A defense-in-depth strategy is essential to modern enterprises, and organizations must deepen their defenses as quickly as possible to fully protect themselves. One promising technology proposes to achieve this by removing web browsing activity from endpoints altogether, while still enabling users to seamlessly and securely interact with the web-based content they need in order to do their jobs. The key to this approach? Secure remote browsing.
Secure remote browsing on the rise
Secure remote browsing, and in particular, remote browser isolation (RBI), represents a new, proactive approach to safeguarding against Internet-borne threats, one that has already been named one of the top security technologies in 2017 by Gartner. Fully complementing existing security frameworks, remote browsing solutions provide an additional layer of defense without impacting business operations or changing the way users access the web.
How it works
Working in conjunction with existing IT policies, all untrusted websites and other web-based content are executed in a remote “safe zone,” inside an isolated virtual environment such as a container. In this way, organizations are able to intercept even undetected or zero-day cyberthreats, before they can penetrate and infect the network.
Additionally, any potential malware encountered during the user’s browsing session is fully contained and disarmed in a demilitarized zone (DMZ) – where it remains isolated from endpoint devices and the files and processes they contain. Once the browsing session is exited or after a default idle period, the remote container is simply discarded, along with any malware that may have been present.
As each browsing session is executed within the disposable container, accessed content is safely rendered in real-time as a virtual content stream that is transmitted to the local browser. All actual interactions with websites occur outside of the corporate network, yet users experience no performance degradation or noticeable latency. From an end user perspective, the rendered webpage is indistinguishable from the original website and supports all interactions with forms, links and content.
In fact, secure remote browsing can actually help optimize user productivity and reduce time-consuming and disruptive helpdesk requests from users. This approach does not rely on disruptive warnings and alerts or pre-emptory content blacklisting to defend against rogue links and corrupt files.
At the same time, existing organization website policies can be inherited, or policies can be tailored specifically for the organization’s browsing needs. Existing “whitelist” or “blacklist” proxy handling can be maintained, with uncategorized sites automatically accessed via the secure browsing solution. This ensures that users can freely access the websites and web-based applications they need for day-to-day workplace tasks. Most solutions also allow policies to be applied on a group basis.
Additionally, some Remote Browser Isolation solutions integrate file sanitization capabilities such as content disarm and reconstruction (CDR) to ensure that files downloaded from websites do not transmit malicious content to user devices or organizational networks.
Enterprises that are considering secure browsing solutions should look for one that supports all HTML5-based browsers, operating systems and devices. Clientless solutions that enable centralized deployment and management can help minimize the IT overhead and complexity associated with ongoing updates and endpoint installs, while supporting endpoint diversity and BYOD initiatives. Similarly, remote browser solutions typically offer the flexibility to choose between on premise or cloud-based deployment, or a combination of both.
Browser isolation effectively augments existing web-security frameworks, helping enterprises stay ahead of the everchanging cybersecurity landscape, infinitely increasing the basic defenses of patches and antivirus updates for example, yet adding very little overhead. In this way, remote browsing represents an effective, proactive defense against ransomware and other malware, adding measurable power to existing IT investments, with minimal operational demands.