Remote browser isolation (RBI) is a web security technology that neutralizes online threats by hosting users’ web browsing sessions on a remote server instead of the user’s endpoint device. RBI separates web content from the user’s device to reduce its attack surface. The endpoint receives a pixel-based stream of a webpage or app—not the active content. The user’s experience is unaffected, and hidden malicious code can’t reach them.
RBI, also called web isolation, creates an isolated environment when a user accesses risky web content, serving the user a cloud-hosted rendering of the content. By moving web browsing activity to a cloud domain without downloading the content, RBI prevents malware hidden in the content from reaching the endpoint or moving onto a network. In this way, RBI provides effective protection against known and unknown threats, supplementing other key cybersecurity functions.
Here’s a rundown of how remote browser isolation works:
A user tries to access potentially malicious web content
The request is evaluated against defined policies, and if there’s a match, the platform creates an isolated browser session
The platform connects to the content and loads it onto the remote isolated browser
Rendered web content is streamed to the end user’s native browser as pixels over an HTML5 canvas
What Are the Other Types of Browser Isolation?
There are three basic types of browser isolation technology:
Remote browser isolation runs in a cloud-hosted sandbox—an isolated testing environment—separate from an organization’s internal environment.
On-premises browser isolation works just like RBI, but it’s hosted as part of an organization’s internal IT environment.
Client-side/local browser isolation runs on a user’s endpoint in a virtualized sandbox and wipes browsing data after sessions.
Why Is Browser Isolation Important?
As your data and applications increasingly move from your data center to the cloud, your employees are doing more of their work over the internet. Often, they may be connected almost constantly. That can help keep them productive, but it also introduces risk.
Cyberattacks such as phishing acquire targets through a user’s web browser, serving malvertising (malicious ads), clickbait that can lead to malicious content, browser-based trojans, and more. Once a browser is connected to a site, it can give cybercriminals an open door into a user’s machine, and ultimately your network.
You can try to block high-risk websites through a firewall, but a blocklist won’t account for unknown threats, and an allowlist will frustrate your users with restrictions. Traditional network security measures weren’t designed for the cloud and today’s open internet. That’s why you need to use remote browser isolation.
RBI is not network security. By placing a user’s browser session in an isolated sandbox in the cloud, it ensures cyberthreats such as ransomware and other malware can’t enter your network through compromised webpages.
Benefits of Remote Browser Isolation
To make web browsing safer, remote browser isolation:
Enables secure access to risky web content by isolating users from web apps to deliver a safe rendering of web content, without requiring an endpoint agent on every device
Protects sensitive data from targeted attacks hidden in webpages, downloadable web content, and vulnerable plugins—all of which can lead to data loss
Removes the threat of data exfiltration by preventing webpages from compromising a endpoints even if the browser contains vulnerabilities or has unsafe plugins installed
Allows more open internet policies so you can minimize policy complexity, reduce risk, and give your users more leeway when it comes to web browsing
Challenges of Remote Browser Isolation
Despite the benefits, many remote browser isolation services have their share of drawbacks. Sandboxing a high volume of browsing sessions, and streaming the sessions to users, tends to result in:
High latency: The farther session data needs to travel between the user endpoint and the sandbox, the more lag time will result, making for a poor user experience. Complex security stacks, naturally, only make it worse.
High bandwidth consumption: Streaming pixels requires a large about of bandwidth, and your infrastructure can get overwhelmed easily if it’s not built to accommodate it.
High costs: Streaming encrypted video content requires a lot of computational power, and if you’re paying for the extra resources, it can get expensive.
RBI solutions based on traditional network architecture and hauling data across long distances and through capacity-limited hardware are never going to keep up with the needs of today’s distributed workforce. That’s why effective RBI pairs perfectly with a cloud native zero trust approach.
How Does Remote Browser Isolation Fit into a Zero Trust Security Architecture?
Zero trust is built on the premise that all network and user activity should be untrusted by default. With the right technology, your business can simultaneously leverage a zero trust approach with RBI to separate users from sessions and stop accidental and malicious data leakage.
Zero trust RBI extend the definition of zero trust to everything users do on the internet and in SaaS and private apps. Native integration with a complete cloud-delivered security stack gives you the unlimited scale and flexibility, so you don’t have to choose between speed and security. And only one vendor delivers it with the power of the world’s largest security cloud, trusted by more than 40% of the Fortune 500. That vendor is Zscaler.
Remote Browser Isolation with Zscaler
Zscaler Cloud Browser Isolation is a part of the Zero Trust Exchange™, our cloud-delivered zero trust platform. This industry-leading service isolates users and endpoints from all active web content, giving security teams peace of mind with the knowledge that their enterprise is protected from zero day vulnerabilities, ransomware, unsanctioned plugins, and other sophisticated threats. Plus, separating users from sessions helps stop accidental and malicious data leakage, which reduces overall risk.
Zscaler serves as an exchange between users, the internet, SaaS, and private apps, with the ability to inspect all traffic and enforce policy inline. As web traffic traverses the Zero Trust Exchange, Cloud Browser Isolation isolates it in real time, transforming web content into a safe stream of pixels delivered to the user. By creating an air gap between your users and the web, it helps maintain their productivity and offers a better user experience.