Menlo Security, the Menlo Park, Calif.-based enterprise security startup, is revealing a new approach to security along with $25 million in funding to start building its market.

Menlo's approach, being revealed today, is a bit of a wild one. Though it's ostensibly endpoint protection for Web browsing and email, this approach secures the endpoints by eliminating them.

No kidding — the endpoint devices and users are all still there, of course, but nothing from the public Web gets through to them.

Instead, Menlo routes all traffic through what it calls an isolation platform, a cloud-based entity that executes any code in disposable containers and renders a non-executable display of the original Web page for the user. After every session, the isolation container gets shredded.

Menlo sells the isolation platform both as a cloud service and virtual on-premises appliance.

"The whole notion of good and bad is broken," says Menlo CTO Kowsik Guruswamy. "So we're executing all of the content, and not trying to determine whether it's good or bad."

That, says Guruswamy, is a key distinction from competitors like FireEye, which executes incoming code in a sandbox environment to determine whether it appears malicious before allowing traffic through. In contrast, Menlo Security lets no traffic through.

It's hard to believe that this approach wouldn't impact user experience, but that's what the Menlo team claims. The product has a "few dozen customers" so far, Guruswamy says.

Founded in 2013 by former Juniper veteran Amir Ben-Efraim (now CEO) and others, Menlo Security had previously raised $10.5 million in a Series A led by Osage University Partners and General Catalyst Partners.

The $25 million series B being announced today includes the prior investors and is led by Sutter Hill Ventures.

Sutter Hill managing director Stefan Dyckerhoff will join Menlo's board as part of the deal; you'll recall he's also involved with secure-server startup Skyport Systems.