history of success in this area.
Megan Jones has established a career building channels for technology startups, as well as other companies interested in moving to a channel sales model. She has built a telecommunications channel for the MidAtlantic region, for Cbeyond, Inc (NASDAQ: CBEY), worked to expand Fujitsu, America, Inc's reach into the Federal space, as well as having built a thriving channel for BYOD experts Impulse Point. At Spikes Security, she is responsible for creating and nurturing a global channel sales environment. Jones has a B.A. in Communictions from Pennsylvania State University.
Stay informed on news about security issues, products, and technologies.
Andrea Tse, TheStreet.com - February 25, 2014
Ashlee Vance, Businessweek - February 25, 2014
Network World - February 11, 2014
Join the growing number of businesses that have deployed AirGap to isolate and eliminate browser-borne malware, and empower employees with the freedom to safely leverage the power of the Web. Please contact us using the form below. You will receive a personal response in 24 hours or less.
500 West Hamilton Avenue #110458
Campbell, CA 95011-0458
Our social feeds provide actionable intel, updates on our progress, and relevant security news.