Browser isolation solutions execute the online browsing activity of each of your company’s end users in a secure sandbox environment. This means that, if the user opens a malicious webpage or downloads a malicious attachment, any dangerous content is contained within the sandbox environment, where it can’t damage the user’s live system or network.
There are two main types of browser isolation: local (on-premises) and remote. Local browser isolation solutions execute browsing activity in a sandbox that’s hosted locally on the user’s computer. Remote browser isolation solutions execute browsing activity in a remote cloud server that’s completely isolated from the user’s local machine. With both types of browser isolation, the user has a completely normal browsing experience, but their browsing activities take place within the sandbox—so any threats are executed in isolation of their local machine and network.
Because browser isolation vendors focus on sandboxing or containing web threats—rather than blocking access to them and the websites on which they’re hosted—admins don’t have to restrict user access to certain websites or domains that may be malicious, or malicious pages within legitimate domains. This enables security teams to protect their users against web-based malware and phishing, without having to constantly update lists of trusted or known malicious pages. It also increases employee productivity by enabling them to carry out research without the restriction of certain websites being blocked.
In this article, we’ll explore the top local and remote browser isolation solutions designed to protect your organization against web-based threats such as malware and phishing. These solutions offer a range of capabilities, including document isolation, read-only modes and data loss prevention (DLP), reporting, and attack forensics. We’ll give you some background information on the browser isolation vendors and highlight the key features of the solutions themselves, as well as the type of customer that they are most suitable for.
What Is Browser Isolation?
Browser isolation is an approach to web security that isolates or sandboxes online threats instead of blocking access to them, as more traditional web filtering solutions do. Remote browser isolation solutions do this by executing all browsing activity in a remote server that’s isolated from your local environment; local or on-premises browser isolation solutions execute browsing activity in a secure server elsewhere within your organization’s private network.
This means that when a user visits a malicious webpage or clicks to download a malicious file, the malware is executed in that isolated sandbox and cannot affect the user’s device.
When accessing the internet via a browser isolation solution, users should be able to browse as normal and with minimal latency, including using commands such as “copy” and “paste”.
How Do Browser Isolation Solutions Work?
Browser isolation solutions fetch and execute web-based commands in secure, remote servers. These servers can be in the cloud or on-prem—the main point is that they’re completely isolated from your users’ devices. When a user starts a browsing session, their browsing activities are carried out in the isolated server. The browser isolation vendor then renders the session on the user’s device in one of three ways: by streaming the browser, inspecting and rewriting each page and then sending it to the local browser, or sending a vector graphic representation of the final webpage to the user.
One way to think of this is like using an interactive, live screen recording. It gives the user a completely normal, unrestricted browsing experience, whilst protecting them against web-based threats such as malware.
Remote Vs. Local Browser Isolation: Which Should You Choose?
There are positives and negatives to both types of browser isolation—the one you choose really depends on what your priorities are as a business.
Remote browser isolation solutions are cloud-based, so they don’t require you to install any plug-ins, agents, or clients. This makes them highly scalable, and it also means that they’re compatible with all devices and operating systems.
Local browser isolation solutions require you to provide your own isolation servers, which can be expensive, and the isolation must usually occur within your firewall; when using remote browser isolation, it occurs outside your firewall. This means that, with local browser isolation, your internal network may still be at risk even though user devices are protected against malware. Finally, local browser isolation solutions can be difficult to scale across multiple networks, which makes them difficult to implement for companies with multiple offices or remote workers. However, local browser isolation often has less latency than remote browser isolation.
What Are The Benefits Of Browser Isolation?
Local and remote browser isolation solutions both offer three key benefits:
- Reduce web-based threats. Browser isolation solutions greatly reduce the risk of malware from spreading across your network by preventing users from downloading malicious code to their devices. Some browser isolation vendors also offer integrations with email clients, thereby help prevent phishing attacks administered this way. When a user clicks on a malicious link or file in a phishing email, the browser isolation solution displays a safe “read-only” version of the file or page.
- Increase user productivity. Some more traditional web security solutions, such as DNS filters, can cause friction in the browsing experience as they may falsely identify pages as being harmful and restrict user access to them. Browser isolation provides users with a native, unhindered browsing experience; they can visit any page, using any browser, and download any file, without it being flagged as malware and blocked. Users can even use commands such as “copy”, “paste”, and “print”.
- Save admin resources. Browser isolation requires less management after initial set-up than traditional web filters do; they don’t require admins to set up allow/deny lists or investigate alerts that tell them a user has attempted to visit a site that may be unsafe. Some isolation solutions, however, still do offer website classification that enables admins to restrict access from certain types of web page, such as adult content or social media sites.
What Features Should You Look For In A Browser Isolation Solution?
There are a few key features that you should look for when choosing a browser isolation vendor or solution:
- Browser isolation for malware blocking. Your chosen solution should execute browsing sessions in an environment isolated from your end users’ devices—this could be in an on-premises sandbox (local browser isolation) or in a remote cloud server (remote browser isolation). This will ensure any malicious code is “detonated” in the secure sandbox environment and can’t be downloaded onto a user device.
- Email integration for phishing protection. The best browser isolation solutions offer integrations with popular email clients so that, when a user opens a link in an email, that link is opened in the secure sandbox, rather than locally on their device. This means that even if a user were to accidentally click on a phishing link, they wouldn’t download any malicious content.
- Document isolation for protection against malicious files. By opening documents such as PDFs, Microsoft 365, and Google files in an isolated environment (rather than directly to their device from the internet), browser isolation and remote browser isolation solutions protect users against malicious downloads. Admins should, however, be able to allow users to download the original file if they need to once it’s been rendered, tested, and marked as safe.
- “Read-only” modes for protection against credential theft. Your chosen browser isolation solution should enable you to configure “read only” modes for suspicious or unknown web pages. This means that if a user were to visit a phishing page, they wouldn’t be able to enter their credentials into any forms on that page; they’d only be able to view its content without interacting. Some solutions also enable admins to prevent users from uploading files to certain websites.
- Reporting and analytics. Any strong browser isolation solution should provide admins with reports on attacks that the solution has prevented. This will enable admins to identify which users are visiting malicious web pages so they can carry out further investigation or assign security awareness training if needed, as well as identify which threats their business is most commonly facing.