Browser isolation

Last updated

Browser isolation is a cybersecurity model which aims to physically isolate an internet user's browsing activity (and the associated cyber risks) away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal, effective isolation of the web browser and a user's browsing activity as a method of securing web browsers from browser-based security exploits, as well as web-borne threats such as ransomware and other malware. [1] When a browser isolation technology is delivered to its customers as a cloud hosted service, this is known as remote browser isolation (RBI), a model which enables organizations to deploy a browser isolation solution[ weasel words ] to their users without managing the associated server infrastructure. There are also client side approaches to browser isolation, [2] based on client-side hypervisors, which do not depend on servers in order to isolate their users browsing activity and the associated risks, instead the activity is virtually isolated on the local host machine. Client-side solutions break the security through physical isolation [3] model, but they do allow the user to avoid the server overhead costs associated with remote browser isolation solutions.

Contents

Mechanism

Browser isolation typically leverages virtualization or containerization technology to isolate the users web browsing activity away from the endpoint device - significantly reducing the attack surface for rogue links and files. Browser isolation is a way to isolate web browsing hosts and other high-risk behaviors away from mission-critical data and infrastructure. Browser isolation is a process to physically isolate a user's browsing activity away from local networks and infrastructure, isolating malware and browser based cyber-attacks in the process while still granting full access. [4]

Market

In 2017, the American research group Gartner identified remote browser (browser isolation) as one of the top technologies for security. [5] The same Gartner report also forecast that more than 50% of enterprises would actively begin to isolate their internet browsing to reduce the impact of cyber attacks over the coming three years.

According to Market Research Media, the remote browser isolation (RBI) market is forecast to reach $10 Billion by 2024, growing at CAGR 30% in the period 2019–2024. [6]

Comparison to other techniques

Unlike traditional web security approaches such as antivirus software and secure web gateways, [7] [8] browser isolation is a zero trust approach [9] which does not rely on filtering content based on known threat patterns or signatures. [10] Traditional approaches can't handle 0-day attacks [11] [12] [13] since the threat patterns are unknown. Rather, browser isolation approach treats all websites and other web content that has not been explicitly whitelisted as untrusted, and isolates them from the local device in a virtual environment such as a container or virtual machine.

Web-based files can be rendered remotely so that end users can access them within the browser, without downloading them. Alternatively, files can be sanitized within the virtual environment, using file cleansing technologies such as Content Disarm & Reconstruction (CDR), allowing for secure file downloads to the user device. [14]

Effectiveness

Typically browser isolation solutions provide their users with 'disposable' (non-persistent) browser environments, once the browsing session is closed or times out, the entire browser environment is reset to a known good state or simply discarded. [15] Any malicious code encountered during that session is thus prevented from reaching the endpoint or persisting within the network, regardless of whether any threat is detected. In this way, browser isolation proactively combats both known, unknown and zero-day threats, effectively complementing other security measures and contributing to a defense-in-depth, layered approach [16] to web security.

History

Browser isolation began as an evolution of the 'security through physical isolation' cybersecurity model and is also known as the air-gap model by security professionals, who have been physically isolating critical networks, users and infrastructures for cybersecurity purposes for decades. Although techniques to breach 'air-gapped' IT systems exist, they typically require physical access or close proximity to the air-gapped system in order to be effective. The use of an air-gap makes infiltration into systems from the public internet extremely difficult, if not impossible without physical access to the system . The first commercial browser isolation platforms [17] were leveraged by the National Nuclear Security Administration at Lawrence Livermore National Laboratory, Los Alamos National Laboratory and Sandia National Laboratories in 2009, when browser isolation platforms based on virtualization were used to deliver non-persistent virtual desktops to thousands of federal government users.

In June 2018, the Defense Information Systems Agency (DISA) announced a request for information for a "cloud-based internet isolation" solution as part of its endpoint security portfolio. [18] As the RFI puts it, "the service would redirect the act of internet browsing from the end user’s desktop into a remote server, external to the Department of Defense Information Network." At the time, the RFI was the largest known project for browser isolation, seeking "a cloud based service leveraging concurrent (simultaneous) use licenses at ~60% of the total user base (3.1 Million users)." [19]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Panda Security is a Spanish cybersecurity software company. Panda Security's core offering is an antivirus software and more recently has expanded into providing and developing cybersecurity software. This includes security products and services for both businesses and home users, as well as protection tools for systems, networks, emails, and other private information. Panda Security employs around 458 people.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

Webroot Inc. is an American privately-held cybersecurity software company that provides Internet security for consumers and businesses. The company was founded in Boulder, Colorado, US, and is now headquartered in Broomfield, Colorado, and has US operations in San Mateo and San Diego, and globally in Australia, Austria, Ireland, Japan and the United Kingdom.

Ceedo is a cybersecurity company based in Netanya, Israel. Ceedo uses software virtualization technologies to create application containers, claiming to eliminate or reduce endpoint security threats like viruses or ransomware.

Ericom Software, Inc. is a Closter, New Jersey-based company that provides web isolation and remote application access software to businesses.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.

Content Disarm & Reconstruction (CDR) is a computer security technology for removing potentially malicious code from files. Unlike malware analysis, CDR technology does not determine or detect malware's functionality but removes all file components that are not approved within the system's definitions and policies.

Cylance Inc., is an American software firm based in Irvine, California, that develops antivirus programs and other kinds of computer software that prevents viruses and malware.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing Security Analytics powered by AI.

Nyotron is an information-security company. It was established in 2009 by brothers Nir and Ofer Gaist. Nir Gaist is the CTO, and Sagit Manor became the CEO in 2017. The company is based in Santa Clara, CA, with an R&D office in Herzliya, Israel.

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" to mitigate malicious cyber threats.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.

Extended detection and response (XDR) is a cybersecurity technology that monitors and mitigates cyber security threats.

References

  1. Miller, Daniel. "Cyber Threats Give Rise to New Approach to Web Security" . Retrieved 23 January 2018.
  2. "Remote Browser Isolation Market". Secjuice Infosec Writers Guild. 28 June 2018. Retrieved 21 May 2019.
  3. "Security Isolation - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 21 May 2019.
  4. "How Does Browser Isolation Work?". Expert Insights. 19 September 2019. Retrieved 22 October 2020.
  5. "Gartner Identifies the Top Technologies for Security in 2017" . Retrieved 28 January 2018.
  6. "Browser as a Service Market Forecast 2019-2024". MarketAnalysis.com. 12 September 2018. Retrieved 17 May 2019.
  7. "secure Web gateway - Gartner IT Glossary". www.gartner.com. Retrieved 17 May 2019.
  8. "Secure Web Gateways Reviews". Gartner. Retrieved 17 May 2019.[ dead link ]
  9. Pratt, Mary K. (16 January 2018). "What is Zero Trust? A model for more effective security". CSO Online. Retrieved 21 May 2019.
  10. "Validating the Known: A Different Approach to Cybersecurity". www.idc.com. Archived from the original on 23 January 2018. Retrieved 3 April 2018.
  11. Goodin, Dan (30 November 2016). "Firefox 0-day in the wild is being used to attack Tor users". Ars Technica. Retrieved 17 May 2019.
  12. "Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly". The Hacker News — Cyber Security and Hacking News Website. Retrieved 17 May 2019.
  13. "Disclosing vulnerabilities to protect users across platforms". Google Online Security Blog. Retrieved 17 May 2019.
  14. Toreini, Ehsan (2019). "DOMtegrity: ensuring web page integrity against malicious browser extensions". International Journal of Information Security. 18 (6): 801–814. arXiv: 1905.12951 . doi:10.1007/s10207-019-00442-1. PMC   6777511 . PMID   31632229.
  15. "National Security Agency - Steps To Secure Browsing" (PDF). National Security Agency.
  16. "What is Browser Isolation? - Definition from Techopedia". Techopedia.com. 22 August 2018. Retrieved 22 May 2019.
  17. "tuCloud and Kaviza Sign Up Lawrence Livermore National Laboratory for Remote Managed Hosted Desktop Virtualization". Yahoo! News . Marketwire. 10 October 2010. Archived from the original on 2 March 2018. Retrieved 2 March 2018.
  18. "DOD wants to use 'internet isolation' to secure Pentagon networks". 5 June 2018.
  19. "SAM.gov | Home". sam.gov. Retrieved 3 June 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.