In the current climate, we all recognize the need to secure our networks against outside threats. Perimeter defense tools such as firewalls and web gateways play an important role, but the fact is that attacks are still getting through.
Why is this happening, and how can we ensure that cyber criminals are not successful in their attempts to infect our systems or access valuable data? If you’re looking for a way to protect your organization, then remote browser isolation might just be the answer.
Browser vulnerability
The internet has become an essential asset for almost every business; the ability for any employee to quickly and independently access the latest information is vital whatever your industry.
Of course, we all know that not all of the browsing we do at work is related to our jobs; and with recent reports suggesting that the average worker is only productive for 2 hours 53 minutes every day, that equates to a lot of different websites being accessed through the company network.
How can we be sure that all that browsing is not exposing the company to threats?
Malware often targets the security vulnerabilities in old versions of browsers and plug-ins. In fact, browser-based attacks are the leading source of attacks on users. And while ideally we would just ensure every employee is using the same up-to-date secure browser, this has proved practically impossible, especially since the advent of telecommuting.
With 58% of Americans now working remotely at least part of the time, the number and variety of devices being used has skyrocketed, and that’s unlikely to change anytime soon. Stopping browser-based attacks altogether is not a viable strategy, so we need a way to prevent them from inflicting damage.
Remote browsing
In short, we need a way for employees to browse freely without exposing the corporate network itself.
Remote browser isolation achieves just that by executing the code of a web page inside a secure virtual container, located between a user’s device and the Internet. Files can be rendered remotely but only a visual representation of the web content is sent to the user, and any malicious activity is confined to that container.
So even if a naive user opens an infected email attachment, that malware has nowhere to go—it will never touch their machine. And at the end of each session the disposable container is destroyed, along with any malicious content.
By moving browsing off the endpoint device, off the corporate network, the impact of an attack is greatly reduced, and we can prevent the exfiltration of potentially sensitive data.
The advantages
Sure, that might sound great, but what makes remote browser isolation different from other isolation techniques? Why not use a virtual desktop infrastructure (VDI) or endpoint isolation, which many of us are probably more familiar with?
It’s true, running a virtual machine on a centralized server (as in the case of a VDI) or on a user’s device (with endpoint isolation) can also help isolate infections and safeguard your enterprise. But even leaving aside the limited protection that a VDI offers, there are two overwhelming reasons why remote browsing is the way to go.
The first is the user experience. Due to the resource requirements of continuously running a virtual machine (VM), working with them is often painfully slow. This not only hits productivity but will be a source of serious pushback from your employees.
Some applications they’ve grown to rely upon might not be supported by the VM, and they may not be able to use the operating system of their choice. With remote browser isolation on the other hand, web access is secure but feels seamless and unrestricted, and employees are free to use whichever device and operating system suits them.
Which brings us to our second reason—ease of deployment. As we mentioned earlier, both the number and variety of devices being used in the workplace have increased significantly over the last few years, which makes installing software at every endpoint a huge if not near-impossible task.
And with that trend set to continue we need scalability; the ongoing costs of upgrading a VDI infrastructure or the hardware on individual machines to cope may well be prohibitive (or a hard sell to management at the very least!). Again, because there’s no endpoint agent, remote browser isolation can be scaled quickly and cheaply.
Implementation
If you decide to go ahead with implementing this technology, there are a number of features that you should look out for. The aforementioned support for all operating systems should come as standard, and the same goes for browser compatibility, that flexibility being very important for many employees.
Vendors now offer other ways to enhance the user experience too, such as ad blockers and single sign-on capability, both of which are worth considering. And make sure you check out a product demo—they might all offer that seamless browsing experience but not all products will deliver the same performance on your environment.
Although remote browser isolation is designed to facilitate ‘unrestricted’ browsing, clearly many organizations will still want to implement some browsing policies. Leading products package a convenient way to enforce them universally, as well as a level of user behavior analytics that provides oversight and control of employee web activity.
Another useful security feature is anonymous browsing, so that websites only see information about the vendor’s servers and not the user, and you can’t be identified or tracked.
A growing market
Gartner included remote browser isolation among their top 10 security technologies for 2017, and their September 2016 report ‘It's Time to Isolate Your Users From the Internet Cesspool With Remote Browsing’, brought the technology into the limelight. The wider cybersecurity industry has indeed taken notice—the recent Symantec acquisition of browser isolation startup Fireglass a clear statement of intent.
The market is expected to grow rapidly in the coming years, with Gartner predicting that by 2021, 50% of enterprises will leverage browser isolation to reduce attacks, up from less than 5% in 2016. Unsurprising, the competition for a piece of that market is heating up, with new products and vendors claiming to offer more scalable architectures and reduced server requirements.
All of which should be good news for consumers, hopefully making the technology an affordable solution for enterprises of all sizes. Remote browser isolation is a significant development in the fight against cybercrime, and one that could play a key part in securing the valuable assets of your organization.
