Browser Isolation

Building resistance against cyber threats in the digital world is possible by adopting security approaches. One of these security approaches is web browser isolation.

In this article, we will discuss what web browser isolation is, its benefits, why companies use it and remote browser isolation (RBI).

Why Do Companies Use Browser Isolation?

In today’s world, companies operate mostly in a hybrid and remote manner. This means that business processes are often not contained within an internal network. Employees spend most of their time accessing cloud-based websites and applications such as email to perform their work, and they have to rely on web browsers to do so.

So browser isolation helps to stop possible attacks that originate from the browser.

What is Browser Isolation?

Browser isolation is also known as remote browsing. In general terms, it is an approach to separating web browsing activity from locally loading and viewing web pages. The key to isolation is to run browser processes in an environment completely separate from the user’s host operating system.

The content and code of the web page are loaded by a website visitor directly into the browser running on local devices. From a security perspective, this loaded code and content often come from unknown sources, making the act of surfing the web risky. Remote browser isolation (RBI) uploads and executes web content in the cloud, away from the local device.

Key Benefits of Browser Isolation

• Prevents local download and execution of malware, ransomware and other malicious scripts
• Blocks malicious web content without the need to block entire websites
• Minimizes the risk of browser vulnerabilities

What is Remote Browser Isolation (RBI)?

Also known as cloud-hosted browser isolation, it runs web content and all associated code on a cloud server away from local devices and internal networks. When the user’s session ends, the web content and code are deleted, thus eliminating all malicious cookies and downloads from the session.

How does Remote Browser Isolation (RBI) Work?

The RBI technology keeps untrustworthy content as far away and secure as possible from user devices and internal networks. It typically executes a website user’s browsing activities on a cloud server controlled by the RBI provider. It then transmits the resulting output to the user’s device. In this way the user can interact with web pages without uploading all web pages to local browsers and devices. It transmits all user actions to the cloud server where more control can be exercised.

Below are the three most common isolation types the RBI technology server uses to send web content to the user’s device.

• Pixel Pushing: This approach, where the browser is streamed from the cloud, renders web content on a remote server instead of on the user’s device. The server sends a visual representation of the web page to the user’s device as an interactive image or video stream. The advantage of pixel pushing is that it helps to ensure that malicious content is limited to the remote server. The disadvantage is that the high network bandwidth required can cause delays in the end user’s browsing experience.
• Document Object Model (DOM): Also called reconstruction, this method loads the user’s web pages in an isolated environment and is written in a way that eliminates the possibility of attacks. The disadvantage of it is that it may continue to send untrusted third-party code to the user’s local devices. The advantage of DOM is that it is better at preserving the original web page experience than pixel pushing.
• Network Vector Rendering (NVR): A graphics engine that can run on many software platforms such as Android, Google Chrome, and Skia. Drawing commands on software platforms are intercepted and encrypted. The data is subsequently transmitted to the user’s web browser for viewing. It’s faster and more reliable than pixel push and DOM methods because it receives commands instead of real website code.

How Does Browser Isolation Work?

Client-side browser isolation virtualizes browser sessions. Unlike remote or internal browser isolation, client-side browser isolation does this on the client device itself. Virtualization creates a sandbox and isolates web page browsing from the rest of the device.

Virtualization is the process of dividing a computer into separate partitions, called virtual machines, without physically changing it. This process is usually performed by a software layer, the “hypervisor.” Virtual machines should not interfere with each other and running web pages on separate virtual machines ensures the security of the computer.

Sandboxes are closed virtual environments where testing can be performed safely. It is a common technique for malware detection. Some malware protection tools open and run files in a virtual environment to analyze potential threats. Client-side browser isolation improves security during web browsing but can still pose risks to user devices.

What Threats Can Remote Browser Isolation (RBI) Defend Against?

All web pages and applications consist of HTML, CSS and Javascript codes. While HTML and CSS are more of a formatting language, Javascript is a full programming language.

Several different browser-based attacks are possible using Javascript, some of the most common ones are as follows.

• Drive-by downloads: Loading a web page causes the download of malicious data. Drive-by downloads typically exploit an obscured vulnerability in the browser.
• Ad: Malicious code is inserted into ad networks. When the ad is displayed, the code is executed.
• Click-jacking: These web pages are designed to trick users into clicking on something they don’t want to. Click-jacking is used to generate advertising revenue, to redirect to an unsafe website, or to link a malware download.