Menlo Security Captures Malware in Containerized Micro Services, Part One

Web frameworks, architectures, and methodologies of the future will trend toward breaking up big web services into lots of little pieces, all with slightly different requirements with containers providing a software construct, says Kowsik Guruswamy, CTO, Menlo Security. “Containers will provide a way to run these pieces in isolation with the ability to scale, manage, and update each one individually,” explains Guruswamy.

Menlo Security applies that capability to web security for web browser traffic where there is a strong need today. “We found that one in three of the one million websites we looked at posed some sort of risk while one in five was running really old software,” says Guruswamy.

To address that, Menlo Security sets a proxy between enterprise web users and the Internet such that web traffic must first enter a system of Linux / LXC containers. All of the code coming in from all these different vulnerable services and websites, which are probably already exploited and serving malware, executes inside the containers in the public or private cloud, says Guruswamy. “The result is that the user endpoints, whether PCs or Macs, never receive the malware due to the isolation provided by the containers, which are disposable,” says Guruswamy.

The process of avoiding infection is like buying a computer, surfing to one site, and then throwing that computer away and getting a new one before moving on to the next website, illustrates Guruswamy. There is no lasting capability for malware to reach the device in question because the web services that contain the malware disappear with each container, which the system deletes after one use (on a single website / domain only). It is also similar to a virtual desktop scenario where the system can close out the virtual desktop image and reopen it anew with a clean, new, uninfected image.

Rather than require some type of endpoint software or agent to run like the virtual desktop does, Menlo Security’s proxy solution enables users to surf directly from their regular web browser without fear of downloading malware.

“We take care of all the magic in the middle between the user and the Internet without any performance degradation or the slightest hint that we’re there,” says Guruswamy. All the web functions and features the user expects remain intact. “But if you look under the hood, you’ll notice that none of the code from anywhere on the Internet came to your desktop machine. That’s how we keep you safe,” says Guruswamy.


We offer our product as a public cloud service and virtually, running in the customer’s data center, says Guruswamy. Using proxy technology, Menlo Security can install the public cloud service by inserting a single line of code, a URL deployed into the browser using proxy auto-integration, Guruswamy explains.

“The browser will start redirecting all traffic first through our cloud and many of our customers use that because it’s a very simple deployment model where we can protect them even if they’re working out of a Starbucks or if they are traveling,” says Guruswamy. It also does not require on premise equipment or ramping up your own data center.

Two achievements make Menlo Security’s approach possible. The first one is its ability to use containers in a rapid, disposable manner so that the customer is effectively receiving the benefits of a virtual browser that takes the bullet on behalf of the user and the organization, ensuring that any active coded content never arrives on the endpoint, explains Guruswamy.

The second accomplishment for Menlo Security is its development of adaptive rendering technology that preserves the user experience without requiring a software agent or any endpoint software so the user can browse websites good or bad (infected) without concern for malware, Guruswamy says. “Every time you click from one web domain to another or open a new tab, Menlo Security creates and uses brand new containers for the required web services and disposes of the containers and the web services inside them that you are through with. That’s a very different model from the virtual desktop model that will sometimes remain in place for two weeks,” says Guruswamy.

Stay Tuned

Stay tuned until next time when we learn more about Menlo Security and how its technology works in Part Two of “Menlo Security Captures Malware in Containerized Micro Services”.

David Geer

David Geer’s work has appeared in ScientificAmerican, The Economist Technology Quarterly, CSO & CSOonline, FierceMarkets, TechTarget, InformationWeek, Computerworld,,, IEEE Computer Society’s Computer magazine, IEEE Distributed Systems Online, Government Security News, Laptop, Smart Computing, Technical Support, The Hosting Standard (Canada), (UK), SIGnature, Processor, and the Engineering News-Record. David served as a technician at CoreComm in Cleveland, OH prior venturing into writing.

David Geer has 24 posts and counting. See all posts by David Geer