Browser Isolation: An In-Depth Look
What is Browser Isolation?
Browser isolation is a security model that physically isolates Internet users’ browsing activity from their local computers, networks, and infrastructure. In this model, browser sessions are abstracted from the hardware the browser is running on, and the Internet connection being used, ensuring that harmful activities can only affect the isolated browser environment. This model is also known as a virtual browser.
Browser isolation works by providing users with a one-off, non-persistent browsing experience. This can be done in a number of ways, but usually includes virtualization, containerization, or cloud-based application virtualization. The isolated environment is reset or deleted when the user closes the browsing session or the session times out. In addition, malware and malicious traffic are also discarded, so they do not reach the endpoint device or network.
Types of Isolated Browsing
There are two main containment techniques for isolated browsing: local and remote isolation.
This is the traditional isolation method. It includes running a sandbox or virtual machine on the user’s local computer to isolate its data from dangerous web browsing.
Remote browser isolation uses virtualization to create an isolated browser environment on a remote server. The user browses the Internet on the remote virtual environment. The remote server can be located in an organization’s network or hosted in the cloud.
In the remote isolated browser, there are two primary ways to isolate the user’s local device from web content. DOM mirroring is a technique that excludes certain types of web content that is considered dangerous, while displaying other types of web content in their original form—but the browser is not fully isolated.
Another technique is visual streaming, where the browser runs on the remote server and only its visual output is transmitted to the user’s device. This works similarly to virtual desktop infrastructure (VDI) systems. This provides complete isolation between the remote browser and endpoints.
What Threats Does Browser Isolation Defend Against?
This can lead to attacks like drive-by downloads, in which the browser downloads files without the user’s consent, “malvertising”, in which malicious code is executed when the user views an ad, and clickjacking, which involves tricking users into clicking links they did not intend to click. XSS can also be used to hijack user sessions and steal credentials.
There are several other browser-based threat vectors, including forced redirects to malicious URLs, and exploiting unpatched browser vulnerabilities.
Almost all these threats can be prevented by using browser isolation, because malicious activity occurs in an isolated or remote environment, not directly on the user’s device. For example, if a malicious script forces a redirection or a drive-by download, this would not affect the user, as the URL or file are executed in an isolated environment.
Components of a Browser Isolation System
An isolated browser system is typically built of the following components.
End users initiate web requests using a client interface, deployed on their local device. A client can be deployed on any desktop, laptop, smartphone or other computing device that has an Internet connection and local web browser.
In local browser isolation, the client coexists with an isolation solution that can run the browser separately from the local environment. In a remote browser solution, the client shows the visual output of the remote browser.
Web Security Service
Determines what traffic and types of content should be allowed for the user. Most browser isolation solutions have built-in web security services that can be configured according to your business needs. For example, you can choose to exclude traffic from certain websites, filter out specific types of content (such as Adobe Flash elements), block downloads in certain circumstances, and display warnings when suspicious behavior occurs.
Threat Isolation Engine
A decision engine that can run specific types of content in an isolated browser, depending on security rules from the web security service. It allows users to work in a regular, non-isolated browser, and switch activity to an isolated browser when needed.
Containers are independent packages that can run software independently of the surrounding infrastructure. The container is disposable, launched to accommodate one user session, and securely deleted when the user ends their session, to ensure any malware or threats are removed from the local system.
A secure channel for data to flow between the client and the web security service. The web socket is connected to the client, receives instructions from the security service, and applies them to the browser environment in real time.
This is the infrastructure that runs the isolated browser. It can be:
- The local user’s device, running an isolation solution
- A server managed by your organization on-premises
- A server running in the cloud
- A fully managed third party service
The Public Web
The user uses the client to access addresses in the public Internet. However, unlike a regular browsing experience, communication is between public websites and the isolated browser, which may be hosted in a remote location. Some of the data may be blocked or filtered as defined in the web security service. The resulting content is displayed in the client.
Internet content retrieved by browser isolation systems can be legitimate or malicious. Some solutions display all content as is, as long as it meets basic security requirements. Other solutions add a layer of content filtering, allowing you to block inappropriate content and preventing it from being accessed by the client, even if it bears no direct security risk.
Browser Isolation with Perception Point’s Advanced Browser Security
Perception Point Advanced Browser Security adds enterprise-grade security to standard browsers like Chrome, Edge, and Safari. The solution fuses advanced threat detection with browser-level governance and DLP controls providing organizations of all sizes with unprecedented ability to detect, prevent and remediate web threats including sophisticated phishing attacks, ransomware, exploits, Zero-Days, and more.
By transforming the organizational browser into a protected work environment, the access to sensitive corporate infrastructure and SaaS applications is secure from data loss and insider threats. The solution is seamlessly deployed on the endpoints via a browser extension and is managed centrally from a cloud-based console. There is no need to tunnel/proxy traffic through Perception Point.
An all-included managed Incident Response service is available for all customers 24/7. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.
Customers deploying the solution will experience fewer breaches, while providing their users with a better experience as they have the freedom to browse the web, use SaaS applications that they require, and access privileged corporate data, confidently, securely, and without added latency.
Contact us for a demo of our Advanced Browser Security solution, today.
TALK TO SALES