What Is Remote Browser Isolation?
Remote browser isolation (RBI) is an advanced cybersecurity technique that provides an additional layer of protection for identities by moving web browsing sessions to cloud-hosted remote servers.
Also referred to as web isolation or simply browser isolation, RBI separates browsing activity from endpoint hardware to reduce the attack surface of a user’s device. When a user accesses a webpage or app, it’s loaded onto a remote browser that serves a rendering of the webpage to the user. The page operates normally, but only pixels, not the active content, are delivered to the user, so malicious code that may be hidden is kept at bay and the user experience is unaffected.
How Does Remote Browser Isolation Technology Work?
RBI creates an isolated environment, serving a cloud-hosted rendering of a web page that’s effectively a projection of the page itself. By moving web browsing activity to a cloud domain without downloading the content, RBI makes malware or viruses hidden in the page unable to reach the endpoint or make their way through a network. In this way, RBI functionality provides protection from known, unknown, and zero day threats and provides a key supplement to other web security measures.
Here’s a quick summary of how remote browser isolation works:
- A user tries to access a potentially malicious webpage
- The request is evaluated against defined policies, and if there’s a match, the platform creates an isolated browser session
- The platform connects to the webpage and loads the content onto the remote isolated browser
- Rendered web content is streamed to the end user’s native browser as pixels over a HTML5 canvas
The Dangers Within
Your employees traverse the internet through web browsers every day. The data and applications they need to do their jobs are increasingly moving from your data center to the cloud and are accessed through the internet rather than your organization’s network. Thus, always-on internet connections have become a business necessity.
These constant connections help maintain productivity, but they also introduce risk. Many cyberattacks, such as phishing, acquire targets through a user’s web browser, serving malvertising (malicious ads), clickbait that can lead to malicious content, browser-based trojans, and more. Cybercriminals are given an open door into a user’s machine, and quite likely your network, once a browser is connected to a site.
You can try to block high-risk websites through a firewall, but this approach doesn’t account for instances of users accidentally accessing infected sites. This could happen when they mistype a URL, visit potentially a harmful site from a foreign country, or view content from unknown entities for research purposes—all of which increase risk.
The Need for Remote Browser Isolation
RBI is not network security. Rather, it makes it possible for employees to access the internet without posing a risk to their safety or your network. With RBI, a user’s browser session is removed from the internet and placed into the cloud. This ensures destructive viruses and cyberthreats, such as malware and ransomware, can’t enter the network through compromised webpages.
Remote browser isolation solutions enable safe access to web content by separating a user’s endpoint device and their local network and infrastructure from the actual web applications and browsing activity. RBI helps you stop attacks from advanced threats and protect sensitive data by creating a “browser sandbox” between the user and potentially risky web content.
Benefits of Remote Browser Isolation
To make web browsing safer, remote browser isolation:
- Enables secure access to risky web content by isolating users from web apps to deliver a safe rendering of web content—without requiring an endpoint agent on every device
- Protects sensitive data from targeted attacks hidden in web pages, downloadable web content, and vulnerable plugins—all of which can lead to data loss
- Removes the threat of data exfiltration by eliminating the ability for a webpage to compromise a user’s machine even if the browser is outdated, contains vulnerabilities, or has unsafe plugins installed
- Allows more open internet policies so you can minimize policy complexity, reduce risk, and give your users more leeway when it comes to web browsing
RBI also pairs well with a secure web gateway (SWG). A SWG prevents unsecured internet traffic from entering an organization’s network, but it can’t allow safe access to websites that it hasn't categorized. RBI moves these uncategorized, potentially unsafe sites to a secure cloud server, meaning your users are protected whether the site is known or not.
Another excellent pairing for RBI is zero trust. The next section explains why.
How Does Remote Browser Isolation Fit into a Zero Trust Security Architecture?
Zero trust is built on the premise that all network and user activity should be untrusted by default. With the right technology, your business can simultaneously leverage a zero trust approach with RBI to separate users from sessions and stop accidental and malicious data leakage.
Enabling zero trust for RBI lets you extend the definition of zero trust to everything users do on the internet and in SaaS and private apps, up to and including a cloud-hosted RBI session. As it happens, there’s only one cloud security service provider that delivers a cloud native zero trust/RBI integration: Zscaler.
Remote Browser Isolation with Zscaler
Zscaler Cloud Browser Isolation is a part of the Zero Trust Exchange™, our cloud-delivered zero trust platform. This industry-leading service isolates users and endpoints from all active web content, giving security teams peace of mind with the knowledge that their enterprise is protected from zero day vulnerabilities, ransomware, unsanctioned plugins, and other sophisticated threats. Plus, separating users from sessions helps stop accidental and malicious data leakage, which reduces overall risk.
Zscaler serves as an exchange between users, the internet, SaaS, and private apps, with the ability to inspect all traffic and enforce policy inline. As web traffic traverses the Zero Trust Exchange, Cloud Browser Isolation isolates it in real time, transforming web content into a safe stream of pixels streamed to the user. By creating an air gap between your users and the web, it helps maintain their productivity and offers a better user experience.
Ready to make web-based attacks and data loss things of the past? Read the Zscaler Cloud Browser Isolation data sheet.