Due to the spread of COVID-19, people have to work from home and work remotely. Employees can access to the organization network from anywhere via their computers, notebooks, smartphones, etc. These devices can link with the online network via browsers and people can download data from the internet. This is now considered a risk that occurs on the endpoint in the organization. Such risk is often caused by a browser, for example, a user clicks a phishing link and downloads a file containing malware, or the user is attacked by a ransomware or Zero-Day malware “unconsciously”.
At present, most enterprise solutions rely solely on URL signatures or DNS and these solutions are not enough. Therefore, the organization is now encountering 3 obstacles arising from browsing as follows.
- Security – Problems regarding security and data leakage. It causes data recovery cost, reputational damage and affects the business operation.
- Control – Unable to effectively control who downloads what and how.
- Compliance –The organization will be punished or fined when it does not pass the inspection standards.
What is “Remote Browser Isolation” and how does it work?
Remote Browser Isolation (RBI) or Web isolation or Browser isolation is a web-based security solution designed to protect users from the internet threats. It renders the internet content in a sandbox such as a container, and transmit the final rendered content to the browser to prevent malware embedded in web pages.
Operation of Remote Browser Isolation (RBI)
Remote Browser Isolation Service is run in a container instance as 1 instance per 1 user. It interacts between the website and the endpoint (user).
Remote Browser Isolation Service sends the rendered content back to the endpoint with special protocols and formats based on the concept of each solution.
User’s activities like keyboard clicking, mouse clicking or scrolling are sent back to the isolation service through an encrypted channel and it is processed at RBI service.
Types of RBI solution
- DOM Mirroring: It is a solution to create a web page filtering some contents from a web page before sending the rest to the user. This approach has advantages in user experience, cost and latency, but it does not solve security issues. Since threats are always updated, we cannot be 100% certain that the solution can screen them all. Moreover, if the solution is not updated, it may cause an incorrect display.
- Pixel Reconstruction: It is a solution for displaying web pages at the user’s screen by sending a collection of pixels as the end result of the web page rendering process to display on the user’s screen. This will process all rendered web pages on the container instance, and then send the final image to the browser on the user’s screen, so the user only receives the pixel dataset but does not receive the generated codes. It can prevent malware embedded in web pages. This solution has advantages in security but it still cannot expand the usability. In addition, it consumes high bandwidth, cannot display high resolution images, and does not support the display on smartphone screen, so it affects user experience.
Although Remote Browser Isolation (RBI) has the potential to protect organizations and their users from cyber-attacks, these solutions still have the following limitations:
- Latency: All user browsing traffic is either redirected through the Cloud system or processed at the container before being transmitted to the endpoint, thus it causes latency to the connection and affects user experience.
- Website support: For complex websites, either with DOM Mirroring or Pixel Reconstruction solutions, processing through the remote browser may not be fully rendered and the content may be removed from the web page, or the web page may be completely corrupted.
- Incomplete protection: DOM Mirroring is a solution that filters some types of content from a web page before transmitting the rest to the user, but for sophisticated phishing page, it may be able to conceal malicious content.
- Expense: RBI solutions are expensive and difficult for organizations to apply to all employees.
Despite the above limitations of Remote Browser Isolation (RBI) solutions, Gartner, the world’s leading technological research and consulting firm, ranks RBI as a top-tier security solution for 2 consecutive years. Gartner insisted that browser is the first target of cyber threats, and RBI provides the most complete and comprehensive protection against cyberattacks.
Gartner also estimates that by 2022, 25% of the world’s largest enterprises will adopt RBI technology for some high-risk users and use cases, up from less than 1% in 2017 instead of traditional malware protection solutions. This would become an interesting new technology trend in the future.
Source:
https://www.techtalkthai.com/introduction-to-s2-cloudflare-remote-browser-isolation/
https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-remote-browser-isolation-rbi/
https://blog.cloudflare.com/th-th/browser-isolation-for-teams-of-all-sizes-th-th/