How One Healthcare Leader Locked Out Ransomware with Web Isolation

WannaCry became a shining example of the potential damage employees can do to an organization’s network.

In May 2017, the WannaCry ransomware attack struck across the globe, which quickly infected some 200,000 computers in 150 countries, and virtually shut down multiple organizations including several dozen regional health authorities within the National Health Service of the United Kingdom. Ransomware attacks such as WannaCry can be even more devastating to healthcare organizations as it can bring all operations and patient care to a halt, potentially impacting patient safety.

Though the WannaCry attack did extensive damage within many organizations, a leading national healthcare provider used this as an opportunity for the institution’s security team by focusing senior leadership’s attention on the problem of threats entering the enterprise network through employee internet use.

The organization's Chief Technology Officer (CTO) used the momentum generated by the WannaCry alarm to address the larger issue. "I don't know whether personal use of dodgy internet sites is first or second in the list of vectors that put us in firefighting mode, but it is absolutely either first or second," said the CTO, who requested that the identity of his organization remain unidentified. "We were looking for a mechanism to get a very strong control framework around that vector—especially webmail and social media—without taking away our employees' privilege of appropriate internet use. That's important, because the more draconian approach of just locking the world down doesn't work very well for us."

The CTO office researched available solutions to minimize the risk associated with accessing these types of risky sites and browser isolation stood out as a promising technology. Browser isolation technology applies a zero-trust approach to web security by assuming any web content could be potentially malicious and should not be allowed to reach endpoint.

By executing web sessions remotely and sending only safe rendering information to the endpoint browser, this agentless technology eliminates the possibility of malicious websites leveraging web resources (e.g. Javascript, CSS, HTML, Flash, etc.)  to exploit browser and plug-in vulnerabilities to infect endpoints. As this approach does not depend on detecting malicious content, it even prevents attacks leveraging zero-day vulnerabilities of browser and plug-ins (e.g. Flash and Java).

In addition, some browser isolation vendors, including Symantec, allows sites to be rendered in read-only mode, disabling web input fields.  This prevents unsuspecting users being lured to sites from disclosing sensitive information such as usernames, passwords, and Social Security Numbers. This capability has proven to be an effective measure against credential phishing attacks.

The CTO and his team quickly narrowed the available browser isolation solutions to a two-candidate shortlist that included Symantec Web Isolation.

"Symantec won on two factors: depth of features, and the strength of our existing relationship," the CTO explained. One important functional differentiator was user experience with webmail services like Gmail, that hand off their authentication process to a service in a separate domain. “Initially, this posed a problem for both solutions, but Symantec was able to resolve the issue," the CTO said. "Their competitor really struggled to deliver the goods."

This healthcare leader required just six weeks to deploy the solution to 80% of its organization, and now protects all of its 60,000+ nationwide employees with Symantec Web Isolation for higher-risk online services. "I would tell anyone in IT or security management that browser isolation belongs in their security portfolio," the CTO concluded. "And I would recommend they evaluate Symantec Web Isolation as one of the solutions in this space that works. It has proven to be a very good fit for us."

If you found this information useful, you may also enjoy:

• 5 Top Reasons to Isolate Your Browser