“When there is a breach you blame the CISO, but then they blame the users – but how are they supposed to know?”
The founders of British cybersecurity start-up Garrison Technology initially came up with a concept three years ago on how to bypass a common problem using a common solution, and talking to Infosecurity the two were keen to show that blocking web page access could be a thing of the past.
Garrison was co-founded and led by CTO Henry Harrison and CEO David Garfield and officially came together in 2015. Garrison’s mission is to enable users to view any content on the web without it impacting the company’s security.
Is that impossible? The company had an idea about how to move on from blocking known bad content, which moved on to “blocking more risky stuff” according to Harrison, who acknowledged that doing this causes an issue for those employees who want open access as the web.
To enable this, Garfield said that they had seen instances where virtual machines were used, and if the virtual browser was compromised you could just close it, but this came at a cost and the user experience was impacted. “But it was an interesting idea, having a sacrificial browser, and we wanted to take that concept further,” Garfield said.
Garrison Technology was born out of the idea of turning content into raw bitmaps, and Harrison explained that by doing this in the data center you remove the element of touching the endpoint. “Delivering raw bitmaps is not a good idea as you have to compress them,” he said. “What we realized is if we do that at scale and in a cost effective way, we needed to do it in something with a lot of compression capacity and the way to do that is to use silicon used for video compression.”
This led Garrison to build a prototype using mobile phone chips, which came in at a low cost and the company was able to build a rackable box to do compression.
“The concept we came up with was using chips in pairs, and there are hundreds of pairs in the box and in that pair, one runs a browser or PDF file, and it is running standard software and it generates screen images,” Harrison said.
“What we do is send the images to the camera input of the second chip so the only thing there is is a series of raw bitmaps and they are being compressed. So the idea is that if you click on a dodgy link the worst it can do is show us some bad pictures. We turned that into a valid enterprise-scale solution so you can provide users with the ability to click on dodgy links and you don’t need to worry about it.”
Harrison added that all the user will see is a “rendering of what the browser is seeing on the screen and a raw feed” and at worst, all the user will get is some strange pictures.
This works by the chips being configured in pairs, with one running the browser, and the second chip verifies the stream in fixed function hardware and compresses and encrypts this media stream, prior to sending to the endpoint.
The company named this SAVI (Silicon Assured Video Isolation), which is a rackable box with hundreds of mobile phone chips, and when a user finishes a session, those chips are powered down, returned to a blank state and rebooted into a new state which removes any malware.
This was the initial concept three years ago when Infosecurity first met Garfield and Harrison, and since then the company has built the product and Harrison said that it “has a platform which works and we ended up with a box with 500 ARM chips and 2500 CPU cores in a rackable server.”
Garfield explained that ultimately the user is shown a browser, and they can browse any website and you’re able to offer a scenario which has not degraded the user experience.
Harrison said: “We don’t sell this as a security product, we sell as a business enablement product and the security element has been applied as they have existing proxies and they have tightened the policy which has done the security, but now they have this problem where employees cannot get to the content to do their job.”
He said that the best comments from customers are when they are asked what they think of it, and they just think it is a browser. “From a security perspective it should be invisible,” Harrison said.
As well as enabling users to view any website without the prospect of getting infected, the company also said that it has an ability to do data loss prevention “as that is half of the reason that they block webmail and file sharing sites.” The Garrison technology allows pages and attachments to be read, but not be uploaded to.
There are a number of new technologies offering solutions to common user issues, but the concept of Garrison’s web browsing technology “provides a combination of bulletproof security and also performance, scale and affordability,” according to the company.
The concept offers an innovative method to solve a common problem, and it will be interesting to see how this technology is deployed and how it evolves in the future.