Is a Walled Garden Better for Security?

By Robert Bellamy -

With the issue of cybersecurity becoming increasingly important every year, and security professionals feeling under fire by battalions of hackers and malicious actors around the world, some firms have turned to building walls around the apps and services that they offer to users.

This idea, commonly referred to as a “walled garden,” works on the principle that by restricting what users have access to, or what people can upload to a platform, companies can minimize risk. The idea makes sense in some ways. But it can also get out of hand.

One of the best and clearest examples of a walled garden is Apple’s iOS platform design, contrasted with the more “open source” Google/Android system. Even most non-techies are somewhat acquainted with how this works: unlike its competitor, Apple moved to build a system where only proprietary vetted apps can compete. Apple’s move with iOS follows a familiar thread, for example, evident in the company’s previous line of personal computers: Apple and Macintosh machines have been notably less likely to crash or get infiltrated with viruses or other malware than the traditional PC computer.

Do Threats Lurk in the Walled Garden?

Early in the “smartphone wars,” it looked like Apple’s protective design was going to work pretty well in shielding users from hordes of hackers outside the walls. But in recent years, we’ve seen some unsettling shifts in reporting around iOS security.

For example, in 2014 Trend Micro was reporting on how a “Masque Attack” was infiltrating iOS to replace real apps with fake ones. Six months later, FireEye reported on the lack of collective user system updates that left many phones vulnerable, also showing much of the destructive activity that hackers could use Masque to do, including “breaking the app data container.”

By the beginning of 2016, FireEye and others were talking about threats like XCodeGhost’s “trojanized” iOS attacks, as well as another new problem:“hot-patching.” This latest problem exploits Apple’s process for updates and leaves doors open to attackers. It was said that Apple’s mandatory software patching submission process compelled developers to develop workarounds that jeopardized even non-jailbroken Apple phones.

This March, Apple sent out an ultimatum to developers using Rollout.io and JSPatch, partially in response to the FireEye reports. Apple’s enforcement shows that the company is serious about fixing any potential vulnerabilities – but it’s also another real illustration of how, even in a walled garden, users are not completely safe from attackers. Vulnerabilities still exist, and responsibilities still apply.

In a sense, working in a proprietary, protected system can lull people into a false sense of security. It doesn’t make sense to just set up a better app store or network and think that you’re done. The learning process on cybersecurity is ongoing. It’s incumbent on engineers, designers, and top managers to not just design well, but to keep on top of risks on a daily basis.

This is what drives organizations to partner with SentinelOne, to patrol not just the perimeter of a system, but its interior, seeking out actual data that can represent latent, dwelling or immediate threats. SentinelOne’s Endpoint Protection Platform combines machine learning technologies that practice behavior analysis, threat identification, and the proactive analysis that protects any system.

In cybersecurity, updated service is paramount: SentinelOne’s offer of a “ransomware warranty,” in a year where ransomware has been a visceral, commonplace concern for IT managers, is one indicator of how closely the company’s services track today’s security needs. Talk to SentinelOne about getting set up with the support that will offer real security, not just a security blanket.