Remote browser isolation is an advanced cybersecurity technique that provides an additional layer of protection for users and organizations. Browser isolation separates browsing activity from endpoint hardware, thereby reducing the device’s attack surface. When a user accesses a web page or app, it is loaded onto a remote browser that serves a rendering of the webpage to the user. The page operates normally, but only pixels are delivered to the user. There is no active content downloaded, so malicious code that may be hidden is kept at bay.
Spending time on the internet is no longer a luxury. It has become part of our daily personal lives and is critical to doing our jobs and conducting business. Employees traverse the internet every day, and not just to watch cat videos or do their holiday shopping. The data and applications that employees need to do their jobs now reside in the cloud and are accessed through the internet.
The need for a persistent connection to the internet is opening up organizations to greater risk, as most cyberattacks target users through their browsers, serving malvertising (malicious ads), click bait that can lead to malicious content, browser-based Trojans, and more. Once a browser is connected to a site, it gives cybercriminals an open door into a user’s machine and, quite likely, your network.
Organizations can try to block potentially risky websites, such as newly registered domains, but this approach doesn’t account for times when users accidentally wind up on infected sites, perhaps by mistyping a URL. And organizations want their employees to be able to do extensive research, which sometimes means visiting sites in foreign countries or viewing content from unknown entities.
That leaves organizations in a quandary. How do you give your employees unfettered internet access while still protecting your organization?
It is possible to allow employees access to the internet without worrying about their safety or putting your network at risk. With browser isolation, companies can be assured that destructive viruses and malware will not enter the network through compromised webpages.
Remote browser isolation enables safe access to web content by separating a user from the actual web application. By creating an “air gap” between the user and potentially risky web content, organizations can confidently stop attacks from advanced threats and protect sensitive data as well as employees.
Gartner has been espousing the benefits of browser isolation technologies for much of this decade.
In 2016, Gartner predicted that 50 percent of enterprises will actively begin to isolate their employees web browsing activity during the next three years.
And, in 2017, Gartner wrote:
In today’s digitally connected world, spending time on the internet is a requirement. To make that time safer, remote browser isolation:
Enables safe access to risky web content: It isolates users from web apps and delivers a safe rendering of web content—without requiring an endpoint agent on every device.
Protects sensitive data: It protects users and executives from targeted attacks hidden in web pages, downloadable web content, and vulnerable plug-ins.
Removes the threat of data exfiltration: It eliminates the ability for a webpage to exfiltrate data or compromise a user’s machine, even if the browser is outdated, vulnerable, or has unsafe plug-ins installed.
Allows more open internet policies: It enables organizations to minimize policy complexity, reduce risk, and implement more open policies for internet access.
Remote browser isolation creates a browser lookalike, serving a rendering of the page but not the page itself, so that nothing is downloaded and any hidden malware or viruses in the page are unable to reach the endpoint or make their way through a network. In this way, browser isolation provides protection from known, unknown, and zero-day threats, and provides a key supplement to other web security measures.
Here’s a quick view as to how remote browser isolation works:
A user tries to access a potentially malicious webpage
The request is evaluated against defined policies; if there is a match, the platform creates an isolated browser session
The platform connects to the webpage and loads the content onto the remote isolated browser
Rendered web content is streamed to the end user’s native browser as pixels over a HTML5 canvas
Learn how to secure your employees and your company. In 2018, Zscaler acquired Appsulate, a browser isolation leader, and has integrated its innovative technology into the Zscaler Cloud Security Platform. Find out how we can help you.