What is Malware Isolation?

Malware isolation is the process of encapsulating an environment vulnerable to infection, most often a web browser, so nothing can get out to do harm. Malware isolation ensures that your valuable data and IT infrastructure are protected even when you are confronted with undetectable malware. Attackers are prevented from taking control of your computer, or moving laterally or vertically through your network.

Why do I Need Malware Isolation?

Studies have shown that over 90% of undetected malware infections come into the enterprise through the web browser.

No software is completely free of vulnerabilities that can be exploited by attackers. This is especially true of browsers. Your web browser can be compromised directly, allowing the attacker to install malware or trick you into downloading trojan horse software. In either case malware is now able to capture information and start spreading. Hundreds of critical security patches are issued for every major browser every year, and the rate of discovery is not slowing. Malware isolation ensures that any malware that comes in through the browser is prevented from accessing any local valuable data or making its way through your business where it can access databases or cause damage.

Three Kinds of Malware Isolation

There are three different kinds of malware isolation: System Isolation, Network Isolation, and File Isolation. All must be in place to provide effective protection to the enterprise. Passages accomplishes this isolation and containment using three interlocking technologies, the Passages Virtual Machine (PVM), Passages Virtual Private Network (PVPN), and Safehold.

System Isolation — Malware is prevented from infecting the local computer by containing it within a virtual machine which is not able to read from, write to, or communicate directly with the host computer. Passages uses a specially designed and hardened virtual machine (VM) to completely isolate the browser from the user’s computer.

Network Isolation — Malware is prevented from scanning or attacking any other devices on the local network. Many devices like printers are poorly defended, while servers hold the crown jewels. Passages uses a Virtual Private Network (VPN) combined with routing and firewall rules within the VM to completely isolate the VM and the browser from the local network.

File Isolation — There is a legitimate need for files to be downloaded from the web, but they often contain malware. Malware is prevented from reaching the local computer by scanning all downloaded files and by forcing the user to initiate the final transfer to the local computer, eliminating the possibility of unintended or “drive-by” downloads. Passages Safehold ensures users can download the files they need while keeping malware off their computers.