How Remote Browser Isolation (RBI) Can Be A Powerful Addition To Your Security Arsenal

Browser isolation protects the user (and by extension, your organization) by keeping their web browsing session isolated from the rest of the endpoint, ensuring malicious content is isolated and contained. We’ll explain the two types of browser isolation technologies, and why we recommend adding remote browser isolation (RBI) to your layered security approach.

While email is still the most popular attack vector for cyber attackers, the web browser can be just as dangerous. Malicious links can easily redirect unsuspecting users to unknown websites and download malware without a user’s knowledge.

Browser isolation, sometimes referred to as web isolation, is a technology that can protect the user from these types of attacks by keeping the web browsing session isolated from the rest of the endpoint. While browser isolation can be deployed with different methods, ultimately the end goal is to protect the local endpoint from malicious content, such as malware, ransomware, zero-day threats, drive-by downloads, and credential theft. Should something malicious happen to execute on the browser, browser isolation ensures that the threat is contained in the isolated environment and not passed to the endpoint.

In general, we can categorize browser isolation into two ways: Client-side isolation, and server-side isolation, also called remote browser isolation (RBI).

Client-Side Browser Isolation

Client-side browser isolation works directly on the user’s machine, usually with a type of virtual machine or container technology. For instance, Microsoft has a client-side solution called Application Guard, which uses the native Hyper-V hypervisor. This platform runs the Microsoft Edge browser in a virtualized container, which helps prevent web-based exploits from reaching the actual endpoint. Once the browser is closed, everything in the container is destroyed.

Server-Side/Remote Browser Isolation

Remote browser isolation (RBI) solutions are server-based and can be delivered to the user as either a SaaS or an on-premises solution. The isolated browser session runs on the remote platform in an isolated container and the session is streamed and rendered back to the client.

The two primary technologies used in RBI solutions are pixel pushing and DOM reconstruction:

Pixel Pushing

  • Captures what is being displayed in the remote isolated browser session and renders the content back to the browser on the local endpoint. Pixel pushing technology is great for security and website compatibility but suffers from latency and requires higher bandwidth and more powerful CPUs to run effectively.

DOM Reconstruction

  • Attempts to clean or remove all potentially dangerous components from the remote web browser session by rebuilding the DOM on the local endpoint while stripping away malicious content, like scripts, CSS, or other HTML components. DOM reconstructing works to remove threats similar to how a secure email gateway might scan a Microsoft Office document, remove the macros, and then recreate the document before delivering it to the user. Although speed and performance may be better with DOM reconstruction when compared to pixel pushing, security may be compromised if malicious content is missed during reconstruction.

What solution do you need?

No single solution is 100% effective in securing endpoints, so a multi-layered approach is necessary, and RBI helps in this aspect. For example, while most next-generation firewalls (NGFW) have a way to rate a website URL or IP address by assigning it a rating or category, if the websites or IP addresses are not rated, they are put into the category of unrated. Sometimes, legitimate websites also fall into this category, which may lead to numerous requests to unblock or recategorize those websites. This can be a nuisance to administrators, who might allow the entire unrated category in their NGFW or secure web gateway (SWG) in frustration. However, this can be dangerous as malicious sites can also fall into the unrated category. RBI is a wonderful solution to this problem since administrators can flexibly isolate sessions that fall into the unrated category while still protecting users from anything malicious.

Most browser isolation solutions are easy to deploy with a little planning. Depending on the type of solution you choose, you can integrate these solutions with your existing NGFW, SWG, in-browser via a plug-in, or via other zero-trust network access (ZTNA) type solutions.

How to evaluate RBI solutions

If your organization is considering adding RBI to your security arsenal, here are some features we recommend you look for:

  • Rendering Options
    • Look for solutions that provide the user with the best flexibility in terms of performance and security. We suggest avoiding solutions that only offer first-generation pixel-pushing technology because if the performance is not as close as possible to a regular browsing session, users will not want to use the platform.
  • Flexible Policies
    • The solution should allow administrators the ability to pick different rendering options for specific websites or categories.
  • Cloud Infrastructure
    • Make sure the cloud provider has a redundant stack across multiple geographic locations. Some platforms also have redundancy across multiple cloud providers, which means deployments may be split between Microsoft Azure and Amazon AWS.
  • Phishing Protection
    • Does the solution help to protect against phishing in addition to scanning for malware and other threats? Robust solutions can make web pages “read-only” restricting users from entering credentials into a possible compromised site.
  • Solution Independence
    • Is the solution tightly coupled with a specific vendor NGFW or SWG or compatible with any NGFW or SWG? Can the system be used independently? If you decide to change your NGFW or SWG, you do not want to run the risk of needing to replace your RBI solution as well.
  • SOC Integration
    • The solution should be able to send information to industry-leading SIEM platforms for SOC analysis for isolated sessions.

How can SilverSky help?

SilverSky can help you plan, implement, and manage your RBI strategy for your organization. We have relationships with industry-leading providers of RBI solutions and our staff is well-trained and versed in these technologies.

If you would like to learn more about how our team can help with RBI solutions, please contact us at any time.