Remote Browser Isolation to Safeguard Against Cyber Threats

Enterprise Security Magazine | Tuesday, January 17, 2023

Gartner estimated that in 2022, 25 percent of the world's largest enterprises would use RBI technology instead of traditional malware protection solutions for some high-risk users and use cases. This would become an interesting new technology trend in the future.

FREMONT, CA: Due to the spread of COVID-19, individuals must work remotely from home. Employees can access the organization's network through desktops, laptops, smartphones, etc. These devices can connect to the online network through browsers, allowing users to download data from the internet. This is currently seen as an endpoint risk within the firm. A browser frequently triggers this danger, such as when a user clicks on a phishing link and downloads a file containing malware or when the user is "unknowingly" attacked by ransomware or Zero-Day malware.

Currently, most enterprise solutions rely simply on URL signatures or DNS, which need to be revised. As a result, the organization now faces the following three hurdles as a result of browsing:

Security - Issues on security and data loss. It incurs data recovery expenses, causes reputational harm, and disrupts business operations.

Control - Unable to control who downloads what and how effectively.

Compliance - The organization will be reprimanded or fined if it fails to meet inspection requirements.

HOW DOES THE "REMOTE BROWSER ISOLATION" (RBI) FUNCTION?

Remote Browser Isolation (RBI) is a web-based security solution that protects users from internet risks. It produces internet content in a sandbox, such as a container, and sends the produced content to the browser to prevent malware from being placed on web pages.

OPERATION OF RBI

RBI Service is executed within a container instance at a rate of 1 instance per user. It facilitates communication between the webpage and the endpoint (user).

Based on the concept of each solution, RBI Service transmits the rendered content back to the endpoint using specialized protocols and file formats.

User actions such as keyboard clicking, mouse-clicking, and scrolling are transmitted back to the isolation service through a secure connection and handled by the RBI service.

TYPES OF RBI SOLUTION

DOM Mirroring:  DOM Mirroring is a technique for creating a web page whose contents are filtered before being sent to the user. This strategy has advantages in terms of user experience, cost, and latency but does not address security concerns. Since dangers are constantly evolving, one cannot guarantee that the solution can detect them. In addition, if the solution is updated, it may result in an accurate presentation.

Pixel Reconstruction:  Pixel Reconstruction is a solution for displaying web pages on the user's screen by transmitting a collection of pixels as the outcome of the web page rendering process to the user's screen. This will process all web pages rendered on the container instance and then deliver the finished image to the user's browser, so the user only receives the pixel dataset and not the generated codes. It prevents malware from being inserted into web pages. This method provides security benefits, but it needs to broaden its usability. In addition, it consumes a great deal of bandwidth, cannot display photos with a high resolution, and does not support the display on a smartphone's screen, negatively impacting the user experience.

Although RBI can safeguard enterprises and their users from cyber-attacks, the following limitations still apply to these solutions:

Latency: All user browsing traffic is either redirected through the Cloud system or handled at the container before transmission to the endpoint, causing latency in the connection and affecting the user experience.

Website support: For complicated websites using DOM Mirroring or Pixel Reconstruction methods, processing through the remote browser may not be fully rendered, content may be removed from the web page, or the web page may become corrupted entirely.

Incomplete protection: DOM Mirroring is a technique that filters some types of web page content before relaying the remainder to the user; however, it may be able to conceal harmful content on sophisticated phishing pages.

Expense: RBI solutions are costly and challenging for corporations to implement.

Despite the limitations above of RBI solutions, Gartner, the world's premier technology research and advisory group, has ranked RBI as a top-tier security solution for the past two years. Gartner maintained that browsers are the primary target of cyber threats, and RBI offers the most comprehensive and thorough security against cyberattacks.

Weekly Brief