Ericom Ericom Shield 19.04 Product Review
Summary
Ericom Shield is an advanced, remote browser isolation solution designed to add another layer to your defensive posture. It isolates malware, ransomware and other threats to prevent harm by keeping everything off of the endpoints. This solution transparently secures internet usage while reducing risk to an organization, alleviating operational burdens. It can be deployed on-premises, in public or private clouds, or as a hybrid.
We liked the support for a wide array of browsers, which
left us free to choose whichever one we desired. Considering it is a clientless
product, we had some problems and were expecting a more streamlined experience.
However, we were impressed with the overall simplicity behind the concept of
this solution.
For Ericom detection is not enough so it focused on
isolation, claiming to stop 100 percent of malware from the web from ever
reaching the endpoint. While this protection is limited to web-based solutions
the product fills a niche in an often overlooked area.
Ericom leverages an agile development approach with
updates issued to the dashboard every month.
Each website is
executed in an isolated browser, confined within a new and disposable Linux
container that takes local cookies and moves them into that session for easy
remote login. Containers are held remotely from organizational networks. When a
site is deemed safe, it is rendered to endpoint browsers for secure and
seamless browsing experiences. Upon cessation of the browsing session, that
container and subsequent executable code are destroyed to ensure the malware
can’t persist. These containers make extensive use of Docker and Kubernetes.
Algorithms built into the solution help protect against
common phishing attempts through the analysis of requested target pages. For
any suspected high phishing probability, the solution carries out a
customizable policy defined by an organization’s security team.
Any files to be downloaded over the course of a browser
session are scanned and cleaned with a pre-integrated, content disarm and
reconstruction (CDR) process before being passed to the user’s device. The tool
will sanitize any endpoint that becomes infected.
Various reporting
options are available and allow selecting certain timeframes for detailed views
into what happened and when. These reports adhere to GDPR and privacy rules.
From an audit trail perspective, information on events is being traced to show what
occurred.
This product functions differently compared to the other products we saw and focuses on the attack vector of the Internet. A tool called Analyzer can test the connection between an end user and the remote browser. This functions like a speed test, except it tests from the endpoint to the remote browser.
Tested by Tom Weil
Gloss