Browser isolation protects users from untrusted, potentially malicious websites and apps by confining browsing activity to a secured environment separated from user devices and organizational networks.
What is browser isolation?
Browser isolation is a technology that keeps browsing activity secure by separating the process of loading webpages from the user devices displaying the webpages. This way, potentially malicious webpage code does not run on a user’s device, preventing malware infections and other cyber attacks from impacting user devices and internal networks.
Visiting websites and using web applications involves a web browser loading content and code from remote, untrusted sources (e.g., remote web servers), then executing that code on a user’s device. From a security perspective, browsing the web is reasonably dangerous. Browser isolation loads and directs code far away from users, insulating them. The networks they connect to from the risks — similar to how using robots to perform specific dangerous tasks within a factory can keep the workers safer.
Browser isolation can be an essential component of a Zero Trust security model, in which no user, application, or website is trusted by default.
Why do organizations use browser isolation?
The Internet has become incredibly important to modern business operations. It used to be that business processes took place mainly within an internal corporate network, but that has long since stopped being the case. Instead, employees regularly access websites and web applications to do their work (and to perform personal tasks), and they do so through a browser.
Just as firewalls and network access control help stop attacks directed at internal networks, browser isolation helps stop attacks directed at the browser.
Benefits of browser isolation
- Dangerous downloads are deleted
- Malicious scripts do not execute on a device or inside a private network
- Zero-day exploits* through the browser are blocked
- Malicious web content can be secured without having to block entire websites
*A zero-day exploit is an attack that uses a vulnerability not previously identified or patched. Though rare, zero-day exploits are nearly impossible to stop.
What are the different types of browser isolation?
There are three main kinds of browser isolation: remote (or cloud-hosted), on-premise, and client-side.
- Remote browser isolation technology loads webpages and executes any associated JavaScript code on a cloud server, far removed from user devices and organizations’ internal networks.
- On-premise browser isolation does the same thing, but an organization manages it internally on a server.
- Client-side browser isolation still loads the web pages on a user’s device. Still, it uses virtualization or sandboxing to keep website code and content separate from the rest of the device.
In all three methods of browser isolation, the user’s browsing session is deleted when it ends, so any malicious cookies or downloads associated with the session are eliminated.
How does remote browser isolation work?
Remote or cloud-hosted browser isolation keeps untrusted browser activity as far away from user devices and corporate networks. It does so by conducting a user’s web browsing activities on a cloud server controlled by a cloud vendor. It then transmits the resulting webpages to the user’s device so that the user can interact with the Internet like usual, but without loading entire webpages on their device. Any user actions, such as mouse clicks or form submissions, are transmitted to the cloud server and carried out there.
There are several ways a remote browser isolation server can send web content to a user’s device:
- Stream the browser to the user: The user views a video or an image of their browsing activity; this technique is also known as “pixel pushing.” This method introduces latency to user browsing activities, sometimes resulting in a poor user experience.
- Open, inspect, and rewrite each webpage to remove malicious content, then send it to the local user browser. With this method, DOM rewriting, webpages are loaded in an isolated environment and rewritten to remove potential attacks. Once the content is considered safe, it is sent to the user’s device, where the webpage code loads and executes a second time. This approach may not be compatible with all websites.
- Send the final output of the webpage to the user: Once a webpage fully loads and the browser executes all code, a vector graphics representation of the final version of the webpage is sent to the user.
How does on-premise browser isolation work?
On-premise browser isolation works similarly to remote browser isolation. But instead of taking place on a remote cloud server, browsing occurs on a server inside the organization’s private network. This can cut down on latency compared to some types of remote browser isolation.
The downside of on-premise isolation is that the organization has to provide its servers dedicated to browser isolation, which can be costly. The isolation also usually occurs within the organization’s firewall instead of outside (as during the remote browser isolation process). Even though user devices remain secure from malware and malicious code, the internal network remains at risk. Additionally, on-premise browser isolation is difficult to expand to multiple facilities or networks, especially for remote workforces.
How does client-side browser isolation work?
Like the other kinds of browser isolation, client-side browser isolation virtualizes browser sessions; unlike remote and on-premise browser isolation, client-side browser isolation does this on the user device itself. It attempts to keep browsing separate from the rest of the device using either virtualization or sandboxing.
Virtualization: Virtualization is dividing a computer into separate virtual machines without physically altering the computer. This is done at a layer of the software below the operating system called the “hypervisor.” Theoretically, what happens on one virtual machine should not affect adjacent virtual machines, even on the same device. The rest of the computer remains secure by loading webpages on a separate virtual machine within the user’s computer.
Sandboxing: A sandbox is similar to a virtual machine. It is a separate, contained virtual environment where testing can occur safely. Sandboxing is a common malware detection technique: many anti-malware tools open and execute potentially malicious files in a sandbox to see what they do. Some client-side browser isolation products use sandboxes to keep web browsing activity safely contained within the sandbox.
Because client-side browser isolation involves loading potentially malicious content on the user’s device, it still risks users and networks. Physical separation of harmful code from the device is a core concept of the other types of browser isolation; client-side browser isolation does not have this separation.
What threats does browser isolation defend against?
All webpages and web apps comprise HTML, CSS, and JavaScript code. While HTML and CSS are markup languages, meaning they only provide formatting instructions, JavaScript is a complete programming language. JavaScript is beneficial for enabling many features in modern web applications. However, it can also be used maliciously. Malicious JavaScript is particularly dangerous because most web browsers automatically execute all JavaScript associated with a page.
Several different types of attacks are possible using JavaScript. Some of the most common include:
- Drive-by downloads: Simply loading a webpage initiates the download of a malicious payload. Drive-by downloads usually take advantage of an unpatched vulnerability in a browser.
- Malvertising: Malicious code is injected into legitimate ad networks. When the malicious ads are displayed, the code executes, usually with the result that visitors are redirected to malicious websites. Because legitimate ad networks are the ones unintentionally distributing the malicious code, malvertising can compromise even legitimate, highly trafficked websites.
- Click-jacking: A webpage is designed to fool users into clicking on something they did not intend to. Click-jacking can generate fake ad revenue, send a user to an unsafe website, or even initiate a malware download.
Some other common in-browser attacks (that may or may not involve JavaScript) include:
- Redirect attacks: A user attempts to load a legitimate URL but is then redirected to a URL controlled by an attacker.
- On-path browser attacks: An on-path attacker exploits browser vulnerabilities to compromise a user’s browser. At this point, they can alter the web content shown to the user or even impersonate the user.
- Cross-site scripting: Malicious code is injected into a website or web app. This allows attackers to carry out various malicious activities, including stealing session cookies or login tokens and impersonating legitimate users.
How does browser isolation protect against these attacks?
By isolating browser sessions in a controlled environment, malicious content and code are kept off user devices and away from the organization’s network. For example, a drive-by download attack would not affect a user within an organization that uses browser isolation. The download would take place on a remote server or in a sandbox and be destroyed at the end of the browsing session.
How does browser isolation fit into a Zero Trust security architecture?
Zero Trust is an approach to information security in which no user, web traffic, application, or device is trusted by default. A zero-trust security model assumes that even though a user has safely loaded a website 99 times, the website might be compromised for the 100th time. Browser isolation is one way to implement this assumption in practice.
