The concept of zero trust networking is emerging as a powerful method of shifting security advantages away from attackers and back to those defending networks. In a zero trust environment, even users who have provided valid credentials are not fully trusted, and they are only given the least amount of privileges needed in order to accomplish their tasks. It’s a good method of protecting users and data, but it only works within a tightly controlled network environment.
Through their Shield platform, Ericom has developed a way to take the concept of zero trust and apply it to user interactions outside of an organization. This ensures that all of the bad stuff stays on the other side of your network fence. Shield is an enterprise-level browser isolation platform that can stop malware, spyware and even phishing attacks without restricting users from visiting websites, checking their webmail, or performing any number of other business or personal activities online.
Shield is completely browser agnostic, and it is deployed either as a cloud-based service or locally on prem. It can work in conjunction with a traffic gateway appliance or as the soul method of protecting users during online interactions. For the purposes of this review, the cloud-based version of Shield was tested.
How it works
Whenever a user at a protected organization opens up their browser, all of whatever content they want to view is routed through Shield. For most users, there is no noticeable difference, though administrators can force a little ES tag to render in the URL field to remind people that they are protected.
On the backend, full website content is rendered inside a Docker container in the Shield cloud, with a new container spun up for every tab that a user opens. What gets sent back to a user is essentially a screenshot of the content, though it’s fully interactive and completely indistinguishable from the actual web page. We loaded up sites using browsers protected by Shield and placed them side by side with the same pages rendered using unprotected browsers, and they were always identical.