Remote Browser Isolation (RBI): An In-Depth Look

What is a Remote Browser?

Remote browser isolation (RBI), a virtual browser technique, provides an additional security layer against threats originating from web browsers. RBI helps you reduce the attack surface by separating user browsing activities from endpoint hardware.

Here is how the process typically works:

A user attempts to access a web application or page.

• The web application or page is loaded on a remote browser.
• The remote browser serves the user with a rendering of the requested page. The page loads as usual, but the remote browser delivers only pixels to the end-user device, not full HTML.

This process ensures that active content, including malware, is not downloaded—ensuring the endpoint device remains safe.

This article is part of a series about browser security.

How RBI Shields Your Network From Cyber Attacks

Remote browser isolation technology takes a zero trust approach, and does not implicitly trust any website. It moves all Internet activity into an isolated environment, ensuring a safe web browsing experience. Gartner reports that by 2022, 25% of businesses will adopt browser isolation technology, and that RBI can reduce attacks on end-user systems by as much as 70%.

RBI solutions allow businesses to manage remote access to corporate networks, and secure unmanaged devices when accessing Internet resources. When users access the Internet through a remote browser application, they view web content over a secure channel—typically only the visual representation of web pages, without accessing files or executing codes on the local environment. If a malicious link is opened in an isolated environment, it will not affect the employee’s system.

RBI can protect organizations from known and unknown web-based threats such as ransomware, zero-day attacks, and drive-by-download attacks. RBI not only protects web browsers from attacks, but also prevents disclosure of sensitive user data and browser history that attackers can use for malicious purposes.

Related content: read our guide to browser isolation

Key Functionality of an RBI Solution

RBI solutions can provide a wide range of capabilities, depending on the type of isolation enabled. Here are several functionalities any RBI solution should provide:

User Authentication

when an RBI is asked to create an isolated browser instance, it first needs to authenticate the user. Once the user is authenticated, the solution can load the profile permissions, preferences, and settings of the user, and create the browser accordingly. There are solutions that use a cache to enable users to log in without having to constantly input their credentials.

Instance Management

there are several ways to create an isolated instance—as a container, a virtual machine (VM), or as a sandbox. During normal operations, the solution shuts down the instance when the user ends the session.

Several responses are initiated when the solution detects a threat. First, the instance attempts to eliminate the threat. If the instance becomes compromised, the solution shuts it down and deploys a new instance (including all tabs that were open during the session).

User Session Management

Here is what the RBI solution should do during a remote browser session:

• Process user requests
• Pass user requests to the browser instance
• Collect session data, including the duration, browser cache, and opened URLs
• Save session data after the session is terminated

Web Content Mirroring

The main functionality provided by RBI systems is streaming remote browser data to a local endpoint. To achieve this, RBI solutions need to do the following:

• Process user events, including keystrokes, mouse clicks, scrolling, and more
• Match user events with the relevant web page elements
• Detect changes that occur in open tabs
• Send changes to the user, in the form of a sanitized web page or video.
• Support browsing features, including plug-ins and Software as a Service (SaaS) applications.

Cybersecurity Policies

Cybersecurity policies help you efficiently manage RBI. You can use a cybersecurity policy to whitelist trustworthy web applications, as well as content that can be rendered on devices. You can also use policies to specify user permissions, defining who can access certain types of content or URLs.

Threat Detection

The main purpose of RBI is to secure browsing and prevent threats. To do this, the RBI solution needs to come with threat detection capabilities, which enable the solution to monitor for threats and suspicious activity. Once the RBI system detects a threat, it needs to sanitize the content and then send the sanitized content to the user.

Load Balancing

RBI solutions rely heavily on content mirroring. This can negatively impact the bandwidth of users and the remote instance. To ensure positive user experience and optimal performance, RBI solutions need to balance the load. Here is how:

• Compress data sent to user devices
• Create additional instances when instances become overloaded
• Reduce the quality of media content like video and audio

Multi-Tenancy Support

Multi-tenancy helps RBI systems to maintain high availability for users across the world, generally improve bandwidth and load management, and improve scaling.

How Does Remote Browser Isolation (RBI) Work?

The user’s endpoint device interacts with a remote browser isolation service, which manages a number of containerized or virtualized browser instances. The RBI service also facilitates communication between this browser and the Internet. Finally, the RBI service delivers rendered web content back to the endpoint device.

There are two primary techniques used to stream content from cloud-based browsers to end-user devices:

• Pixel pushing—captures pixel images of content rendered in the remote browser, and transmits them to the client’s browser or a locally-deployed agent. This is similar to desktop sharing solutions. The inherent advantage of this approach is that it is very secure, since files or executable code never reaches the endpoint device.
• DOM reconstruction—attempts to clean web page code before sending it to the local endpoint, where it is rendered on the browser as usual. The remote browser removes potentially malicious code. This technique was introduced in response to the challenges of pixel pusing (detailed below), and provides a much faster user experience and high fidelity rendering of web pages.

Another element of RBI systems is a remote file viewer, that allows users to view files like Microsoft Office documents or PDFs, without having to download them. The remote browser may offer the option of downloading files to the user’s local device in a controlled manner, after scanning and verifying the files are safe.

Challenges of RBI Technology

Each of the two RBI techniques we detailed above has its unique challenges.

Challenges of pixel pushing

• High cost—encoding and transmitting video streams to multiple user endpoints is computationally intensive, and requires high bandwidth.
• High latency—because of the need to render browser pages on a remote browser, create a video stream and push it to the user, typically over a public network, this technique involves high latency and creates a poor user experience compared to local browsing.
• Mobile support—the need for high bandwidth makes it difficult to support this technique with common mobile devices.
• Low resolution—pixel pushing does not display well on high DPI displays, such as Apple Retina.

Challenges of DOM reconstruction

• Security issues—although DOM reconstruction aims to “clean” website code from malicious elements, it is not foolproof. There is a major risk that malicious code will not be identified or properly cleaned and will make its way to the user’s device.
• Limited fidelity—in the attempt to remove malicious elements, this technique often breaks web pages, especially if they are dynamically generated using JavaScript. Modern web users access a wide variety of complex web applications using their browsers, and many of these applications will not work or will present limited functionality.

Evaluating Remote Browser Solutions

Here are some important considerations when evaluating remote browsers for your organization:

• Need for local agent—check if the solution requires deployment of an agent or local proxy on user endpoints. This can make deployment and operations of the solution much more complex.
• Rendering engine—check how content is rendered and delivered by the remote browser service, and whether it uses the pixel pushing or DOM reconstruction technique.
• Support for plugins—check which browser plugins are supported, and whether the remote browser solution supports common extensions like PDF and Java.
• Support for web applications—check if the remote browser supports SaaS applications used by your users, such as Gmail and Office 365. In some cases, web applications may be blacklisted by the remote browser due to security concerns.
• Cut and paste—if your security policy allows users to cut and paste content to the local device, check if the remote browser solution supports this, and whether copy-paste is enabled only for text, or also for rich objects like images and documents.
• Operating system licensing—check which operating system is used for browser containers or VMs. If it is Windows, identify if licensing is included in the service price or if you need to provide licenses for each remote browser.
• Virtualization model—check if browsers run in full VMs or containers. VMs provide stronger isolation, but they require more resources to run and take longer to start. Containers offer faster startup and better server utilization.

Perception Point Advanced Browser Security

Perception Point Advanced Browser Security adds enterprise-grade security to standard browsers like Chrome, Edge, and Safari. The solution fuses advanced threat detection with browser-level governance and DLP controls providing organizations of all sizes with unprecedented ability to detect, prevent and remediate web threats including sophisticated phishing attacks, ransomware, exploits, Zero-Days, and more.

By transforming the organizational browser into a protected work environment, the access to sensitive corporate infrastructure and SaaS applications is secure from data loss and insider threats. The solution is seamlessly deployed on the endpoints via a browser extension and is managed centrally from a cloud-based console. There is no need to tunnel/proxy traffic through Perception Point.

An all-included managed Incident Response service is available for all customers 24/7. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.

Customers deploying the solution will experience fewer breaches, while providing their users with a better experience as they have the freedom to browse the web, use SaaS applications that they require, and access privileged corporate data, confidently, securely, and without added latency.

Contact us for a demo of our Advanced Browser Security solution, today.