Browser Isolation & How It Works

Web browsers are an essential part of using the internet. Unfortunately, they are also an ideal tool for hackers and cybercriminals, aiding their efforts to infiltrate a device or network.

That’s because web browsers can lack strong internet security. Cybercriminals take advantage of security flaws in these applications or rely on poor security to sneak malware through dangerous and unsecure web content. Among the cybersecurity measures you can take to reduce the risk of cyber threats, browser isolation can serve as a strong line of defense against the ever-growing threat of malware.

What is browser isolation?

Browser isolation is a technology that contains web browsing activity within an isolated environment, like a virtual machine or sandbox. This isolation may occur locally on the computer or remotely on a server. Browser isolation – also known as web isolation – provides additional security for your devices and networks when using a web browser, and is a strong deterrent to cybercriminals, significantly reducing the risk of malware infiltration.

Browser isolation is used by many IT departments and cybersecurity teams but less so by the public. This is often because browser isolation is not widely understood.

How does browser isolation work?

When you visit a web page, the URL in the address bar typically begins with “https” or “http”. The “s” at the end is important because it indicates that the web page is secure and has an up-to-date SSL certificate. If that “s” is missing, there is a risk that the web page could have been compromised or contains malicious content.

Not every unsecure web page is cause for alarm, but not knowing which web pages you can trust and which ones you can’t is a potential risk. And there’s no guarantee that you’ll always be able to avoid unsecure and dangerous websites. So, browser isolation assumes that every web page you visit could contain a potential cyber threat. This approach is referred to as zero-trust.

Browser isolation builds ‘walls’ around network activity, creating an isolated environment that is sealed off from outside attempts at infiltration, specifically malware. Essentially, it keeps internet activity separate from a user’s actual device by putting it in a protected, virtual environment. If a user comes across a malware threat, the malware is held at bay outside this virtual environment, and never actually makes it to their computer or device. This strong malware protection allows internet users to engage in normal browsing without having to worry about cyber threats that may be lurking on various web pages.

There are different ways browser isolation can be implemented. A typical process might involve:

  • Removing browsing activity from a user’s device and executing it within a virtual environment.
  • Automatically destroying the browsing environment at the end of each browsing session. This means that if a user encounters anything malicious, it is wiped away at the end of the session. When the user connects to the secure virtual browser again, they receive a clean, new image, free of any malware.

Browser isolation enables users to browse the internet as they normally would, while at the same time protecting their network and devices from malicious websites and other web-based threats. Browser isolation also protects against malicious emails when using a web-based email server.

When using browser isolation in an organization, you can significantly reduce the risk of data loss, the number of security alerts, and the costs involved in recovering from a malware infection.

Types of browser isolation

Generally, there are three types of browser isolation: remote (or cloud-hosted), on-premise, and client-side:

  • Remote browser isolation technology loads webpages and executes associated JavaScript code on a cloud server – which means it is removed from user devices and organizations’ internal networks.
  • On-premise browser isolation carries out the same task, but on a server that an organization manages internally.
  • Client-side browser isolation loads the webpages on a user’s device but uses sandboxing or virtualization to separate website code and content from the rest of the device.

In all three methods of browser isolation, the user’s browsing session is deleted when it ends, so malicious downloads associated with the session are eliminated.

Although remote browser isolation is a specific implementation of browser isolation, in practice, when someone refers to browser isolation, they often mean remote browser isolation. The benefit of performing the isolation remotely is that it offers greater security and requires fewer client-side resources compared to performing the isolation locally on the user’s computer.

What threats does browser isolation defend against?

Webpages and web apps are composed of HTML, CSS, and JavaScript code. HTML and CSS are markup languages, which means they only provide formatting instructions, while JavaScript is a full programming language. JavaScript is useful for facilitating many of the features seen in modern web applications but can also be used maliciously. Malicious JavaScript is particularly dangerous because most web browsers automatically execute all JavaScript associated with a page. Various attacks are possible using JavaScript, and these include:

  • Drive-by downloads: The simple act of loading a webpage initiates the download of a malicious payload. Drive-by downloads usually exploit unpatched vulnerabilities in a browser.
  • Malvertising: Malicious code is injected into legitimate ad networks. When the malicious ads are displayed, the code executes, which can redirect visitors to malicious websites. Because legitimate ad networks unintentionally distribute the malicious code, malvertising can compromise even genuine websites which receive a high volume of traffic.
  • Click-jacking: A webpage is designed so that a user is tricked into clicking on something they did not mean to. Click-jacking can be used to send users to scam websites, generate fake ad revenue, or initiate a malware download.

Other common in-browser attacks (which may or may not involve JavaScript) include:

  • On-path browser attacks: These attacks exploit browser vulnerabilities to compromise a user’s browser, so that attackers can distort the web content shown to the user or even impersonate the user.
  • Redirect attacks: A user attempts to load a legitimate URL but is instead redirected to a URL controlled by an attacker.
  • Cross-site scripting: Malicious code is injected into a website or web app. This allows attackers to carry out a range of malicious activities, such as stealing a session cookie or login token and then impersonating genuine users.

Why is browser isolation becoming more popular?

Two key trends are driving the rise of browser isolation. These are:

  • The increasing volume and sophistication of cyber attacks, such as phishing scams and ransomware
  • The shift to remote or hybrid working around the world

The sharp rise in remote working has increased the online security risks that companies are exposed to. This is often because employees operate from less secure personal networks while still retaining access to sensitive business data. Remote working highlights the importance of cyber hygiene – just one poor decision by a remote worker, possibly by falling for social engineering, can be all it takes to circumvent a company’s security defenses and cause both financial and reputational damage.

As a result of these trends, more organizations are looking to browser isolation to protect themselves from both known and unknown cyber threats. Browser isolation is considered important for endpoint security because it’s less about attempting to prevent breaches, and more about containing them. This means that however sophisticated attacks become, they can’t impact businesses when browsing activity is isolated from the business network. Many organizations are frustrated with the failure of legacy-based approaches to web security to prevent web-based attacks and see browser isolation as an important tool in maximizing security.

For example, application isolation allows IT departments and cybersecurity teams to implement user-level controls that limit each user’s applications, how they can access them, and what actions they can perform on each app. This is useful in the context of hybrid working and Secure Service Access.

Benefits of browser isolation

The internet is a minefield of malware and malicious content, and web browsers serve as an open doorway for cyber threats to enter your network. Browser isolation offers strong security benefits for both organizations and individuals. These include:

Protection from malicious websites:

Because local code execution takes place away from the user’s device, they are protected from malicious websites.

Protection from malicious emails:

Browser isolation means web-based emails are rendered harmlessly in the remote server. Links within emails are automatically opened in the remote server too.

Protection from malicious links:

All links – whether in webpages, social media, emails, or documents – are opened in the isolated browser, which means users are protected.

Protection from malicious downloads:

Downloads are scanned to eliminate threats. In organizational settings, administrators can control which files users are allowed to download.

Protection from malicious ads:

Browser isolation means ads and trackers are blocked. If any ads are displayed, they are rendered remotely, protecting against malicious ads.

Data loss prevention:

Built-in capabilities protect data from being accidentally or intentionally exfiltrated. These capabilities allow an administrator to restrict the files a user can upload to the internet.

User behavior analytics:

Organizations can obtain analytics into users’ web activities, which can be used to detect insider threats and unproductive employees.

Reduced volume of security alerts:

Isolating web content on a remote server leads to fewer security alerts and false positives that require investigation.

Eliminates the cost of web-based malware:

The effects of a malware infection can be highly damaging and require significant resources to fix. Isolated browsing protects networks from web-based malware.

FAQs about browser isolation

Frequently asked questions about browser isolation and remote web browsing include:

What is browser isolation?

Browser isolation is a web security technology that neutralizes online threats by hosting users’ web browsing sessions in a secured environment. There are three main types of browser isolation – remote browser isolation, on-premise browser isolation, and client-side browser isolation.

How does remote browser isolation work?

Remote browser isolation separates web content from the user’s device to reduce its attack surface. The endpoint receives a pixel-based stream of a webpage or app, rather than the active content. The user’s experience remains satisfactory and hidden malicious code can’t reach them.

What are the challenges of remote browser isolation?

Despite their benefits, many remote browser isolation services have challenges too. Sandboxing a large volume of browsing sessions, and streaming the sessions to users, can result in high latency, high bandwidth consumption and high costs.

Recommended products:

Further reading:

Leave a Reply

Your email address will not be published. Required fields are marked *