Hillview Technologies endpoint security

Hillview TechnologiesHillview Technologies, interview with Marios Leventopoulos
Date: 15 February 2014
Hillview Technologies Website

Employees are expecting ever increasing flexibility with regards to how they work, both in terms of mobility and range of devices. This poses an interesting security challenge for the Corporate IT department. Giving devices open access to uncontrolled networks makes them highly vulnerable.

Arguably the largest risk for endpoint devices like phones, laptops and tablets to get infected is website access through your browser. Malicious code can run on your endpoint through your browser, affecting your entire device, the files on it and potentially the network that the device is brought into.
Hillview technologies intro

Enter Hillview Technologies. They have developed a service that protects all endpoint devices from getting infected by malignant code running on websites.

Hillview effectively creates a proxy-based security buffer between the browser on your endpoint and the actual website you visit, so that no code – malignant or benign – ever runs on your device.

For a bit of background, Hillview Technologies is a VMware security spinout. I spoke with the VP of Engineering Marios Leventopoulos who ran me through their product and company history.

Usecase
As Marios put it: “If you think about it, it is crazy how the current system works. When you’re browsing you don’t know where you’re going and that site starts running code on your endpoint.”

IT departments could use Hillview Technologies as a proxy setting for all endpoint devices. All the traffic gets routed safely through Hillview’s servers and no code runs on the endpoint devices anymore. This has the added management benefit of not having to worry about updating security patches for the many browser versions on a range of different endpoint devices.

Hillview can be run as a service but the technology can also be deployed locally on your own infrastructure. The latter is an important option for those companies that do not trust their data to be routed via a third party.

How does it work?
In short, Hillview has created what is effectively a bufferzone between the endpoint device and websites accessed through your browser.

The solution works with any standard browser; Chrome, Mozilla or Internet Explorer all work like the user would normally expect.

To get a clear understanding of their solution, I first asked Mario to explain the fundamentals of browser-web interaction and then go into the details of his solution.

Standard browser-Website session
He explained that as standard, a browser session works as follows;

1) The browser gets all the information from the website – HTML, java etc. and builds a DOM, a Document Object model. At a high level you can think of a DOM as an internal memory data structure representing what you can see on the screen. A DOM describes everything that is on your screen.
2) The DOM gets rendered by the browser’s rendering engine and draws an image on your screen.
3) Any input on your device (mouse/text) is again sent to the website, the website returns an adjusted DOM and the process starts all over.

Hillview enabled session

Marios: Using Hillview technologies, the traffic now goes through our proxy because that’s how you configured it. On our side we see there is a client with a browser that is trying to connect to Google.
Hillview technologies
We start a session for you and that session connects to Google.com. That session serves Google.com and gets whatever is there, html, javascripts etc. to run on our servers and it creates a DOM.

Hillview does the DOM processing and generation on our servers – because that is the dangerous part – that’s where you execute the script where all the code gets sent.

Once the DOM is processed we sent it down to your browser. All the information that your client gets sent is what your screen should look like, no code.

All the user input is captured with a technology that is like a remote desktop. We pass this information to our browser on our servers, this browser now moves the mouse and types as you did. That will generate a reaction which will make changes to the DOM again.

There is never any external code running on your endpoint.

Kinks to work out
One of the main challenges Marios sees, is that when people are not using the Hillview proxy all the time, the endpoints still may get infected. Then the service makes little sense to use.

According to Marios: ‘Latency and putting a proxy close that you trust is critical to user adoption. We do not have a full answer to this yet, we cannot force users to set the proxy to our service.’

Right now Hillview servers are running in Kansas, Hillview is planning to extend their infrastructure so that their service works unnoticed.

Background to Hillview technologies

WTH: Marios, can you tell a bit about the background of the company and where you guys are now?

Marios: I came from RSA and started out at VMware working the Security unit. I was running the vShield endpoint at the time, which was a partnership with antivirus companies.

In 2012 the CEO was trying to attract people to stay at VMware, it was 4 years after the IPO and any people were leaving and starting their own companies.

He said if we had a good idea, we didn’t have to leave and we can fund you. My friend and I were about ready to get out, so we decided to give it a try. They gave us six months to come up with something and we did. We raised another round and grew our team to the current 12 people.

Then later we realized that the situation at VMware was not the best for us as a company. This summer we agreed that we spin it off, VMware keeps equity as an angel founder and we are going to look for VCs to fund us and we’re going to be an independent company. That is exactly what happened.

It is really exciting, as of September we are Hillview Technologies and are growing the team. We released our first version in January 2014 and are working hard on our sales and marketing.

At the moment we are looking for extra VC funding and are interested for partnership with bigger players. We came from VMware with only a team of engineers.

(Laughing) We need to be able to hire more people! I am VP of engineering and I am doing marketing now, imagine that! Though I enjoy this talk, I would rather be coding.

I really enjoyed my talk with Marios and will keep in touch with Hillview Technologies, update on them from time to time!

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd met *