Browser Isolation provides businesses with security against
web based threats by isolating their browsing activity away from their physical
desktop. Browser Isolation has been described as ‘the most effective way’ to
improve your cyber security, and many vendors in this market believe that it
can totally eliminate all web based threats as an issue for your organization.
The first commercial Browser Isolation technology was
launched back in 2010, and since then it has become a leading technology for
protecting businesses against web threats, with Gartner arguing that 50% of
enterprises will begin to utilize web browsing over the next three years.
But how does this new technology actually work, and how can it protect your employees against threats? This article will explore what Browser Isolation is, how it works, and why it’s a key technology for businesses to consider to protect against web based threats.
What is Isolation?
Browser Isolation isolates users browsing activity, and all
of the threats browsers contain, and isolates it away from your internal IT
Some view this approach as a modern reimagining of
‘air-gapping,’ an old approach to network security which ensured that a
business’ secure IT infrastructure was isolated from the public internet,
protecting employees from web based threats such as viruses, ransomware,
malicious downloads and unsecure web pages.
Browser Isolation works much the same way. It enables users to use their browsers without needing to worry about web based threats by isolating browsing activity, and the threats associated with web browsing, away from your network.
How Does Isolation Work?
Browser Isolation isolates browsing activity away from end
users devices and into a remote server. This server can be on-premises, but not
connected to the companies regular IT infrastructure, or it can be delivered as
a cloud based service.
This allows the user to continue to surf the web as they
normally would, but because the remote browser has been isolated away from the
physical desktop and network, they are no longer at risk from web based threats.
There are multiple technologies that deliver browser
isolation. The most common way of delivering Browser Isolation is Server-Side
Browser Isolation. Server Side Browser Isolation delivers literal isolation
of browsing activity, by physically isolating malware and cyber- attacks away
from your networks and user machines.
Server-Side models deliver a remote browser to their users, which is hosted on a physically isolated server built to handle cyber risks. This means that end users can continue to use the web without disruption, able to view dynamic web pages as they normally would, and use controls such as copy, paste and print. They normally do not require any endpoint clients or software to be installed.
Why is Isolation Growing More Popular?
Browser Isolation has been
described as the ‘future’ of endpoint security, because it moves away from
taking the approach of attempting to prevent breaches, and moves towards
containing them. This essentially means that however sophisticated attacks
grow, they won’t be able to effect businesses, when your browsing activity is
isolated away from your business network it will eliminate the vast majority of
threats. Gartner reports that many of its enterprise clients are becoming
increasingly frustrated with legacy based approaches to web security failing to
prevent web based attacks, and more government bodies moving to remote browsers
for greater security.
They won’t be able to stop all attacks of course, such sophisticated
phishing attacks (although the best browser isolations can provide strong
safeguards against phishing) and insider threats. But for the majority of
businesses, Browser isolation provides effective protection against web-based cyber-attacks
The technologies involved in browser isolation are also becoming far more affordable and much more scalable, meaning they are being adopted by businesses at a much faster rate. When browser isolation as a solution first emerged, it relied on rendering the whole desktop, rather than just the browser, which put strain on servers and made the technology unaffordable and difficult to scale.
Solutions today are far more
advanced, with many vendors able to render just the browser and operating
system, which is far more scalable.
Browser Isolation doesn’t require any endpoint agents, provides a seamless user experience, is scalable and can support all OS and devices. There’s a strong argument that although interest in this technology is growing at a very fast pace today, it won’t be long before the approach becomes a fundamental security best practice.
Key Benefits of Isolation
There are immediate benefits to deploying a browser isolation solution for businesses. Below are some of the benefits of using Browser Isolation to protect your web endpoints.
Reduces Web Based Threats
Isolation stops the delivery of active code to the users
local browser and device. This means it blocks web-based infections such as
ransomware and advertising from reaching user devices and business networks.
The majority of threats facing organizations come from the internet, and so by
isolating browsing activity, organizations greatly reduce the risks of attacks.
Gartner estimates that organizations that isolate web browsing will see a 70% reduction in the number of attacks that compromise networks, but vendors we have spoken to, including Menlo Security, have said their customers have seen a 95-99% reduction in successful threats while using browser isolation.
Saves Admins Time
Isolation has benefits over more
traditional web filtering solutions in that it is less time consuming and
requires less oversight after initial set-up. Traditional solutions usually
require admins to whitelist and blacklist pages safe and unsafe webpages for
end users to visit. Admins may also have to deal with requests and web based
alerts when users have attempted to visit a site that is potentially unsafe.
Browser Isolation remediates this issue by allowing users to access all websites, without needing to worry about threats, as they are isolated away from the user. Like traditional systems, Browser Isolation vendors such as Menlo Security still do offer website classification, so that admins can control the types of pages users can visit. This allows them to set policies around what controls users have on unsafe pages, which saves admins time from having to deal with requests and alerts to investigate.
Browser Isolation helps to
increase productivity, as it allows users to view the web for research,
communication and cloud productivity completely as normal. Using traditional
web security approaches, users can find using the web limited by websites being
blocked. Using Isolation, users can be more productive by using the web completely
as they usually would, without impact on their user experience, while still
remaining fully protected from web based threats.
Employees can view PDFs and Microsoft Office files as they normally would, with many Browser Isolation vendors displaying a render of the original file in a ‘safe-mode’ that prevents any threats from being downloaded to the local network. Once a document has been verified as safe, and according to admin policies, users can then download the files and use them as they normally would.
Isolation can help businesses to
deal with damaging phishing attacks. The majority of phishing attacks originate
via emails, often containing links to malicious phishing websites, or malicious
downloads. Some Isolation vendors integrate with email networks to scan these
links and attachments and display safe renders to the user, that greatly
reduces the risk that even a sophisticated email threat will be successful.
When a user clicks on a file in a phishing email, the Browser Isolation technology will show them a safe render, while anti-virus engines will determine whether or not the original file should be downloaded. If a link within an email is opened, and it goes to a potentially dangerous websites, Browser Isolation solutions such as Menlo Security will display a safe ‘read-only’ version of the page, which does not allow users to enter any account details which would compromise their data.
Comparing Isolation with Traditional Web Security Approches
To discuss how Browser Isolation
works, and how it is different to traditional web security approaches, it is
useful to compare it to traditional approaches in how they tackle threats and
the key feature offered.
Gartner outlines three major categories of web security solutions currently on the market.
- Full Proxy (Cloud Web Filtering)
- DNS Web Filtering
- Remote Browser Isolation
Web Security Defined
Full Proxy (Cloud Web Filtering)
The full Proxy architecture is the
traditional ‘Secure Web Gateway’ approach. They filter harmful websites so that
internet users cannot access them, and block online viruses and malware from
being downloaded to PCs. They can be delivered via the cloud, on premise, or as
part of a hybrid solution. This type of approach covers Censornet, Forcepoint,
Symantec McAfee and Zscalers’ web security solutions.
DNS Web Filtering:
DNS Filtering is a web security approach that filters internet traffic based on DNS look ups. They filter web pages based on the reputation of domains, so as to stop malicious sites from loading on users’ browsers, protecting them from harmful content. Top vendors in the DNS Web Filtering space are Webroot, Cisco and WebTitan.
Browser Isolation renders all
browser content to users from secure servers, which means they are protected
from web based threats and malicious downloads. Top vendors in the Browser
Isolation market are Menlo Security, WebGap and Symantec.
Feature Comparison Breakdown
|Cloud Web Filtering
||DNS Web Filtering