An Interview with Ritesh Agrawal, CEO of Airgap Networks
by Chuck Harold | Security Guy TV https://securityguyradio.com/
Airgap is a San Francisco Bay Area startup focused on providing protection for ransomware attacks. Airgap has a very unique perspective on some fundamental flaws in legacy network infrastructure designs.
How Does Airgap prevent propagation?
Despite our customer's best efforts, even when armed with multiple cybersecurity vendor tools, it is next to impossible to stop ransomware from breaching the perimeter of an organization. Once inside the network, ransomware exploits the legacy flaws of shared VLAN network designs. It is able to scan all devices and business applications on the shared network and then propagate the ransomware.
Airgap Networks' unique architecture ensures that the ransomware when inside your organization does not propagate to other devices or business applications.
How does Airgap make it happen? without forklift upgrades, design changes to your existing infrastructure, APIs, or agents. It almost sounds too good to be true.
Airgap has taken a fundamentally different approach in providing Zero Trust Isolation, meaning we do not trust any device. Our assumption is that all the devices are infected and we do not allow any unauthorized lateral communication. This is fundamentally different from other security vendors in the industry. And this makes us very unique.
And most importantly, the way Airgap makes it happen is, without forklift upgrades, or design changes to your existing infrastructure, without any APIs, or agents. It almost sounds too good to be true.
And those who have talked to us and understood exactly how it works. Airgap has taken a fundamentally different approach of providing Zero Trust Isolation, meaning we do not trust any device. We assume that all the devices are infected. And we do not allow any unauthorized lateral communication, only authorized lateral communication is allowed. And this is very different than other security vendors that you have seen in the industry. And that’s what makes us very unique.
Network Security Solutions for the Enterprise Campus and Data Center
Airgap takes a comprehensive view of enterprise networks and infrastructure. We want to be able to provide lateral communication protection, meaning if you have an Enterprise that is managing 10,000 appliances or devices inside the organization, one infected device has the potential to infect all 10,000 devices. Airgap ensures that this does not happen, ransomware stays confined to that one device.
Airgap actually ensures that that’s not the case. The ransomware stays confined to one device only. It’s sort of like the COVID-19 situation. When we were in a lockdown or “shelter-in-place” mode, we would be limited to infecting ourselves.
And so again, Airgap takes the same approach to the enterprise campus.
Airgap has a unique value proposition of converting your internal applications to look like bank applications.
For example, if you’re going to Wellsfargo.com, your experience is very simple and very secure. However, that is not always the case for internal applications in the enterprise. Airgap wants you to have the same experience as Wellsfargo.com from a security and convenience perspective. The beauty of our solution is it is done without having to make any changes to the applications or the devices, such as installing agents, or changes to the infrastructure. You will not need to replace your existing appliances or security gear purchased in the past. You preserve those investments, and you simply add Airgap as an additional layer of protection. Once you do that, you may realize that some of those investments you’ve made may be surplus to requirements going forward.
Savings: Reducing CAPEX and OPEX
When you have many, many applications inside the organization protecting you (and endpoints). It creates a lot of operational complexity for the IT team. Using Airgap can eliminate the need for some of those applications, not only saving CAPEX money but saving operational headaches by streamlining and improving the security posture of your business.
Shared VLANs: A closer look
Let’s look at what is happening in the enterprise, where they are using VLAN deployments. What I mean by shared VLAN is that there is a separate VLAN for say, all engineering or HR departments, within that shared VLAN, everybody can talk to everybody. That’s just the nature of shared VLANs. This is a 30-year-old blueprint that was good at the time when it was proposed in 90s. But it’s definitely not ideal today. What has happened since then? we’ve observed that there is very little lateral communication required for your business to be operational, with some exceptions. Printing or Google Chromecast, or Apple TV or video sharing. But other than that, you don’t have much going on. Yet, you have that shared VLAN “highway” available. Unfortunately, that “highway” is precisely what the hackers are using, not your employees or your IT teams. We essentially shut down that highway making exceptions for your printing and videoconferencing and a couple of other identified applications that you may have. This way you can continue to go about your business, but not give hackers access to the “highway” that they can use and exploit.
Proactive versus Reactive
Any good security solution should address both sides of this equation. As in, it should be proactive, to begin with. But, bad things can happen. Configuration errors, for example, somebody could drop in an unintended policy. This results in a network vulnerability, I call it human error. And that’s always possible, no matter how good a tool you have, there is a human error possibility. For this, you need to have reactive solutions as well. Airgap eliminates/stops all unauthorized communication inside your organization. There is so much unnecessary traffic, you realize this as soon as you deploy the Airgap Visibility Engine. The engine displays all the unnecessary and unauthorized applications that should be stopped immediately. Airgap takes care of that for you.
Airgap Ransomware Kill Switch
Now let’s say a device ends up getting infected with ransomware, today you won’t be able to instantly shut down the propagation of ransomware, and you may have 10,000 devices on the same VLAN, depending on the size of your organization. Now they are, one at a time, getting infected, it is a race against time. Airgap delivers you the industry-first Ransomware Kill Switch. Airgap is the only one that is able to do that for you.
The moment you flip the “switch”, it’s like you’re frozen in time.
The ransomware cannot propagate laterally, meanwhile, your employees can continue to go about their business of checking email, going to salesforce.com, going to Netflix or YouTube, or whatever their intended destination is, sure they will not be able to print or videoconference but crucially, malware cannot propagate laterally. This is a very, very valuable solution for an enterprise CIO, knowing that once they flip the switch, within one second, my storage is protected, my devices are protected, and I can go about my forensic analysis. Once everything is recovered, I can now “unflip” if there is such a word, the switch, and go about my regular business.
Secure Attack Surfaces
The fundamental belief at Airgap is that there is so much-unauthorized access available inside the organization. We eliminate that unauthorized access, and now the attack surface becomes dramatically smaller. The second step is to start observing the traffic that you have authorized. If we notice an anomaly there, we obviously shut down and isolate those devices.
For example, if you print, you send a 100 kilobytes file to a printer, and the printer prints that page, and you’re set. But if we subsequentially observe that the printer is responding with five gigabytes file in response. You and I can easily tell there is something wrong here because there is zero reasons for a printer to respond with a five-gigabyte file to a print command. This is one example where we would say, look, this printer doesn’t look right, let’s isolate and alert the IT organization to investigate. They will receive all the details captured to allow them to complete forensic analysis, potentially removing the printer from the network, or resetting and reformatting it. It’s up to them to bring back a clean printer to the network and go back to business.
Agentless. Beyond Micro-Segmentation.
Our solution is actually a lot more than micro-segmentation, but they’re definitely components of micro-segmentation.
Let me explain. Typically, when the industry thinks about micro-segmentation, they are thinking about an agent-based solution, an agent is deployed inside the virtual machine or container, or inside a host, where you’re hosting the virtual machines and is typically used in the context of data center. However, it is impossible to install agents into your television, for example, or into your Chromecast device or Apple Watch, or Android devices.
Airgap actually provides micro-segmentation without requiring any agents whatsoever. Now you are able to protect your TVs, refrigerator as well as your computers and unmanaged devices such as Apple, TV, and watches, and so on and so forth. In addition to micro-segmentation, Airgap provides protection for business applications, and the third thing, as discussed earlier, the Ransomware Kill Switch, a typical micro-segmentation company solution won’t provide you a ransomware kill switch because they cannot. This is a unique offering from Airgap.
So to think about Airgap, it’s a lot more than micro-segmentation. Its agentless design makes it much easier to deploy.
Security Intelligence
Security, intelligence is very important. The unique way of deploying Airgap allows us to detect, without any false positives, infected devices inside the organization. We provide this intelligence to the IT administrator or security operations team who can immediately take an action. In our early days, when we talked to our customers and explained how we do zero false positives, which is much coveted by SecOps teams. They were like “ …there is no solution available. And you couldn’t have a solution” because it’s just a very hard problem to solve.
Once we showcase how we actually make it work and walk them through a packet flow, they become fans, they understand that Airgap can provide a zero false-positive solution. This is our value proposition for our customers where they can know positively there is an infected device and they can instantly take the device out of the equation and/or out of the network.
A Unique Approach
Airgap Zero Trust Isolation is very unique, new, and complementary to what customers have invested in already. I always tell customers that you have to start investing in four areas: #1 Device to internet protection. In fact, I would say 80 to 90% of security companies are focused on device to internet protection. #2 Private application to private application protection, knowing that there are lots of servers inside the data center, and I want to be able to protect them. There are dozens, if not hundreds of companies in that space. Now moving to two areas that have not been addressed to date 3#device to device protection. I have 10,000 devices inside my organization and they are trying to infect each other…what do I do? Furthermore, there is another one that counts as #4 Device to private application protection.
I think we are trying to use legacy outdated technology to protect private applications from devices. And we are not really matching up to what is expected like a bank level security for my internal application. And this is the area where Airgap comes in.
I was saying this to my wife, who comes from a non technology background, if you have four doors in the house and you bought $5,000 locks for the two of the doors and the remaining two doors are unlocked. How secure are you? Her response, I would rather distribute $500 on locks for each of the four doors and save myself $1,000 and be more secure than I am today.
So that’s the best analogy I can give you. Airgap provides the locks for the two doors, Device to Device and Device to Private Applications that enterprises have sometimes neglected.
For more details on Airgap solution or need a demo, please email info@airgap.io or visit https://airgap.io.