Remote Browser Isolation: Zero Trust to Internet browsing
The majority of attacks originate externally. Why? Because we can’t control what we don’t know and the Internet can be a dirty place. The act of browsing the Internet and clicking on uniform resource identifier (URL) links opens the enterprise to significant risks of compromise.
It is estimated that the distribution of exploits used in cyber attacks by type of application attacked showed over 40% related to browser attacks. Android was next in line with 27% of the attack surface. As a result, we need to provide more security when it comes to Internet browsing.
It’s a fact that the majority of compromises will involve web-based attacks and common plugins such as Adobe, supported in the browser. Attacks will always happen but it’s your ability to deal with them that is the key.
Attacking through the browser is too easy, and the targets are too rich. Once an attacker has penetrated the web browser, they can move laterally throughout the network targeting high-value assets such as a database server. Data exfiltration is easy these days and attackers are using social media accounts such as Twitter and even domain name system (DNS) that is commonly not inspected by firewalls as a file transfer mechanism. We need to apply the zero trust default-deny posture to web browsing. This is known as Remote Browser Isolation.
Remote Browser Isolation: Zero Trust
Neil McDonald, an analyst from Gartner, is driving the evolution of Remote Browser Isolation. My view is that this is a necessary feature if you want to offer a complete solution to the zero trust model.
The zero trust model already consists of microsegmentation vendors that can be SDN-based, network-based appliance (physical or virtual), microservices-based, host-based, container-centric, IaaS built-in segmentation and API-based. There are also a variety of software-defined perimeter vendors in the category of the zero-trust movement.
Remote Browser Isolation starts with a default-deny posture, contains the ability to compromise, reduces the surface area for an attack and as sessions are restored to a known good state after each use is like having a dynamic segment of 1 for surfing the Internet. Remote browser offerings are a subset of browser isolation technologies that remove the browser process from the end user’s desktop.
Take a browser and host it on a terminal server and then use the on-device browser to browse to that browser. As a result, you increase the security posture. When you do HTML 5 connectivity you actually get the rendering done in the remote browser.
Some vendors are coming out with a Linux based, proxy-based solution. A proxy – often hosted on sites like https://www.free-proxy-list.net/ – acts as an internet gateway, a middleman for internet interactions. Normally, when you browse the Internet, you are going to a non-whitelist site but if it hasn’t been blacklisted you will be routed to the remote browser system.
In the proxy-based system you could have a small Linux based solution in the demilitarized zone (DMZ) or in the cloud and that Linux container is actually going to do the browsing for you. It will render the information in real-time and send the information back to the user with HTML5 as the protocol using images.
For example, if you are going to a customer relationship management (CRM) system right now, you will be going directly to that system as it is whitelisted. But when you go to a website that hasn’t been defined, the system will open a remote container and that dedicated container can give you the browsing experience and you won’t know the difference.
As a result, you can actually mimic a perfect browsing experience without any active code running on your desktop while you are browsing.