In honor of the IT Award they won in the category of Information Security, we spoke to Shay Guttmann, VP Technology & Digital Officer at O.P.S.I, the Authorized Service Contractor for UPS in Israel, David Benzano, Director of Infrastructures and Information Security at O.P.S.I and Erez Goldstein, CEO of Integrity Software and founder of Crusoe Security.
People and Computers editorial
What is this project actually about?
“Everybody knows that the internet poses a significant security threat for organizations,” says Benzano.
“An employee browsing the internet from within the organizational network exposes the organization to countless threats such as viruses, spyware, phishing and of course the latest hit – ransom attacks.”
“In fact, the employee’s browser is an excellent ‘landing surface’ for any attacker. Obviously, at O.P.S.I we have tried all known methods to date: antiviruses, web filters, firewalls, etc. The thing is that by now, the attackers are familiar with these defenses, which are unable to prevent Zero Day attacks. The project we have chosen to implement was isolating the Internet from the organization. As part of the project we did two things:
- We blocked the employees’ access to the Internet while they’re connected to the organization’s network.
- We made sure their user experience was nearly identical – by using a remote, virtual browser which opens automatically when they go online to the external internet.”
How is a solution like that actually implemented, and does it really work?
“Let’s start from the end – it works. Period,” states Goldstein.
“The solution is based on the product Crusoe Security, which we represent in Israel.”
“Our first clients were organizations from the financial sector who are subject to regulations requiring them to separate the internet environment (such as Bank Hapoalim and Migdal Insurance); however, we have recently witnessed a wave of demand from industrial and services companies who recognize the urgent need to isolate the Internet from their organization. By now, dozens of companies use the solution intensively, and all internet activity in these organizations is carried out via the solution.”
And how does it work?
According to Goldstein, “It’s a simple principle – we automatically transfer the browser session from the internal network to a virtual browser – in O.P.S.I’s case, a Citrix based browser located outside the organization’s network.” (DMZ)
“In fact, the remote Citrix server is the one “surfing” and the user only receives a picture via a secure protocol (which is considered the most secure protocol and has never been breached). We will mention that our solution is supported by all the leading platforms including Citrix, VMware and Microsoft RDP.
“We deal with more than just automatic link redirection, rather also with everything related to the secure downloading and uploading of files, a uniform identification mechanism (single sign on) in order to improve browsing performance and of course separation and isolation of additional internet applications such as Skype for Business, Lync, ecommerce websites and so on.
Shay, as the organization’s CIO – where do you see the solution’s added value?
“I have to honestly say that I was skeptical about whether we would be able to isolate the internet which is a central access and work tool in our organization. I am very happy to eat my hat in this case. Along with the 100% information security, we are able to provide users with an excellent user experience. Crusoe Security, via Integrity Software, which has been a valued supplier of ours for many years now, puts a lot of effort into constantly improving the product and provides us with an excellent customer experience.”
“I will add to what Erez said, not only have we been successful in isolating the threats that come through the internet, but have also successfully prevented and blocked threats that infiltrated into our organization in other ways (via email or internal parties) and which need the internet in order to leak classified materials or receive encrypted files for ransom purposes. Thus we have doubled or even tripled the value derived from the system!”