What is remote browser isolation?
The internet is simultaneously the most important productivity tool for a business and its biggest liability due to the wide range of security threats it exposes them to. While it is possible to protect against some web-browsing threats using old techniques like blocking known risky domains, these precautions don’t guard against other exploitations. So, how do organizations protect users, data, and systems from the ever-increasing threats on the web?
Remote browser isolation (RBI), also known as web isolation, is a security measure that separates users’ devices from the act of internet browsing by hosting and running all browsing activity in a remote cloud-based container. This act of sandboxing internet browsing protects data, devices, and networks from all kinds of threats originating from infected website code, including:
- Web-borne malware and ransomware
- Zero-day exploits
- Browser vulnerabilities, such as plug-ins
- Infected file downloads
- Malicious web links in phishing emails
- And many others
- How does remote browser isolation technology work?
- Remote browser isolation adopts Zero Trust principles and applies them to the act of internet browsing. Instead of deciphering between good and bad web browsing, remote browser isolation determines that targeted websites are not trusted and thus isolated in a container where no website code executes on endpoints. Let’s dive a little deeper into the workings of RBI and how it protects users from threats:
- Website exists with corrupted code – A threat is programmed into the code of a website which threatens anyone browsing to that particular site.
- RBI isolates web content – Since the particular user has remote browser isolation, all web pages are hosted and rendered on a remote container separated from the user’s endpoint device (computer, smartphone, tablet, etc.)
- RBI renders content to the user – The user is able to view a pixel rendering of the web page via the remote web browser executing in an isolated container.
- As far as the user is concerned, the experience is the same as using a standard browser. The only difference is peace of mind.
- Users enjoy all of the standard benefits of internet browsing without the threats of exposing devices to the raw web code, just like viewing a tiger through a fence versus watching the tiger while inside the cage. You still see the tiger while you’re protected by a barrier.
Benefits of Remote Browser Isolation
To make web browsing safer, remote browser isolation:
- Enables secure access to risky web content by isolating users from web apps to deliver a safe rendering of web content, without requiring an endpoint agent on every device
- Protects sensitive data from targeted attacks hidden in webpages, downloadable web content, and vulnerable plugins—all of which can lead to data loss
- Removes the threat of data exfiltration by preventing webpages from compromising a endpoints even if the browser contains vulnerabilities or has unsafe plugins installed
- Allows more open internet policies so you can minimize policy complexity, reduce risk, and give your users more leeway when it comes to web browsing
Challenges of Remote Browser Isolation
Despite the benefits, many remote browser isolation services have their share of drawbacks. Sandboxing a high volume of browsing sessions, and streaming the sessions to users, tends to result in:
- High latency: The farther session data needs to travel between the user endpoint and the sandbox, the more lag time will result, making for a poor user experience. Complex security stacks, naturally, only make it worse.
- High bandwidth consumption: Streaming pixels requires a large about of bandwidth, and your infrastructure can get overwhelmed easily if it’s not built to accommodate it.
- High costs: Streaming encrypted video content requires a lot of computational power, and if you’re paying for the extra resources, it can get expensive.
RBI solutions based on traditional network architecture and hauling data across long distances and through capacity-limited hardware are never going to keep up with the needs of today’s distributed workforce. That’s why effective RBI pairs perfectly with a cloud native zero trust approach.