Skip to main content

What is Remote Browser Isolation (RBI)?

Web browsers are now one of the most widely used business software. Organizations of all sizes and in all industries depend on the internet in some capacity to do business effectively. Unfortunately, web browsers provide a significant security risk as the main entry point for malware to infect corporate networks. Threat actors are targeting browsers by exploiting browser vulnerabilities to start malware campaigns. For example, earlier in 2022, hackers in North Korea allegedly spent six weeks attacking a zero-day vulnerability in Google's Chrome browser.

Historically, enterprises have depended on a broad variety of security technologies to guard against web-based malware. Some systems use an algorithm to detect if the incoming web material is good or harmful. Other alternatives restrict user access to websites that may contain malicious malware. Web proxies and secure web gateways are two examples of this category of security technologies.

Although efficient, these methods may overlook zero-day malware, and barring people from websites might hinder productivity. As enterprises struggle to offer effective protection against malware, figures and trends from the cybersecurity sector indicate that security expenditure remains high and continues to rise.

In response to these concerns, the idea of Browser Isolation was developed after considering what it would take to prevent web-based malware from infecting a network entirely. Instead of attempting to prevent users from accessing dangerous websites, isolated surfing enables users to securely visit any website, even if it is harmful.

In this article, we will discuss the following topics:

  • What Does RBI Stand for in Cybersecurity?
  • What are the Methods of Remote Browser Isolation?
  • Why Do You Need Remote Browser Isolation?
  • What are the Benefits of Remote Browser Isolation?
  • What are the Challenges of Remote Browser Isolation?
  • How does Remote Browser Isolation Work?
  • How Does On-Premise Browser Isolation Work?
  • How Does Local Browser Isolation Work?
  • What are the Cyber Attacks Prevented by Browser Isolation?
  • What is the Difference Between Local Browser Isolation and Remote Browser Isolation?
  • What are the Features of an RBI Solution?
  • What are the Use Cases for RBI?
  • How Does RBI Fit into SASE?
  • What are the Top RBI Vendors?

What Does RBI Stand for in Cybersecurity?

Remote browser isolation (RBI), also known as web isolation or browser isolation, is a web security system meant to protect users from Internet-borne hazards by hosting their web browsing sessions on a remote server rather than on their endpoint device. This remote server may be in the cloud or on-premises inside an organization's network. RBI renders Internet material in a sandbox environment and sends the browser just the rendered page. Due to the fact that the endpoint gets a pixel-based stream of a website or application and not the live content, it is safe against certain malware placed on web pages. There is no impact on the user's experience, and buried harmful programs cannot reach them.

The Remote Browser Isolation technique takes a Zero Trust philosophy, presuming that no online material is secure. All user surfing behavior is segregated from the user's PC in a separate environment. Since no web content ever reaches the user's computer, there is no way for malware to enter the system.

RBI can defend enterprises against both known and unknown web-based threats, including ransomware, zero-day attacks, and drive-by download assaults. RBI not only protects web browsers against cyber attacks but also prevents the publication of sensitive user information and browser history that may be used for nefarious reasons by attackers.

What are the Methods of Remote Browser Isolation?

Remote browser isolation (RBI) systems are intended to remove dangerous material from a website before providing it to the user. There are several ways to display web pages with remote browser isolation, some of which are more secure than others. These are the many rendering modes for the RBI:

  • DOM Mirroring: Websites include a variety of content kinds, some of which are more hazardous than others. A DOM mirroring isolation method removes certain categories of web page content before sending the rest to the user. This does not guarantee complete isolation since the user's browser continues to display some material from the malicious website. This strategy is designed to simplify the RBI process by using the processing capacity of the user's endpoint device while still maintaining security where it is required most. This is a decent option for websites with moderate risk.
  • Pixel Reconstruction: This is the optimal RBI rendering method for high-risk users, such as executives and administrators with broad access to sensitive information, assets, and infrastructures. This solution to browser isolation does the whole rendering process on the remote browser instance and then transmits the completed picture to the local browser for display. All online surfing is totally concealed from the user, making it an excellent option for high-risk sites. This prevents the execution of malicious code inside the user's browser since the user only gets an array of pixels and not the code that creates them.
  • Streaming Content: This RBI option will pixel render dangerous web page components, let safe DOM elements display in the user's web browser, and natively offer streaming media to the browser without pixel rendering in order to improve the user experience. This is a wonderful option for websites with a reduced risk profile and a focus on the user experience.

Why Do You Need Remote Browser Isolation?

As your data and apps migrate from your data center to the cloud, your workers do an increasing amount of their duties online. Frequently, they are linked almost continuously. This may help maintain their productivity, but it raises danger. Cyberattacks such as phishing acquire targets through a user's web browser, presenting malvertisements, browser-based trojans, and other threats. Once a browser is linked to a website, it may provide fraudsters with unrestricted access to a user's computer and, eventually, your network. Contrary to common assumptions, enterprises of all sizes may be severely affected by web-based malware. Here's why you need remote browser isolation:

  • Users Present an Extreme Danger: The majority of clients are careless and are easily duped into clicking on a malicious link using social engineering techniques. Significant budgetary resources are allocated to perimeter defenses, yet a casual employee may defeat them all by clicking on a single malicious link, so allowing an attacker to enter the organization.
  • Web Surfing is Hazardous: Web browsers are the most widely used business application today, and their inherent complexity makes them challenging to safeguard. They undertake the most hazardous activity a computer application is capable of, which is downloading and executing untrusted code directly on a user's machine. It should come as no surprise that browser-based assaults are the major route for attackers to target consumers.
  • Blocking Websites Reduces Efficiency: Remote Browser Isolation complements a secure web gateway by allowing secure access to websites that have not yet been classified by the secure web gateway. Typically, organizations restrict access to uncategorized websites in an effort to safeguard their networks from web-based viruses. However, forcefully limiting access to websites decreases the productivity of both end users and the IT staff responsible for responding to end-user requests to unblock websites. Remote Browser Isolation enables users and IT teams to be more productive by using the web as they normally would, without adversely compromising or slowing down their user experience, while staying completely secured against web-based threats.

What are the Benefits of Remote Browser Isolation?

The primary advantages of remote browser isolation are listed below:

  • Enhances Cybersecurity: Adopting remote browser isolation contributes to an enterprise's overall cybersecurity strategy by allowing users to access the internet while eliminating inherent dangers. As a zero-trust technology, it provides businesses with a clear option in certain circumstances. It requires less time to administer than conventional allowlists and blocklists, particularly for solutions that do not need agents to be installed on user devices.
  • Permits more Permissive Internet Regulations: Permits more permissive internet regulations so you may simplify policy complexity, reduce risk, and provide your people more online surfing flexibility.
  • Prevents Data Loss: Protects sensitive data against targeted assaults concealed inside web pages, downloaded web content, and insecure plugins, all of which may result in data loss.
  • Enables Secure Surfing: Enables secure access to dangerous online material by separating users from web applications to display web content securely without needing an endpoint agent on each device.
  • Increases Productivity: A reliable web browser isolation solution offers the user a smooth Internet surfing experience. This assures that the end user gets nothing but a secure, engaging content stream, so that they may continue to use and surf the web, as usual, even utilizing the public internet, without the fear of falling victim to a web-borne threat. The user experience is unaffected, since the websites being browsed retain their original appearance, feel, and functionality. Consequently, there will be no influence on the productivity of the end user. Your users won't even realize they're being protected by browser isolation technology, and their web surfing activities will be largely impacted.
  • Reduces Data Exfiltration Risk: Eliminates the risk of data exfiltration by prohibiting websites from compromising endpoints, even if the browser includes vulnerabilities or has installed risky plugins.
  • User Behavior Analytics: Organizations may acquire analytics on the web behaviors of users, which can be utilized for compliance monitoring and to identify internal threats and unproductive staff.
  • Reduces Alerts: Isolating all online content on a distant server reduces the number of false positives and security alarms that must be reviewed.
  • Reduces the Cost of Web-Based Malware: The remediation of a malware infestation may be expensive and time-consuming. Browsing in isolation entirely protects your network from web-based viruses.
  • Provides Privacy: Advanced anonymous surfing features conceal the identity of Internet users.
  • Offers Central Management: Numerous browser isolation solutions provide a centralized dashboard for network-level web security management. This enables the administrator to effortlessly manage groups or individual accounts, control browser activity across various devices, and examine web usage.
  • Reduces the Need for Endpoint Security Solutions: Cloud security solutions, such as Remote Browser Isolation, simplify the complexity and expense of safeguarding endpoint devices from known and new online threats. With Remote Browser Isolation, there is no need for endpoint software installation or exception handling, since the virtual containers operate in the cloud, preventing malware and other browser-based risks from ever reaching the endpoints. This is simpler and saves time compared to the alternative of updating every instance of the software on every single network-connected device. It guarantees that security is delivered to the whole network, without any gaps, and is not reliant on every device connected to the network being safe and running the most recent software version, which is impossible for organizations with numerous users. When employees bring their own devices, such as smartphones and laptops, from home to use at work, this is especially important, as these devices are often not equipped with the necessary software for protection, but they are still connected to the network, creating a potential entry point for web-based threats.

Remote Browser Isolation (RBI) & Benefits of Remote Browser Isolation

Figure 1. Benefits of Remote Browser Isolation (RBI)

What are the Challenges of Remote Browser Isolation?

RBI has the ability to defend a company and its users against some of the most prevalent and destructive cyberattack vectors. However, there are limits to these solutions. The major drawbacks of Remote Browser Isolation technology are as follows:

  • Insufficient Protection: DOM mirroring depends on removing certain sorts of material from a website in order to make it user-safe. However, a competent phishing website may be able to disguise dangerous material as other sorts of content that the solution permits the user to access.
  • Deficient Fidelity: A pixel-based reconstruction method executes code in a distant browser, while a DOM mirroring strategy removes page content en route to the user. For complicated web pages, a distant browser may not be able to display them, and removing their content might cause the site to crash totally.
  • Latency: With RBI, a user's whole browsing traffic is routed via a cloud-based system before being delivered to them. This increases connection latency, which impairs the user experience.
  • Cost: Cost is the primary downside of remote browser isolation. Pixel pushing is resource-intensive and consequently costly, and several services are based on non-scalable centralized foundations and distributed architectures. To overcome latency difficulties, remote browser isolation also demands a big quantity of bandwidth. This may make these solutions costly and difficult to implement across an entire organization's workforce. Reconstruction of the Document Object Model (DOM) is an alternative to pixel pushing. DOM, HTML, CSS, and scripts are reviewed, cleaned, and repackaged before transmission. However, if the danger is not recognized, malicious code might reach the endpoint, and a page's layout or functionality could be compromised. Costs may be reduced by, for instance, restricting remote browser isolation to high-risk users and C-level personnel.
  • Low Resolution: Pixel pushing does not look well on high DPI monitors, such as Apple Retina.

How does Remote Browser Isolation Work?

Remote browser isolation establishes an isolated environment when a user consumes dangerous web material by rendering the information in the remote server and providing it to the user. RBI eliminates malware embedded in online content from reaching the endpoint or migrating over the network by transferring web browsing activities to a remote site without downloading the material. There are three fundamental forms of isolation technologies for browsers:

  • On-premise: On-premises browser isolation is hosted inside an organization's own IT infrastructure.
  • On Cloud (Remote): Separate from a company's internal environment, remote browser isolation operates in a cloud-hosted sandbox, an isolated testing environment.
  • Client-Side/Local: Client-side/local browser isolation operates in a virtualized sandbox on the user's endpoint and deletes browsing data after sessions.

RBI offers efficient protection against both known and new threats in this manner, complementing other essential cybersecurity activities. Here is an overview of how remote browser isolation operates:

  1. A user attempts to view potentially harmful web material.

  2. The platform evaluates the request against predefined rules and, if a match is found, generates an isolated browser session.

  3. The platform establishes a connection to the material and loads it on the distant isolated browser.

  4. Web content is delivered to the native browser of the end user as pixels over an HTML5 canvas.

How Does On-Premise Browser Isolation Work?

On-premise browser isolation operates similarly to remote browser isolation. However, rather than occurring on a distant cloud server, surfing occurs on a server inside the organization's private network. This reduces latency compared to other remote browser isolation methods.

The disadvantage of on-premise isolation is that the firm must provide expensive servers devoted to browser isolation. Typically, the isolation must occur inside the organization's firewall, not outside as it does during the remote browser isolation process. Even when user devices are protected from malware and other dangerous programs, the internal network remains vulnerable. Additionally, it is challenging to spread on-premise browser isolation to additional facilities or networks, particularly for remote workforces.

How Does Local Browser Isolation Work?

As with the other types of browser isolation, client-side/local browser isolation virtualizes browser sessions. But, unlike remote and on-premise browser isolation, it does it on the user device itself. Using either virtualization or sandboxing, it seeks to keep surfing isolated from the rest of the device.

Virtualization is the practice of separating a computer into distinct virtual computers without physically modifying the device. This is accomplished at a layer of software called the "hypervisor" underneath the operating system. What occurs on one virtual machine should not theoretically influence neighboring virtual machines, even if they are on the same hardware. By loading websites in a separate virtual machine within the user's computer, the security of the remainder of the computer is maintained.

A sandbox functions similarly to a virtual machine. It is a virtual environment where testing may be conducted securely in isolation. Sandboxing is a typical approach for detecting malware; many anti-malware programs open and run possibly harmful files in a sandbox to observe their behavior. Several client-side/local browser isolation solutions use sandboxes to securely restrict online browsing activities inside the sandbox.

Because client-side/local browser isolation requires the download of potentially harmful material on the user's device, it presents a danger to users and networks. A basic idea of the other forms of browser isolation is the physical separation of malicious code from the device; client-side browser isolation lacks this separation.

What are the Cyber Attacks Prevented by Browser Isolation?

JavaScript is quite helpful for providing many of the capabilities seen in contemporary web apps. However, it may be used maliciously as well. Most web browsers instantly execute all JavaScript associated with a page, making malicious JavaScript extremely hazardous. Using JavaScript, several forms of assaults are conceivable. Among the most prevalent types of cyber attacks caused by Javascript vulnerabilities and prevented by RBI are as follows:

  • Click-jacking: A website is meant to trick a person into clicking on something they did not plan to click on. Click-jacking may be used to generate fraudulent ad income, redirect a user to a malicious website, or launch a malware download.

  • Drive-by downloads: Simply loading a website triggers the download of a malicious payload. Drive-by downloads often exploit a browser vulnerability that has not been fixed.

  • Malvertising: Injecting malicious code into legal ad networks. When fraudulent advertisements are shown, the malware runs, often redirecting users to malicious websites. Due to the fact that reputable ad networks unwittingly distribute malicious malware, malvertising may infiltrate even respectable, heavily visited websites.

Other frequent browser-based assaults, which may or may not require JavaScript, and are prevented by RBI are listed below:

  • Cross-site scripting: Injecting malicious code into a website or online application. This enables attackers to engage in a range of harmful actions, such as stealing the session cookie or login token and impersonating genuine users.
  • On-path browser attacks: An on-path attacker exploits browser vulnerabilities to compromise a user's browser, allowing them to modify the online content shown to the user or even impersonate the user.
  • Redirect Attacks: A user tries to load a valid URL, but is instead routed to a URL under the control of an attacker.
  • Zero-day exploits
  • Web-borne malware and ransomware
  • Malicious web links in phishing emails
  • Browser vulnerabilities, such as plug-ins

This malicious material and code are kept off user devices and out of the organization's network by isolating browser sessions in a controlled environment. A drive-by download assault, for instance, would have no impact on a user inside an enterprise that employs browser isolation. The download would occur on a distant server or in a sandbox and would be deleted at the conclusion of the user's browsing session.

What is the Difference Between Local Browser Isolation and Remote Browser Isolation?

Local browser isolation employs sandboxing at either the application or operating system level to isolate the browser from the device. Local browser isolation needs particular hardware and software components and is both resource-intensive and administration-intensive.

Remote browser isolation, on the other hand, is generally provided as a service by a third-party provider, but some businesses host it on a server connected to the corporate network. When desktop or mobile browser users request a website, the service generates an isolated browser session in a disposable containerized instance. The page is rendered in the users' browsers, often as pixels over an HTML5 canvas.

Inputs from the keyboard and mouse are communicated to the isolation service via an encrypted channel, and any consequent changes to the remote browser site are broadcast back to the endpoint device over the same channel. Since no dynamic material is downloaded, any malware or viruses hiding on the website cannot reach the destination.

This method totally separates the surfing activity of users from company endpoints and networks, protecting them from both known and undiscovered risks. Any threat risk is transferred to the remote server sessions, which may be reset to a known-good condition at the start of each new browsing session, tab, or page request. Remote browser isolation improves the user's experience as a whole. It lets users surf websites without fear of downloading harmful pages, regardless of whether their browsers are out-of-date, susceptible, or have unsafe plugins installed.

What are the Features of an RBI Solution?

Depending on the sort of isolation offered, RBI systems offer a diverse array of features. Listed below are many features that every RBI solution should offer:

  • Authentication of Users: When an RBI is requested to build an isolated browser instance, it must authenticate the user before proceeding. Once the user has been validated, the solution is able to load the user's profile rights, preferences, and settings and generate the browser appropriately. There are systems that use a cache to allow users to log in without entering their credentials repeatedly. There are various methods to build an isolated instance using Instance Management, such as a container, virtual machine (VM), or sandbox. In normal functioning, when the user leaves their session, the solution terminates the instance. When the solution senses danger, it initiates many reactions. The instance begins by attempting to eradicate the danger. If the instance is compromised, the solution terminates it and installs a replacement instance.

  • User Session Management: The RBI solution should do the following actions during a remote browser session:

    • Process user requests
    • Send requests from the user to the browser instance
    • Collect session information, including duration, browser cache, and URLs visited
    • Save session information after the session has ended

  • Web Content Replication: RBI systems' primary capability is the streaming of distant browser data to a local destination. To do this, RBI solutions must accomplish the following:

    • User events, such as keystrokes, mouse clicks, and scrolling, are processed
    • Detect modifications to open tabs
    • Match user events with pertinent page components
    • Include support for browser plug-ins and Software as a Service (SaaS) apps
    • Send modifications to the user in the form of a web page or video that has been cleaned

  • Threat Detection: RBI's primary objective is to safeguard surfing and avoid attacks. In order to do this, the RBI solution must have threat detection features that allow it to monitor for threats and suspicious behavior. As soon as the RBI system identifies a danger, it must sanitize the material before sending it to the user.

  • Multi-Tenancy Support: Multi-tenancy enables RBI systems to maintain high availability for global users, increase bandwidth and load control, and scale more effectively.

  • Cybersecurity Measures: Cybersecurity policies facilitate the effective management of RBI. A cybersecurity policy is used to whitelist trusted online apps and information that can be displayed on devices. You may establish user rights using rules, determining who can access certain categories of information or URLs.

  • Load Balancing: The majority of RBI solutions depend on content mirroring. This reduces the bandwidth available to users and remote instances. RBI solutions must balance the load to provide a great user experience and optimum performance. How it works:

    • Reduce the quality of audio and video media material
    • Create more instances when existing instances reach capacity
    • Compress data transferred to user devices

What are the Use Cases for RBI?

By separating endpoints and networks from harmful or phishing information, the primary and most popular use case for remote browser isolation is to prevent web-based assaults. RBI solutions are used to prevent browser-based assaults such as drive-by downloads, malvertising, phishing, credential harvesting, redirect attacks, and cross-site scripting.

The second use case is to complement additional tools, such as a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), or the SASE platform of services, by enforcing security regulations that provide secure access to cloud apps through unmanaged devices. Any of these solutions must have insight into the traffic they are supposed to monitor in order to be successful at stopping attacks. While an RBI is not the only way to monitor access from unmanaged devices, it is a more efficient option than utilizing a reverse proxy, which lacks flexibility and is not intended to serve the increasing number of cloud applications and unmanaged devices in business network environments.

The final use case for Remote Browser Isolation is defending online and cloud applications against assaults. In recent years, the proliferation of cloud and online applications has increased the requirement to separate web and cloud applications from dangerous information that may be broadcast from unmanaged devices. By displaying an online or cloud application in an isolated container, RBIs may be used to conceal front-end web code or publicly accessible APIs. This Web Application Isolation approach only delivers safe rendering to the local browser, preventing attackers from inspecting a page's source code for exploitable flaws and vulnerabilities.

How Does RBI Fit into SASE?

SASE is a cloud-based architecture that combines networking and security solutions to safeguard data, people, and applications. This is the future of cloud security, which will replace the perimeter-based on-premises designs that we are all used to with appliances (access control lists, network firewalls, etc.). All of our networking and security will eventually migrate to cloud-based devices.

Although remote browser isolation is not a stand-alone solution inside the SASE/SSE framework, it is a component of the architecture and works in conjunction with secure web gateways (SWG). Specifically, targeted RBI enhances SWG's protection against dangers posed by uncategorized and other dangerous websites. While the rest of SSE focuses on safeguarding your data, network, and cloud-based assets, remote browser isolation protects the online surfing experience of your users. RBI is another component of the SASE security philosophy's zero-trust-based security approach.

What are the Top RBI Vendors?

By 2022, according to Gartner, 25 percent of enterprises will employ browser isolation technology, and RBI can minimize assaults on end-user systems by up to 70 percent. There are a variety of remote browser isolation platforms available in the market. The best remote browser isolation vendors and their solutions are as follows:

  • Apozy Airlock

  • Authentic8 Silo Web Isolation Platform

  • Bromium

  • CIGLOO Browser Isolation Management

  • Citrix Secure Browser

  • Curose Internet Isolation

  • Cyberinc Isla

  • Ericom

  • Jimber

  • Iboss

  • Kasm Workspaces

  • Menlo Security Isolation Platform

  • Morphisec

  • Symantec

  • Webgap

  • Zscaler Cloud Browser Isolation

Last updated on by Zenarmor