virtual browser

Hot on the heels of Virtual Browser version 1.2, version 1.3 is now ready for release. Why are we introducing two versions at so close together? Well, it’s part of an ambitious product roadmap which leads up to a full rollover to version 2.0 during Q1 2010. Regular intermediate releases help keep us focused, while fulfilling customer and partner expectations in terms of fast time-to-market for new features and functionality.

Virtual Browser release 1.3 delivers support for transparent authentication modes so that, for example, user authentication for Virtual Browser sessions can be based on Windows logon credentials. On the server side, Virtual Browser can now integrate ICA and RDP clients, opening up a whole new range of possibilities for enterprise deployments.

Looking ahead, the objective is to position Virtual Browser as the universal client for the Cloud Computing era. For the enterprise moving to Cloud-based solutions, Virtual Browser offers a single, centralized point of control for multi-platform access to any web-enabled or virtualized application, wherever it’s hosted. By integrating support for ICA and RDP clients on the Virtual Browser server, end users can access web applications and Citrix or TSE applications through a single, secure, multiplatform browser interface.

Just a month after the release of version 1.1, version 1.2 of the Virtual Browser server component is ready for deployment.

The latest release offers improved performance, but more importantly for enterprise deployments multi-server support means that high availability and load balancing features are now available. It’s also possible to configure individual web sessions so that they are isolated on separate physical servers, optimizing network topologies and performance and further reinforcing application security.

Eagerly awaited by our most demanding users, these new features guarantee continuity of service for Virtual Browser end-users independently of the failsafe mechanisms offered by the underlying platform (the Virtual Browser server is designed for installation in VMware environment), while also improving scalability, optimizing performance when very large numbers of sessions are open simultaneously.

In Sizing the Cloud; Understanding the Opportunities in Cloud Services (published in March 2009) analysts at Gartner, Inc. predict a global market for enterprise cloud services reaching $150.1 billion in 2013 – more than three times the size of today’s market of $46.4 billion. The cloud-based enterprise will be dependent on the internet to an extent way beyond the situation today, and information systems and applications will be utility services, like water or electricity — a click of the mouse to bring up the CRM software and shut it down, with the user paying for a metered service.

As far as I’m concerned this is a fantastic development which will allow businesses to focus on — well, what they do best, where they can add value. Information resources will be available on demand, like tapwater. Except that a packet of data is not like a drop of water; those data packets may be carrying business-critical data. The internet is a two-sided coin for the enterprise: one the one hand, on-demand access to flexible, massively scalable information resources ranging from basic hardware platforms to individualized services and applications software; on the other hand, the vector for increasingly intense efforts to penetrate enterprise information systems for criminal gain. In other words, the enterprise is in the process of migrating it’s information resources to the most stressful environment you can think of if you’ve ever had to think about information security.

If the Cloud Computing paradigm is to fulfill its promises, we urgently need to find ways of reducing the stress of internet dependency. We need to protect ourselves from the internet that threatens us, to get the full benefits of the internet that will make our business more agile, more responsive, which will allow us to evolve and progress. If we can’t make the internet “stress free” we’ll start seeing the (costly) development of parallel secure networks for enterprise applications.

If the best way to avoid internet attacks is not to connect to the internet, that’s clearly an unrealistic approach today. What we can do, however, is to segment different usages, isolating access to sensitive, business-critical data and applications from the potential threats. While building an entirely new network is probably a stretch too far, a more realistic solution, perfectly feasible today, is to isolate individual web applications by virtualizing access at the source, the browser itself. Enterprise end-users access sensitive business applications and data over the internet using secure tunnels carrying virtualized browser sessions. With the virtual browsers hosted in close proximity to the applications, data need never be exposed on the internet with this architecture. We can’t clean up the internet to make it entirely safe for your business critical data and applications, but by ensuring that critical systems and end-user browser sessions are protected from attack we can bring a “stress-free” internet experience several steps closer for the CIO.

Version 1.1 of the Virtual Browser solution enhances the product with new features facilitating seamless integration with the enterprise infrastructure:

• Strong authentication based on X.509 certificates increases protection for the enterprise and reduces the risk of security being breached by simple password theft from a compromised terminal.
• Role-based administrator access ensure that each admin only has the authority to execute authorised tasks (eg configuration, monitoring, etc).
• An IE6 rendering engine provides support for older web-based applications, incompatible with more recent browsers.
• Virtual Browser client installations are now available for Apple Macintosh OSX and Linux platforms, in addition to the Microsoft Windows client.

Additional minor modifications have been made to improve performance and ease of use, so that Virtual Browser remains the best solution for secure web access in the enterprise.

The SANS Institute, internationally recognized for its leadership in information security training and certification, has just published a threat report under the title “The Top Cyber Security Risks“. It comes as no surprise to us at commonIT that the report clearly identifies web usage as the key vector for attacks, whether at the client side or on the server.

The report leads by identifying two priorities that need addressing: unpatched client-side software, and vulnerabilities in Internet-facing web sites. Based on data collected between March and August of this year, the authors show that application vulnerabilities now far exceed those being discovered in the operating system, commenting that “browsers and client-side applications that can be invoked by browsers seem to be consistently targeted”.

A well-developed tutorial included in the report describes one specific way in which the enterprise can expose itself to web-based penetration. But the report is full of interesting data, and merits the time to read it for any information security professional.

And so to Virtual Browser. If we find the report particularly interesting and relevant, it’s not just for the quality of the data. It’s also because our Virtual Browser technology successfully addresses and mitigates the situations described, something no other technology on the market today is capable of. By putting the browser in a datacenter-hosted virtual machine and isolating browsing sessions from each other, the enterprise is fully protected whether the client side or server side is compromised. Virtual Browser — the enterprise browser solution, Secure by Design.

Thoroughly tested and validated by users and industry experts, Virtual Browser release 1.0, available immediately, fulfils market demands for secure, mobile access to web-based applications.

After several months of testing by potential customers and partners, we launch the release of version 1.0 of the Virtual Browser solution. “The way Virtual Browser is designed inherently protects the user’s PC and the network against web-based threats” said Joseph Latanicki, security architect at Theresis, the innovation laboratory of Thales Security, Solutions & Services division, one of the industry specialists who has tested the solution. “It also facilitates the control of web usage in the enterprise, including analysis of content delivered over https connections. But looking beyond the security features, Virtual Browser also offers other key features making it easier for enterprises to deploy web-based application access”. In fact the Virtual Browser architecture, in addition to its “secure by design” guarantee, allows the enterprise to design and deploy new web services without having to worry about compatibility with multiple browser  solutions and releases or the problems of security on remote or mobile terminals. The optimum browser for any application is offered transparently to the user by the virtualisation architecture.

The RSA Spring conference in San Francisco (20th-24th April) is a worldwide showcase for security technologies. It’s an opportunity we wouldn’t want to miss. But with just three months between the date we incorporated and the event in San Francisco, the logistics of organizing our presence as an exhibitor while managing all the other aspects of getting our business up and running would have been overwhelming.

But RSA has (in a sense) come to our rescue! This year’s conference includes a side dish called the RSA Innovation Sandbox. Basically a start-up competition, RSA invites innovators like commonIT to sign up to deliver a four minute presentation and demo of their technology to a panel of industry gurus.

At the last count we were one of nearly 30 companies competing. If you’re registered to attend the RSA Conference you can help us by following this link and registering a vote for Virtual Browser.

And should we reach San Francisco, there’ll be a glass of Anchor Steam for any of our supporters we meet up with! Meanwhile here’s a preview of our 30 second demo video.

Virtual Browser has started to get attention from IT press and we are proud to present you some articles talking about commonIT’s launch.

Among them, a long interview in Global Security Mag and some news on specialized French web sites like Security Vibes and Mag securs.

But this is just the beginning…

Surfing on our ”stress-free blog” you can find our vision of web security and our perception of the IT market… But, to better understand this vision, you probably need more details about us and about our innovation, Virtual Browser.

Virtual Browser is a new web browser that guarantees security and mobility by design.

Virtual Browser does not run on the user device but in a dedicated secure environment, on a virtual machine in a DMZ or “in the cloud”. Only presentation data (image, sound, keyboard, mouse,  print, etc.) are displayed on the user’s computer. The core of the browser runs on the remote software appliance, ensuring that attacks are unable to hit user data, end ponit devices or the network. Moreover Virtual Browser isolates web sessions on separate virtual machines according to their security level. This means business critical web services (such as CRM, online banking and so on) are safe and isolated from user web surfing.

Virtual Browser can also play the role of a remote client to access internal web applications. For mobile users, Virtual Browser maintains the user environment, so that the user always gets their personal bookmarks and cookies even when connecting from different devices - including PDAs and smartphones.

By the way, Virtual Browser can be used as a secure client to facilitate customer or partner access to enterprise web applications. With Virtual Browser the company can not only protect customers but also controla how they access business services. Because no IP connexion is mounted between the user’s computer and the application server, there is no risk of contamination from an infected device (so no need for end-point integity checking).

A few months ago, Checkpoint/ZoneAlarm launched ForceField, a “Virtualized Browser Security” solution. When you look at the product description, you can read:

“ZoneAlarm ForceField provides a protective layer around your browser, shielding you from drive-by downloads, browser exploits, phishing attempts, spyware and keyloggers. So your passwords, your confidential information, and your financial data remain protected“. ZoneAlarm then asserts that ”Nothing else protects you like ZoneAlarm ForceField“….

This seems very promising and could be a very good answer to the multiple browser security issues. But then comes the reality… maybe you’ve already read this excellent article from Infoworld that explains that Robert Grimes needed only 60 seconds to bypass ForceField protection. In fact, this is not really surprising; it was already the case when the same Grimes tested GreenBorder (bought by Google) a few years ago. This is not really surprising because it’s not the implementation of the “sandbox” technology which failed but the concept itself of using a sandbox to protect the web browser. Moreover, the experts at Checkpoint/ZoneAlarm themselves admit: for optimum security, you have to use an updated and secured underlying system !!! Where is the virtualization ? This type of product is just one more security layer you have to install and manage on the user workstation…

What’s the solution ? A REAL virtual browser, REALLY executing in a distinct environment, which doesn’t need an updated and secured underlying system to provide a ”stress-free Internet” experience.