What is Browser Isolation

With browser isolation (remote browsing), internet browsing activity is separated from loading and displaying webpages locally.

Most website visitors load content and code directly from their local browsers. The content and code on the Internet often come from unknown sources (e.g., cloud hosting and web servers), which makes browsing the Internet somewhat risky from a security perspective. Web content is loaded and executed in the cloud by remote browser isolation (RBI), which underpins browser isolation.

Detecting hazardous web content is “outsourced” to remote browsing, like machines monitoring hazardous environments to protect humans. Consequently, users are protected from malicious websites (and the networks they connect to) that carry malware.

What is Remote Browser Isolation?

Remote browser isolation (RBI), or cloud-hosted browser isolation, involves loading and executing webpages and code on a cloud server far from users’ local devices. Any malicious cookies or downloads are deleted after the user’s browsing session ends.

RBI technology protects users and corporate networks from untrusted browser activity. Users’ web browsing activities are typically conducted on a cloud server controlled by RBI vendors. Through RBI, the user can interact with webpages like normal without having to load the entire webpage on their local device or browser. User actions, such as mouse clicks, keyboard inputs, and form submissions, are sent to a cloud server for further processing.

The Rise of Threats

The majority of attacks originate externally. Why? The Internet can be dirty because we can’t control what we don’t know. Browsing the Internet and clicking on uniform resource identifier (URL) links exposes the enterprise to compromise risks. These concerns can be very worrying for individuals who need to use the internet regularly, as they want a safe online browsing experience. Cyber security is becoming an increasingly vital consideration to be aware of when using the internet, with rising cyber-attacks forcing the need for Remote Browser Isolation (RBI). 

Before you proceed, you may find the following posts helpful:

1. Cisco Umbrella CASB
2. Ericom Browser Isolation
3. DDoS Attacks
4. IPv6 Attacks

Back to Basics: What is Remote Browser Isolation

The Challenging Landscape

It is estimated that the distribution of exploits used in cyber attacks by type of application attacked showed over 40% related to browser attacks. Android was next in line with 27% of the attack surface. As a result, we need to provide more security regarding Internet browsing.

It’s a fact that most compromises will involve web-based attacks and standard plugins, such as Adobe, supported in the browser. Attacks will always happen, but your ability to deal with them is the key. If you use the internet daily, check the security of your proxy server.

Browser Attacks

Attacking through the browser is too easy, and the targets are too rich. Once an attacker has penetrated the web browser, they can move laterally throughout the network, targeting high-value assets such as a database server. Data exfiltration is effortless these days.

Attackers use social media accounts such as Twitter and even domain name systems (DNS) commonly not inspected by firewalls as file transfer mechanisms. We need to apply the zero trust network design default-deny posture to web browsing. This is known as Remote Browser Isolation.

Advantages of Remote Browser Isolation:

1. Enhanced Security:

The primary advantage of remote browser isolation is its ability to provide enhanced web security. By isolating the browsing activity in a remote environment, any potential malware, zero-day exploits, or malicious websites are contained within the isolated environment, ensuring they cannot reach the user’s device. This greatly reduces the risk of successful cyber attacks, as even if a website is compromised, the user’s device remains protected.

2. Protection Against Phishing Attacks:

Phishing attacks continue to be a major concern for individuals and organizations alike. Remote browser isolation offers a robust defense against such attacks. By isolating the browsing session, any attempts to trick users into revealing sensitive information through fraudulent websites or email links are ineffective, as the malicious code is contained within the isolated environment.

3. Mitigation of Web-Based Threats:

Remote browser isolation effectively mitigates web-based threats by preventing the execution of potentially malicious code on the user’s device. Whether it’s malware, ransomware, or drive-by downloads, all potentially harmful elements are executed within the isolated environment, ensuring the user’s device remains unharmed. This approach significantly reduces the attack surface and minimizes the potential impact of web-based threats.

4. Compatibility and Ease of Use:

One key advantage of remote browser isolation is its compatibility with various platforms and devices. Users can access isolated browsing sessions from any device, including desktops, laptops, and mobile devices, without compromising security. This flexibility ensures a seamless user experience while maintaining high security.

Remote Browser Isolation: Zero Trust

Neil McDonald, an analyst from Gartner, is driving the evolution of Remote Browser Isolation. This is a necessary feature if you want to offer a complete solution to the zero-trust model. The zero trust model already consists of micro-segmentation vendors that can be SDN-based, network-based appliances (physical or virtual), microservices-based, host-based, container-centric, IaaS built-in segmentation, and API-based. There are also a variety of software-defined perimeter vendors in the category of the zero-trust movement.

So, what is Remote Browser Isolation (RBI)? Remote Browser Isolation starts with a default-deny posture, contains the ability to compromise, reduces the surface area for an attack, and, as sessions are restored to a known good state after each use, it is like having a dynamic segment of 1 for surfing the Internet. Remote browser offerings are a subset of browser isolation technologies that remove the browser process from the end user’s desktop.

You can host a browser on a terminal server and then use the on-device browser to browse to that browser, increasing the security posture. When you use HTML 5 connectivity, the rendering is done in the remote browser.

Sample Solution

Some vendors are coming out with a Linux-based, proxy-based solution. A proxy – often hosted on sites like https://www.free-proxy-list.net/ – acts as an internet gateway, a middleman for internet interactions. Usually, when you browse the Internet, you go to a non-whitelist site, but if it hasn’t been blacklisted, you will be routed to the remote system.

You could have a small Linux-based solution in the demilitarized zone (DMZ) or the cloud in the proxy-based system. That container with docker container security best practices enabled will do the browsing for you. It will render the information in real-time and send it back to the user using HTML5 as the protocol using images. For example, if you are going to a customer relationship management (CRM) system right now, you will go directly to that system as it is whitelisted.

But when you go to a website that hasn’t been defined, the system will open a small container, and that dedicated container can give you the browsing experience, and you won’t know the difference. As a result, you can mimic a perfect browsing experience without any active code running on your desktop while browsing.

Remote browser isolation has emerged as a powerful solution in the fight against web-based cyber threats. Separating browsing activities from the user’s local device provides enhanced security, protects against phishing attacks, mitigates web-based threats, and offers compatibility across different platforms and devices. As the digital landscape continues to evolve, remote browser isolation is set to play a crucial role in safeguarding individuals and organizations from the ever-present dangers of the web.