Catching all Threats – Known, Unknown, and Unknown Unknown — Before They Can Harm You

By Joshua Behar

At a news briefing in 2002, then U.S. Secretary of Defense Donald Rumsfeld, famously broke down threats into three categories of “knowability”: “Known knowns,” are the threats we are fully aware of; “known unknowns,” are the things we know we don’t know; and finally, the “unknown unknowns” – those threats that we don’t even know we don’t know.

While Rumsfeld was relating to questions of national security, his mind-bending, tongue-twisting classifications apply equally well to cybersecurity. In fact, they serve as a valuable framework for thinking about the layers of defense every enterprise needs to protect its networks and systems from threats – whether known knowns, known unknowns, or even unknown unknowns.

Blocking the Known Knowns: Anti-Virus and Firewalls

Even for the most veteran internet users (and pardon if I wax nostalgic here), it’s hard to remember when the net was new, and sites were few. Similarly, it’s hard to remember back to a time where we thought that the pool of viruses and malware was knowable and finite.

Early anti-virus solutions aimed to block known viruses. However, as the list grew longer and longer, and progressively less manageable, anti-virus solutions also grew more sophisticated, able to recognize patterns and signatures as well as individual viruses. The introduction of firewalls, which filter known elements that are recognizable as malicious, complemented anti-virus solutions, forming a then-strong basic layer of perimeter protection against known malware.

Protection from Known Unknowns: URL Filtering and Sandboxes

With time, the number of viruses and malware grew too extensive to list. Malware developers began leveraging small variations to render known threats undetectable, much as bacteria develop mutations that render them antibiotic-resistant. While these threats are not fully known, security solutions “know” they are out there, are familiar with their general profile, and offer some protection from these “known unknown” threats.

URL filters, for instance, enable enterprises to simply block sites deemed risky or unnecessary for business, thus, protecting endpoints and networks from unknown threats that might lurk on those sites. Sandboxes represent a somewhat more nuanced approach to the “known unknown” challenge, providing a safe space in which files run until malware within is “outed” and makes itself known.

Defending Against Unknown Unknowns

The trouble is that not all web-borne threats are known, or even known to be unknown. The internet is teeming with unknown unknowns, a whole host of fast-evolving malware and other exploits that are unrecognized by and invisible to antivirus, network filters, intrusion detection/prevention systems, and other classic defensive solutions. Traditional decision-based security approaches, which depend on recognizing how the malware your system is likely to encounter looks and behaves, simply cannot defend against the myriad unknown unknown threats that lurk on the web.

One solution that effectively safeguards organizations from the unknown and unknowable dangers of internet browsing is Remote Browser Isolation (RBI). RBI renders all browser-executable code remotely so potentially risky files or code never reach the user device or organizational system.

Instead, websites are rendered in an isolated and disposable container, away from endpoints and networks. Since only a safe data stream reaches the user’s browser, users are free to browse any site that they need without danger. When the user closes a tab or stops browsing, the container is discarded along with any malicious code picked up from the session.

Since RBI solutions prevent all browser-borne executable code from reaching user devices or organizational systems, it protects against all threats, known or unknown.

In a world of limitless unknowable threats, true security lies in reducing the need to “know thy enemy” and proactively isolating even unknowable risks, such as browser-borne threats, where they can do no harm.  

About the Author

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.