SecureWorld News

Browser Isolation: The Missing Piece in Your Security Puzzle

Written by Alex Vakulov | Sun | Apr 9, 2023 | 2:43 PM Z

In contrast to typical methods of defending against web attacks, browser isolation utilizes a Zero Trust strategy that does not rely on filtering based on threat models or signatures. The browser isolation technique considers non-whitelisted websites unreliable and isolates them from the local machine in a virtual environment. Let's examine this process and explore the various browser isolation tools available today.

Cyberattacks such as malware infiltration and vulnerability exploitation continue to make headlines, attacking companies of various sizes. Corporate employees frequently utilize the vast resources of the internet to address various business issues on a daily basis. At the same time, attackers constantly devise new methods and variants of online threats. This forces IT and information security specialists to constantly enhance protection to effectively counter information security incidents related to malware distribution through rogue websites, links, and email attachments.

However, conventional solutions such as antivirus, firewalls, and other detection and blocking tools can only offer a limited level of security.

A non-signature method for preventing web threats, referred to as Browser Isolation or remote browsing, has been introduced to securely present web pages without affecting the user's experience. This approach decouples actual browsing from the endpoint and uses a remote virtual browser. Integrating browser isolation with existing endpoint security tools promotes layered security, enabling enterprises to be proactive and ensure business continuity.

How does the browser Isolation system work?

Browser isolation is the process of physically separating user web activity from local networks and infrastructure in order to contain cyberattacks that occur through the browser while maintaining full access to online resources. Virtualization, sandboxing, and containerization technologies are used for this purpose.

There are two main types of browser isolation:

  •   Local (client-side)
  •   Remote (on-premises or cloud-hosted)

In the first case, internet traffic reaches the local infrastructure, where it is placed in a sandbox or virtual machine. Traffic goes through filtering and security policies to ensure the user is only exposed to safe information. Even if an insecure element penetrates the defense (Zero-Day attacks), its impact will be limited to the sandbox or virtual machine. Local browser isolation is the traditional method.

With remote browser isolation, internet traffic is prevented from accessing the user's device. Here, filtering, threat analysis, and sandboxing are performed on a public or private cloud server. The user's device does not participate in online activity. The session takes place on a remote server and is broadcast from there in real time, simulating local browsing.

Users do not have access to web content at all. They cannot download or transmit online content in any way. In some modifications, such as Document Object Model (DOM) mirroring, this approach filters out harmful elements to ensure they are invisible to the end-user.

Remote browser isolation vs. local browser isolation

Remote browser isolation is much more prevalent due to the following benefits:

  • Saves resources:
    Browser isolation consumes a lot of resources in whatever environment you choose to host it. A large amount of memory is required to create a temporary container for storing online information and indicators of dynamic activity. Reliable and substantial computing power is also necessary to handle real-time data, analyze secure components, create a live stream for the end-user, and accommodate all incoming traffic. By utilizing remote browser isolation, the previously mentioned tasks can be transferred from the end-user's device to a more robust and cost-efficient cloud setting.
  • Provides more security:
    Remote browser isolation in the cloud is very reliable. In a local isolation scenario, the risk is moved from the end-user's device to a server linked to the corporate network. In the event of a web attack, the user's local device will stay protected, but the company's local systems may be threatened. Remote browser isolation can solve this problem by relocating the hosting environment to a cloud service provider.
  • Simplifies IT management:
    IT professionals can apply mass policies and set up browser isolation with greater ease when multiple devices are housed in a centralized cloud environment. IT teams can also deploy compliance policies remotely, customizing traffic routing. However, in today's corporate setting, implementing full local browser isolation on a broad scale can be challenging as it requires the IT department to set up separate virtualization machines for each computing system.

Today, the phrase "browser isolation" is nearly equivalent to "remote browser isolation" due to the three reasons described above.

Benefits of browser isolation solutions

Acting in collaboration with established IT policies, browser isolation protects users from harmful online materials. Companies can use isolated view on any operating system and any device through a commonly used web browser that supports HTML5 to eliminate the risk of interacting with fraudulent links and files. The browsing session runs inside a "disposable container" located in a remote and secure zone and is instantly transformed into a static image (instead of dynamic content on the actual web page) and then passed to the local browser. This ensures that any potential malware will be completely localized and neutralized, never hitting the endpoint.

Although the virtual browser is deployed in an isolated environment outside the corporate network, there is no performance degradation or lag. Each tab has its own browsing session, which ends when it is closed. In contrast to other types of threat detection methods, browser isolation is fully transparent and understandable to users.

Browser isolation provides maximum security while minimizing the burden on the IT department. There is no need to constantly update web browsers, and thanks to the HTML5-based clientless approach, there is no need to install additional programs on endpoints.

What kind of dangers does browser isolation protect against?

Websites and web applications are made up of HTML, CSS, and JavaScript code. While HTML and CSS are languages that provide formatting, JavaScript is a full-fledged programming language. This makes it very useful for providing many features found in modern web apps, but it can also be used for harmful purposes. JavaScript is particularly risky because most web browsers automatically run all JavaScript connected to a page. JavaScript can be leveraged for numerous types of attacks; some of the more common ones include:

  • Cross-site scripting, where nefarious code is inserted into a website or web application, allowing cybercriminals to perform various malicious actions, such as stealing a session cookie or login token and masquerading as legitimate users.
  • Redirect attacks, which occur when a user tries to access a valid URL but is then rerouted to a website controlled by a perpetrator.
  • Drive-by downloads, which happen when visiting a webpage, initiates the download of a dangerous payload, frequently exploiting vulnerabilities in the browser that have not been fixed.
  • Click-jacking, where a webpage is created to deceive a user into clicking on something they had no intention of, can be used for producing counterfeit ad revenue, redirecting a user to an insecure website, or launching a malware download.
  • Malvertising, where harmful code is inserted into legitimate ad networks. When the corrupt ads are displayed, the code runs, usually rerouting visitors to harmful websites. Since legitimate ad networks are the ones inadvertently spreading the malicious code, malvertising can compromise even reputable and highly-visited websites.
  • On-path browser attacks, where a perpetrator who is on the same network as the victim, takes advantage of browser vulnerabilities to subvert the user's browser, at which point they can alter the web content displayed to the user or even impersonate the actual user.
Features and pricing

The cost of browser isolation tools can vary widely depending on the provider and the specific features and capabilities of the product. Some providers offer a free or freemium version of their product, while others may charge a monthly or annual subscription fee. Some providers may also charge based on the number of users or the amount of data used.

It is best to research different providers and compare their pricing options to find a solution that fits your budget and meets your needs. Here is the list of possible features to consider:

  • Ability to use as a standalone native application, integrated with the browser, or can be included in any workflow using the API.
  • Easy integration with directory services, identity management platforms, secure web gateways, SIEM systems, DLP systems, and other solutions of the company's IT stack.
  • Ability to separate resource-hungry websites from essential business applications to improve performance.
  • Ability to delete the browser session after each use.
  • Ability to provide versatile reports and keep user activity logs.
  • Policy-based website communication management (text entry, file uploads, printing, and screenshots.)
  • Flexible scaling and adding any number of new users.
  • Multiple rendering modes and built-in file cleanup technology (Content Disarm & Reconstruction)
  • Storing web application data outside of browser caches
  • Ability to work with any HTML5-enabled browser (Edge, Chrome, Safari, Firefox) and any operating system
  • Isolation of malicious URLs, including those received by email
  • Quick and easy deployment
  • No hardware or agents are required
  • Ease of use with mobile devices
  • Support multiple isolation mechanisms: rendering, session, process, and connection isolation
How to select a browser isolation solution?

According to Gartner, organizations that isolate web browsing and access to URLs in emails reduce attacks that compromise end-user systems by 70%. Gartner names WEBGAP, Symantec, Proofpoint, Menlo Security, Light Point Security, Ericom Software, Cyberinc, Citrix, and Authentic8 as the leading players in the global web isolation systems market.

When choosing a browser isolation solution, several principal factors must be considered. First, compatibility is crucial. Make sure the product you choose is compatible with your current infrastructure and the browsers and operating systems used by your organization.

Ease of use is another critical factor to consider. You should evaluate the solution's ease of deployment and management, as well as the end-user experience for employees accessing the isolated browser. Consider scalability, as well, ensuring that the solution can accommodate your organization's current and future needs. Integration with other security solutions in your organization should also be considered.

Support is also important, so make sure the vendor offers technical support and regular updates to ensure the smooth operation of the solution. Additionally, compliance is crucial, so ensure that the solution meets your industry and organizational compliance requirements.

Finally, it is vital to research the vendor's reputation, experience, and references before making a decision. Read reviews from other customers to get an idea of the vendor's level of expertise and the quality of its products. Look for a vendor with significant experience in the browser isolation space and a proven track record of delivering effective solutions. Ask for references from other customers who have implemented the same solution in their organization.

Conclusion

Browsers are among the most commonly used programs today. Organizations of all sizes and industries rely on the internet in one way or another to run their businesses successfully. Unfortunately, web browsers pose a security risk, as they are the primary entry point for malware infiltrating company internal networks.

In the past, organizations have typically depended on various online malware protection solutions. Some of these solutions use special algorithms to determine whether web content is "good" or "bad." Others block users from going to sites that may contain dangerous code. Examples of such products are web proxies and web gateways. Although signature-based tools are helpful and often effective, they may not detect Zero-Day threats. Also, blocking users from accessing websites may negatively impact work performance.

The answer to these problems was the concept of browser isolation, which stops malware from penetrating the internal network. Rather than preventing users from accessing insecure websites, sandbox browsing allows them to access any resource, including malicious ones. Utilizing a Zero Trust approach, browser isolation technology assumes that no web content can be considered safe.

There are quite a few web isolation products on the market today. As a rule, they are supplied by those manufacturers that provide cloud services or are developers of network security tools. The global market is represented by a large number of players offering products of different levels—both in terms of cost and features.