Menlo Security is working on a product called Attachment Isolation that will help companies view the contents of suspicious email attachments without getting breached or infected.
company, which serves large financial institutions such as JP Morgan Chase and American Express and firms in other verticals, will offer the new solution later this year, according to Kowsik
Guruswamy, chief technology officer for Menlo Security,
Attachment Isolation will be part of a suite of products designed to isolate websites and email links. They are designed for
large companies with thousands of employees, like JPMorgan Chase.
Menlo’s “digital partition” isolates all web content, email links and documents in the cloud, then streams a
malware-free version of the content to employees’ computers. The firm can do this for incoming emails with a product called Email Link.
“We’re not trying to detect whether a
site or email is good or bad,” Guruswamy says. “We intercept traffic, and launch a new browser in our cloud.”
He adds: “We felt that the whole security model is broken
because you really can’t conclusively tell if something is good or bad. We stop playing that game — we just assume everything is bad. We never let internet come to the machine.”
The company puts such content into a “read only” mode. “You can interact but you can’t type anything,”
When phishing emails come in, Menlo’s
product isolates the links and eliminates them, he adds.
How does it avoid isolating legitimate emails and websites?
Guruswamy asserts that there are from 400 to 500 widely used
websites, and that “we have no business entering credentials anywhere else.”
A recent study by Ponemon shows that security training is largely ineffective. Menlo can put a banner
on top of the browser about the company’s training.
Menlo, which is headquartered in Palo Alto, has 150 employees and serves maybe 200 customers. Last December, it announce an $85
million infusion in Series C funding.
Rick Smith, head of private investments for JPMorgan Chase, said at that time that Menlo helps the firm eliminate phishing attacks without disruption to
Site Search 360 Custom Site Search