Browser Isolation (also known as Web Isolation) is a technology that contains web browsing activity inside an isolated environment, like a sandbox or virtual machine, in order to protect computers from any malware the user may encounter. This isolation may occur locally on the computer or remotely on a server. Browser Isolation technology provides malware protection for day to day browsing by eliminating the opportunity for malware to ever get on the end user’s device.
It essentially secures a computer/network from web-based threats by executing all browsing activity in an isolated virtual environment, so that any threats are contained in this environment and can’t infiltrate the user’s entire ecosystem (their computer’s hard-drive, the other devices on the network, etc.). Even though Browser Isolation is gaining traction as an IT security solution, there is still a lot of misinformation on what Browser Isolation is.
We’re here to clear that up and give you the facts.
Background of Browser Isolation
Web browsers are one of the most common business applications used today. Organizations of every size in every industry rely on the internet one way or the other to successfully conduct their business. Unfortunately, web browsers also present a huge security liability since they are the main way malware gets onto business machines.
Traditionally, organizations have relied on a wide range of security solutions for web-based malware protection, usually detection-based solutions that use an algorithm to determine if the web content coming into a network is good or bad. More restrictive solutions block users from navigating to websites that might contain dangerous code. Examples of these kinds of security products include web proxies and secure web gateways.
The problem with this approach is that there is so much new malware being created every day that these algorithms cannot keep up and blocking users from websites often has a negative effect on productivity. Cybersecurity industry statistics and trends continue to show that security spending is high and still rising as organizations struggle to provide adequate security measures against malware.
In response to these issues, the concept of Browser Isolation was the result of thinking through what it would take to completely stop web-based malware from infiltrating a network. Instead of trying to keep users away from unsafe websites, isolated browsing allows users to safely access any website, even if it is malicious. Browser Isolation technology assumes no web content is safe, so it moves all user browsing activity to an isolated environment away from the user’s computer. Since no content is actually ever accessed from the user’s computer, malware has no way to get into the system.
How Does Browser Isolation Technology Work?
There are different implementation details that vary amongst Browser Isolation vendors but generally, Browser Isolation works by:
- Removing browsing activity from a user’s computer and executing it in a virtual environment.
- Automatically destroying the browsing environment at the end of every browsing session, so if the user ever comes across anything malicious, it gets wiped away at the end of the session. When the user connects to the secure virtual browser again, he/she gets a clean, new image free of any malware. While this isn’t a requirement for Browser Isolation to work, it’s likely a common feature in various solutions.
You can think of Browser Isolation as the difference between a fighter pilot and a drone pilot. A drone pilot can accomplish just about anything an actual fighter pilot can accomplish, but without ever going into the war zone and putting the pilot’s life in danger.
Using Browser Isolation is like being a drone pilot. You can browse the web from a remote location, keeping your network out of harm’s way, but it’ll feel like you’re right there in the middle of the action.
Types of Isolated Browsing
There are two main types of isolation technology: local isolation and remote isolation.
Most people are aware of local isolation, which is the traditional way isolation was done. It involves using either a sandbox or a virtual machine on the user’s local computer to isolate the data on their computers from dangerous web browsing.
With Remote Browser Isolation, the virtualization and isolation happen on a remote server. The user’s browsing activity is moved to a remote virtual environment, and only a real-time visual stream of what is happening on the server is sent to the user’s computer. The remote server can be located on-premise within an organization’s network or hosted in the cloud.
Within the Remote Browser Isolation space, there are sub-categories depending on the degree to which a particular technology isolates the user’s computer from web content.
- DOM Mirroring filters out certain types of web content that it considers dangerous, like Flash and Java, but still allows some types of web content from the internet directly to the user’s computer in its original form.
- Partial Isolation converts the original web content to a safer type of web content, like an HTML5 video, before sending it to the user’s computer.
- Full Isolation does not send any web content to the user’s computer. It sends only a visual stream in the form of pixels.
What’s the Difference Between Browser Isolation and Remote Browser Isolation?
Remote Browser Isolation is a specific implementation of Browser Isolation that occurs remotely by moving the execution of all browsing activity from the user’s computer to a remote server. This remote server can be hosted in the cloud or located on-premise within an organization’s network.
However, in the cybersecurity industry, when someone says Browser Isolation they often really mean Remote Browser Isolation.
The benefit of performing the isolation remotely is that it offers greater security and requires lower client-side resources as compared to performing the isolation locally on the user’s computer.
Browser Isolation From Light Point Security
Web-based malware is a serious threat to many businesses and traditional detection-based methods aren’t enough.
With Browser Isolation, organizations can ensure that their network is protected from malware by keeping browsing activity within an isolated virtual environment.
As the pioneers of Remote Browser Isolation, Light Point Security offers flexible solutions for your organization’s specific needs. Light Point Web, our Browser Isolation platform, integrates seamlessly into standard web browsers to provide our customers with a transparent user experience that requires no change in behavior. Light Point Web can be deployed as a cloud service, a virtual appliance, or an on-premise server.
Request a demo of Light Point Web today and discover how you can protect your business from web-based malware without sacrificing user experience or productivity.