Browser isolation protects the user (and by extension, your organization) by keeping their web browsing session isolated from the rest of the endpoint, ensuring malicious content is isolated and contained. We’ll explain the two types of browser isolation technologies, and why we recommend adding remote browser isolation (RBI) to your layered security approach.
While email is still the most popular attack vector for cyber attackers, the web browser can be just as dangerous. Malicious links can easily redirect unsuspecting users to unknown websites and download malware without a user’s knowledge.
Browser isolation, sometimes referred to as web isolation, is a technology that can protect the user from these types of attacks by keeping the web browsing session isolated from the rest of the endpoint. While browser isolation can be deployed with different methods, ultimately the end goal is to protect the local endpoint from malicious content, such as malware, ransomware, zero-day threats, drive-by downloads, and credential theft. Should something malicious happen to execute on the browser, browser isolation ensures that the threat is contained in the isolated environment and not passed to the endpoint.
In general, we can categorize browser isolation into two ways: Client-side isolation, and server-side isolation, also called remote browser isolation (RBI).
Client-side browser isolation works directly on the user’s machine, usually with a type of virtual machine or container technology. For instance, Microsoft has a client-side solution called Application Guard, which uses the native Hyper-V hypervisor. This platform runs the Microsoft Edge browser in a virtualized container, which helps prevent web-based exploits from reaching the actual endpoint. Once the browser is closed, everything in the container is destroyed.
Remote browser isolation (RBI) solutions are server-based and can be delivered to the user as either a SaaS or an on-premises solution. The isolated browser session runs on the remote platform in an isolated container and the session is streamed and rendered back to the client.
The two primary technologies used in RBI solutions are pixel pushing and DOM reconstruction:
Pixel Pushing
DOM Reconstruction
No single solution is 100% effective in securing endpoints, so a multi-layered approach is necessary, and RBI helps in this aspect. For example, while most next-generation firewalls (NGFW) have a way to rate a website URL or IP address by assigning it a rating or category, if the websites or IP addresses are not rated, they are put into the category of unrated. Sometimes, legitimate websites also fall into this category, which may lead to numerous requests to unblock or recategorize those websites. This can be a nuisance to administrators, who might allow the entire unrated category in their NGFW or secure web gateway (SWG) in frustration. However, this can be dangerous as malicious sites can also fall into the unrated category. RBI is a wonderful solution to this problem since administrators can flexibly isolate sessions that fall into the unrated category while still protecting users from anything malicious.
Most browser isolation solutions are easy to deploy with a little planning. Depending on the type of solution you choose, you can integrate these solutions with your existing NGFW, SWG, in-browser via a plug-in, or via other zero-trust network access (ZTNA) type solutions.
If your organization is considering adding RBI to your security arsenal, here are some features we recommend you look for:
SilverSky can help you plan, implement, and manage your RBI strategy for your organization. We have relationships with industry-leading providers of RBI solutions and our staff is well-trained and versed in these technologies.
If you would like to learn more about how our team can help with RBI solutions, please contact us at any time.