Learn more on how to stay protected from the latest Ransomware Pandemic

What is Remote Browser Isolation (RBI)?

Remote browser isolation (RBI), also known as web isolation or browser isolation, is a web security solution designed to protect users from Internet-borne threats. By rendering Internet content in a sandboxed environment and delivering only the final rendered page to the browser, it protects against some malware embedded in web pages.

Request a Demo Read Solution Brief

What is Remote Browser Isolation (RBI)?

The Need for Isolated Browsing

Infected or malicious websites are a common way for cybercriminals to deliver malware to users. Phishing emails are a primary delivery vector for malware, and these emails commonly contain a link directing the recipient to a malicious web page.

 

When a user browses to a malicious page, code embedded in the page is run within the user’s browser. While most website code is legitimate, websites can also contain malicious code designed to steal user credentials or deliver malware to the user’s computer. Browser isolation can protect Internet users’ computers from being infected by malware delivered via the Internet.

How Remote Browser Isolation (RBI) Works

Delivery of malware via infected or malicious websites works because the user’s browser accepts and runs code from the site that the user is visiting. Remote Browser Isolation eliminates this in-browser code execution, protecting the user from malicious downloads.

 

Instead, the web page is processed within a browser hosted in the cloud. This browser is running in a sandboxed environment and can be disposed of when the user’s browsing session is complete, eliminating the risks associated with any malware downloaded to it during the user’s browsing session.

 

After this cloud-based browser has rendered or scanned a webpage, they deliver it to the user in some way, enabling the user’s browser to interact with it like they would a locally hosted webpage. This provides the ability to browse even potentially malware-laden sites on the Internet with much less risk.

Types of Remote Browser Isolation (RBI)

RBI systems are designed to scrub a webpage of malicious content before delivering it to the user. A couple of ways in which this is accomplished include:

 

  • DOM Mirroring: Websites are composed of various types of content, some of which are riskier than others. A DOM mirroring isolation solution filters out certain types of content from a web page before forwarding the remainder to the user. This does not provide full isolation as the user’s browser still renders some content from the suspicious site.
  • Pixel Reconstruction: The end result of the web page rendering process is a collection of pixels displayed on the user’s screen. This approach to browser isolation performs the complete rendering process on the remote browser instance, then sends the final image to the local browser for display. Since the user only receives an array of pixels and not the code that generates them, this protects against the potential for malicious code execution within the user’s browser.

Challenges of Remote Browser Isolation (RBI)

RBI has the potential to protect an organization and its users against some of the most common and dangerous vectors for cyberattacks. However, these solutions have their limitations, including:

 

  • Latency: With RBI, all of a user’s browsing traffic is diverted through the cloud-based system before being forwarded on to them. This adds latency to the connection which degrades the user experience.
  • Website Support: A pixel-based reconstruction solution runs code in a remote browser, and a DOM mirroring approach strips content from a page en-route to the user. For complex web pages, a remote browser may not be able to render it, and stripping content from it might break the site entirely.
  • Incomplete Protection: DOM mirroring relies on stripping certain types of content from a webpage to render it safe for users. However, a sophisticated phishing page may be able to conceal malicious content as other types of content that the solution allows to pass through to the user.
  • Expense: RBI solutions require all of an organization’s web traffic to be routed through and analyzed within the cloud. This can make these solutions expensive and difficult for organizations to deploy RBI across all employees.

Remote Browser Isolation with Check Point

While RBI has a lot of promise, it rarely lives up to it. The cost and performance limitations of many RBI solutions mean that organizations rarely deploy them across all employees and all websites. This creates security gaps that leave these companies and their workers vulnerable to attack.

 

Harmony Browse provides a better alternative by offering complete, local browser isolation. Harmony Browse inserts a nano agent directly in the browser. This allows it to inspect 100% of SSL traffic without rerouting it and causing latency issues. Protection is on the endpoint itself, giving a very high level of security without impacting the browsing experience.

 

Harmony Browse’s balance of web security and performance for local browser isolation needs to be seen in action to be believed. Check it out for yourself in this demo video.

Recommended Resources

×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO