Top

Airgap: agentless zero trust and the Ransomware Kill Switch

There is a fundamental flaw in enterprise networking architecture that contributes significantly to the ongoing ransomware epidemic. Part of the solution to this problem, according to Ritesh Agrawal, CEO and co-founder of Airgap, lies in the zero-trust strategies of large telecommunication providers. He spoke with 4i-mag on the side of Black Hat USA 2021 to discuss his company and product, and his conclusions about next generation cybersecurity.

More than 50% of organisations when asked confirmed that they were infected and impacted by ransomware in the past 2 years. Ransomware is undeniably everywhere.

No matter how many tools companies buy, they continue to get breached. This is not simply a failure of the cybersecurity companies serving them, Agrawal explained, but is rather due to an antiquated fault in how organisations manage their networks.

With millions of users on any given telecommunications company network — AT&T, Vodafone, etc. — it is a near certainty that a few of these customers have devices that are infected with ransomware. “And they are on the same network that we are on, but we don’t worry about it,” Agrawal said.

The simple reason is that only communication with the right permissions is ever accepted within a telecommunication network. It is this zero-trust model that enterprises need to employ to end the ransomware boom.

“Ransomware is an attack that likes to propagate […] to go to as many systems as possible, because the amount of ransom increases with the number of devices they compromise,” Agrawal said.

Once inside an enterprise network, a cybercriminal’s lateral movement is unrestricted in these trust-by-default environments. This allows them to gain access to all connected devices after penetrating the perimeter, working their way systematically towards mission-critical data and applications.

Airgap offers an answer to this risk, one that greatly reduces the possibility of threat propagation and provides a potent and controlled final safeguard: the Ransomware Kill Switch.

Courtesy of Airgap

Agentless zero trust

In a past life, Ritesh Agrawal worked for telecommunication hardware provider Juniper Networks. Roughly 20 years of experience there gave him a unique perspective on how to tackle the present propagation problem.

Airgap’s Zero Trust Isolation works on the assumption that every device is compromised, all of the time. Communication between devices sharing the same VLAN is strictly controlled through authentication and verification ring-fencing.

The solution protects both managed and unmanaged devices, such as IoT equipment. It also ensures higher-level protection for so-called ‘crown-jewels,’ or business-critical assets, through multifactor authentication. The impact and breadth of threats is drastically reduced, sometimes to a single device, Agrawal explained. At the same time, the solution requires no design changes, APIs, or agents.

“Most of the zero-trust solutions on the market require you to install an agent on the devices or endpoints you are trying to protect. There are two issues with agents: number one is volume,” the CEO explained.

Funnelling digital agents to all enterprise devices is a mammoth task, he said. Not only is it challenging because of scale, afterwards it becomes a repetitive chore, as software patches need to be continually circulated for all devices to remain secure. New devices must also be onboarded before they can be used.

The second issue with agent-based solutions, Agrawal highlighted, is that not all devices can handle an agent: capacity has its limits. Some devices are too small, or they are ‘black-box’ branded products whose manufacturers do not permit alterations.

Ultimately, these obstacles — volume, capacity, and access — limit the effectiveness and practicality of agent-based solutions, while making them time-consuming and resource-intensive, Agrawal explained.

“With Airgap, the quickest installation was 17 minutes, and the longest was 4 hours,” he said.

The solution comes with a sophisticated threat detection platform; however, the company understands that customers have invested millions of dollars in other security solutions that support detection.

“We don’t want to waste those dollars, so we collect telemetry information from all of the tools that you have and use those as a signal,” he explained.

Ransomware Kill Switch

No matter how good your protections, there is always an element of risk in cybersecurity due to human error. Someone can configure the network incorrectly in such a way as to lead to a compromise — even for organisations equipped with best-in-class security solutions.

“Now, if you get an outbreak of ransomware in such circumstances, then you need something that can surgically stop the propagation of ransomware,” Agrawal said.

The Ransomware Kill Switch does just that.

Airgap’s solution offers near-instantaneous one-click suspension of lateral communication within a shared VLAN. The Ransomware Kill Switch gives security teams the time they need to neutralise an active threat, whilst keeping the attacker’s access confined to only the devices that are already compromised. Once an attack has been dealt with, the switch can be easily reversed, immediately restoring lateral network communications.

Airgap’s features have garnered plenty of attention. The company recently signed separate partnerships with ransomware risk specialist GroupSense and cybersecurity risk and insurance firm Zeguro. Forbes tapped the company as one to watch in cybersecurity, and Dark Reading selected Airgap as one of the hot enterprise start-ups to watch at Black Hat USA 2021.

Courtesy of Airgap

Airgap launched general sales of its product on the 4th of August, after a limited release in January 2021. Patents are pending for Airgap’s Zero Trust Isolation and Ransomware Kill Switch. The company is based in California and was founded in 2019.

Mark Swift is a Scottish freelance journalist and writer based in Paris. His work covers business, technology, European politics, and EU policy. Before writing for 4i-mag, he was a journalist for Young Company Finance Scotland, covering investment in Scottish technology start-ups. Mark's portfolio can be found here: muckrack.com/mark-swift-1/portfolio