Spikes Security Lets You Browse Securely – Without A Browser By Rodika Tollefson, Third Certainty
Websites infected with malware are a major culprit behind cyber attacks, and unsecured Web browsers are a common attack vector for hackers. A growing Silicon Valley startup is trying to solve that problem—by taking the Web browser out of the equation. Spikes Security says its browser-isolation technology protects computers from malware and Internet-borne attacks by creating a virtual machine that isolates the user’s own browser from the Internet. Infographic: Just browsing? Malware shops for data Company founder Branden Spikes came up with the idea in 2008 from the need to protect rocket scientists. He since has launched a startup that recently rolled out its first commercial version—and has sparked interest from several sectors, including credit unions. Free IDT911 white paper: Breach, Privacy, And Cyber Coverages: Fact And Fiction The technology, called AirGap, works by using secure Linux appliance hardware that renders Web pages outside of the user’s network. The browser’s session is streamed back to the user through a high-performance, remote desktop connection of sorts—think of it like streaming a very high-quality video. “We come at it from a preconceived assumption that all browsers are malware by their very nature,” says Spikes, who serves as company CEO and CTO. A recent Ponemon Institute study sponsored by Spikes Security found that 81 percent of the 645 surveyed IT practitioners consider unsecured Web browsers as a primary attack vector. The same number found that Web-borne malware could be completely undetectable despite various security tools. “I feel like most of the other attack vectors have been solved or can be shut off,” Spikes says. “A Web browser cannot be turned off.” From rocket science to Silicon Valley Spikes was a consultant who installed firewalls when he met a guy named Elon Musk, who was working on an Internet startup. Musk went on to co-found PayPal, and later founded the aerospace developer and manufacturer SpaceX. At PayPal, Spikes oversaw cybersecurity, along with Web systems, databases and “all the sort of blinking lights that sit in the data center.” When Musk moved on to focus on SpaceX, he brought Spikes along. Spikes, who spent 10 years as CIO at SpaceX, was exposed to all sorts of network attacks there. But despite state-of-the-art defenses, one type consistently got through. “There’s one thing that was always able to defeat my defense mechanisms, and that was end users’ Web browsers,” he says. When Musk announced in the mid-2000s that he wanted to launch astronauts into space, Spikes says he started to lose sleep. “(I) had to defend the livelihoods of human beings with my network. …If I was unable to stop browser malware, I would really likely fail,” he says. Spikes’ job at SpaceX, essentially, was to not allow the bad guys to hack the network. That high bar, he says, meant he had to solve the challenge of protecting intellectual property that resided entirely on laptops and desktops. Spikes invented AirGap in 2008 while at SpaceX, but maintained the intellectual property rights. Four years later, he spun off his own startup. Today, Spikes Security employs 30 people in Los Gatos, Calif. The company received an $11 million Series A investment last fall that has allowed it to expand its engineering team and accelerate the development of new features. After a couple of years perfecting the technology and extensive beta testing, the product was rolled out officially earlier this year. About two dozen customer deployments are in place, with another two dozen in various testing stages. “When you’re building an innovative product like this, it requires a lot of ongoing education and collaboration with customers to ensure the product is meeting and exceeding expectations,” says Chief Marketing Officer Franklyn Jones. Challenging the competition The idea of browser isolation technology is not new. Several other vendors are offering isolation technology, including some big players. Typically, they’re trying to solve this through a sandbox or micro virtual machine. The problem, Jones says, is that if malware escapes the sandbox or VM, the network becomes affected. “We keep all the bad stuff outside the network,” he says. The company is having some early success with credit unions. “Small banks and credit unions are prime targets for cyber criminals because, very often, these firms do not have the IT staff or budget to build state-of-the-art security infrastructure,” Jones says. The company plans to launch a mobile version this year, and another major product announcement is due in a couple of months. “One of our long-term goals is to ensure that the Web is safe for everyone, everywhere, all the time,” Jones says. “We are on track to meet that objective before the end of the year.