With the active growth of telecommuting this year, organizations are suffering more often than in the past from browser-based attacks targeting remote employees.
To protect themselves from online threats, organizations used to filter incoming traffic or block access to suspicious websites. But those measures aren’t effective when you need protection against zero day attacks. Remote browser isolation (RBI) is the next step for providing such protection. It moves internet browsing to an isolated environment, securing the user endpoint.
In this article, we discuss how RBI secures an internet user from cyberattacks, the types of RBI solutions, must-have features, and challenges to consider during development.
The increasing threat of web-based attacks
The number of web-based attacks is growing precipitously as more and more daily user activities go online. In 2019, the number of web application attacks increased by 52% compared to 2018, according to the 2020 Sonicwall Cyber Threat Report [PDF]. In 2020, cybersecurity experts note a further increase in such attacks because of the global switch to remote work during the COVID-19 pandemic.
Web-based attacks expose organizations to two major threat sources: browser-based malware and phishing attacks.
Browser-based attacks occur when hackers inject a piece of malicious code into website components or files. This code leverages browser vulnerabilities or user mistakes to deliver malware, intercept traffic, or gain access to the user endpoint. As a result, attackers can:
- infect a user’s device with malware
- steal or encrypt sensitive data
- abuse computational resources
- compromise the enterprise network and other devices connected to it
Phishing is a social engineering technique aimed at obtaining sensitive information (personal data, credentials, credit card details, etc.) and using it to gain access to private or corporate resources. In a phishing attack, attackers communicate with users while pretending to be a trusted entity (for example, a social network, bank, or colleague), lead users to a phishing site, and motivate them to input sensitive data.
Does this mean that browser-based and phishing attacks are unstoppable? Not at all. Remote browser isolation (RBI), or zero trust browsing, is an emerging technology that protects users from web-based threats. Let’s investigate what remote browser isolation is and how it works.
What is RBI and how does it work?
Browser isolation is a virtualization technology that moves browser execution from a user’s device to a secured environment — locally on the user’s device or remotely in the cloud (RBI). This way, browser activity is isolated from the user, preventing any attempts at malware infection via web-based attacks.
Browser isolation takes a fundamentally different approach to web security compared to traditional cybersecurity solutions. Usually, a security solution needs a list of known attacks and suspicious activities so it can recognize threatening web content and block access to it. Web isolation technology secures any web content inside the remote endpoint, sanitizes it, and sends safe content to the user’s local browser. As a result, the user gets access to content while being protected even against zero day attacks.
This security technology is especially useful for protecting employees that work with highly sensitive data like government, medical, banking, or military records.
By 2022, 25% of enterprises will adopt browser isolation techniques for some high-risk users and use cases, up from less than 1% in 2017.
Through 2022, organizations that isolate high-risk internet browsing and access to URLs in email will experience a 70% reduction in attacks that compromise end-user systems.
Gartner, Inc. report (subscription required)
As we mentioned above, a browser can be isolated from the user in two ways:
- Locally, or by client-side browser isolation. This moves browser execution to a virtual machine or sandbox (app-level or OS-level) created on the user endpoint or an on-premises server. This type of isolation can’t be considered totally secure because the browser is still executed on the user’s device. It’s possible for an attacker to break out of isolation and access the user’s local files and networks.
- Remotely, or by server-side browser isolation. Remote browser isolation moves the browsing to a remote server. Server-side isolation provides a higher level of security because it uses a remote server or cloud service as an intermediary between the user’s device and web content. In case of an attack, the hacker will break out of the isolation and reach the remote browser, not the user endpoint.
An RBI architecture is usually based on virtualization or containerization. Solutions that employ centralized virtualization are more demanding on server resources. To initiate one browser, each virtual machine (VM) needs to run a full copy of the operating system and a virtual copy of all the hardware that the operating system needs. Containerization technology is much more efficient. With containerization, an RBI solution needs to run one operating system and an RBI program without the necessity to emulate hardware. A browser running in a container requires up to 10 times less server infrastructure than one using virtualization. Also, the distributed nature of containers makes RBI more reliable: if attackers breach one containerized browser, there’s no way they can reach another container.
Regardless of the choice of technology, there are two types of architecture for RBI solutions:
- Pixel pushing — This technology is similar to a remote desktop or Virtual Network Computing. It captures events in the user’s browser (clicks, mouse movements, keystrokes, etc.), transmits them to a remote browser, and returns a response in the form of a series of screenshots or a video stream. In this way, the user’s endpoint doesn’t receive any web application code and the user interacts only with images or video renders.
- Document Object Model (DOM) reconstruction — This technology sanitizes the HTML or CSS code of a web application from threats on a remote endpoint and then forwards clean code to the user’s endpoint. If an RBI solution detects a piece of suspicious code, it deletes it. Some RBI solutions consider all pieces of dynamic code as potentially harmful and delete them. After sanitization, the RBI solution sends static web page code to the user’s local browser and the page is rendered on the client side.
For a user, RBI works this way:
- The user connects and authenticates in a remote browser isolation service.
- The RBI service creates a virtual instance and provides the user with access to a remote browser.
- The user interacts with web content as usual via the local browser.
- The remote browser passes the web content (in the form of a video stream or sanitized HTML code) to the user’s local browser.
- When the user session ends, the instance that contains the remote browser is terminated.
RBI this type of solution provides organizations with lots of cybersecurity improvements. Let’s take a look at the key benefits of remote browser isolation technology.
Advantages of RBI solutions
Remote browser isolation is a new yet promising cybersecurity technology. Implementing an RBI solution provides organizations with these advantages:
- Web-based zero day attack prevention. Traditional cybersecurity solutions like firewalls and antivirus software can stop suspicious or harmful web activity only if they detect markers of known attacks. RBI solutions provide more reliable security because they can also block zero-day browser-based attacks. Since all browsing activity is isolated in the remote instance and the user interacts with mirrored or sanitized content, there’s no way a hacker can infect a user endpoint.
- Ability to protect from phishing attacks. When a user clicks on a phishing email or file, an RBI solution displays the sanitized email text, scans the attached files, and isolates the phishing web page if an email contains a URL to a malicious website. In this way, the user’s interaction with phishing websites is completely secured.
- Deterrence from exfiltration of confidential data. System administrators can change RBI settings to display suspicious URLs in read-only mode. This allows users to access such web pages but doesn’t allow them to input any credentials. Alternatively, administrators can allow users to access only trusted websites.
- Isolated sanitizing of downloaded files. If a user wants to download a file, it’s also isolated in the remote instance. RBI systems provide tools for reviewing this content remotely (e.g. PDF or image viewers). If the software can’t read the downloaded file, it sanitizes the content on a remote server and sends it to the user’s endpoint. In this way, an RBI solution reduces the risk of downloading malicious and suspicious files.
- Detailed user activity logs. An RBI system logs all events on the remote instance and the communication with end users. If an attack or security violation happens, system administrators can review those logs to get a clear understanding of the cybersecurity incident, report on it, suggest security improvements to prevent similar issues, collect data for forensic activities, etc.
- Safe access to risky content. An RBI system allows users to access any websites and download data they need while neutralizing threats. This approach doesn’t disrupt web browsing; meanwhile, other security solutions like antivirus or firewall software will block any access to a website if they detect a threat.
To ensure the benefits listed above, an RBI solution requires a certain set of features. In the next section, you’ll learn about the capabilities necessary for an RBI system to provide a sufficient level of security.
Key functionality of an RBI solution
Regardless of the type of isolation, an RBI solution needs a specific set of functionality to ensure secure internet browsing. There are eight basic components of an RBI solution that ensure remote browser isolation and security:
- User authentication. Before creating an isolated browser instance, an RBI solution needs to authenticate the user connecting to it. After that, the solution loads the user’s profile permissions, settings, and preferences. Some solutions cache authentication data so users don’t need to provide credentials each time they connect.
- Instance management. When a user initiates a session, an RBI solution creates an isolated instance to run a browser and connects the user to it. Depending on the RBI architecture, this instance may be a virtual machine, a container, a sandbox, or something else. When the RBI solution detects a threat, the instance tries to eliminate it. If the instance has been compromised, the RBI shuts it down and launches a new one with all the tabs opened during the session. When the user ends the session, the RBI solution shuts down the corresponding instance.
- User session management. During the session, the RBI system processes user requests and passes them to the instance, collects data on the session (duration, opened URLs, browser cache), and saves the data after session termination.
- Web content mirroring. An RBI system’s core functionality is streaming browser data from a remote browser to a user’s local endpoint. An RBI system needs to process user events (keystrokes, scrolling, mouse clicks, etc.), match them with the corresponding web page elements, detect changes open tabs, and send them to the user in the form of video or a sanitized web page. Also, a remote browser has to support browsing functionality, plug-ins, and SaaS applications.
- Cybersecurity policies. These policies allow an organization’s security officers to whitelist trusted web applications and types of content that can be rendered on local devices. Security officers can also specify users who can access particular types of web content or URLs. Such policies help security officers efficiently manage RBI and local network resources.
- Threat detection. During the session, an RBI solution applies a zero trust approach to each instance and monitors it for possible threats and suspicious activity. When the RBI solution detects a threat, it sanitizes the web content and sends the sanitized content to the user endpoint.
- Load balancing. Constant content mirroring puts a heavy load on the user’s bandwidth and a remote instance. RBI solutions must balance the load on those components by compressing data sent to the user’s device, creating additional instances if the original instance is overloaded (e.g. if the user opens too many tabs), and reducing the quality of video and audio content. This functionality helps to optimize RBI performance and the user experience.
- Multi-tenancy support. Multi-tenancy allows an RBI solution to ensure high availability for users all around the world, improve load and bandwidth management, and increase scaling capabilities.
- User data storage. If a user downloads files during the remote session, an RBI solution needs to scan them for possible threats and sanitize them before sending them to the user endpoint. An RBI solution should also store data on uploads, viewed documents, session cache, and user settings. Additionally, it has to provide remote viewing of downloaded files.
- Agentless cross-platform browsing. To minimize the number of security threats, it’s best to develop agentless RBI software. This software needs to support all popular operating systems (both for PC and mobile platforms) and browsers to ensure the best user experience.
The set of features listed above allows an RBI solution to ensure comfortable and secure browsing and is particularly useful for companies that work with highly sensitive data. However, it’s not a perfect solution. Let’s take a look at the key challenges of RBI and ways to overcome them.
Overcoming the challenges of RBI implementations
RBI technology has several limitations that you need to take into account:
- High costs of server-side RBI. True remote isolation requires remote servers that support thousands of virtual environments and can perform well under heavy loads. Building and supporting such an infrastructure is expensive, especially if RBI is based on virtualization technologies. Containerization greatly reduces the maintenance cost of an RBI solution because it takes fewer resources to run a container than to run a virtual machine.
- Poor scalability. The more users an RBI solution has, the harder it is to manage and orchestrate all remote sessions. Scalability issues are caused by the centralized architecture of virtualization technologies used in RBI development and the growing need for hardware to build remote servers. Partially, this limitation can be overcomed by choosing a decentralized architecture during RBI development.
- Poor user experience (UX). Both pixel pushing and DOM reconstruction technologies influence the UX.
- With pixel pushing, a user can experience delays since streaming video and audio content can be time-lagged. Also, the video displayed on the user endpoint may be blurry because the web content is streamed in a resolution set on the remote instance. System administrators can improve the UX by carefully adjusting the RBI system to the capabilities of an organization’s network and hardware.
- DOM reconstruction deletes all suspicious or dynamic code from a web page, meaning a user might not receive important blocks of the page. It’s possible to whitelist safe web apps to reduce the risk of losing important information.
- High requirements for internet bandwidth and user hardware. An RBI solution needs a lot of resources to flawlessly stream remote browser sessions. For pixel pushing, it requires broad and stable bandwidth to video stream sessions without delays and in high quality. DOM reconstruction puts an additional load on the user’s device, as it has to render web pages from the content that a remote browser sends to it. However, a custom solution developed with possible limitations and load balancing in mind won’t put a lot of additional stress on an organization’s resources.
- Possible compromise of virtualization technologies. Isolating web content and all threats related to it on RBI servers ensures the security of enterprise endpoints and networks. But the compromise of those remote servers means the loss of isolation for RBI clients. Depending on an organization’s security policies, its users will either reconnect to an uncompromised server or lose the ability to securely browse. There’s no way to guarantee the complete protection of remote servers, but leveraging cybersecurity best practices helps to minimize the risks.
The limitations listed above stop RBI from being a one-size-fits-all solution. When developing such a solution, developers have to carefully balance the loads, taking into account the limitations of the technology and a particular client’s request.
Is RBI enough for all-round protection?
RBI solutions provide a solid defense against web-based attacks, but they aren’t enough to guarantee maximum security for corporate data and networks. Implementing RBI technology doesn’t replace the need for other common cybersecurity solutions, but it can complement and enhance them.
To broaden the protection layer for users and organizations, you can combine RBI with the following security approaches and technologies:
- Zero trust networks — This cybersecurity approach treats all devices as untrusted, even if they’re connected to the enterprise network and have already been verified. A device can connect to another device, application, or network only after it’s identified and its user is authenticated. If identification or authentication fails, the device is isolated from the network.
RBI enforces the zero trust approach to web browsing. Applying it to internal networks and resources protects an organization from both internal and external threats.
- Software defined perimeter (SDP) — In our previous article, we’ve already mentioned various software defined perimeter benefits. This approach creates a “black cloud” over the enterprise network and resources for all unauthenticated devices. To access a resource inside the SDP, a user and device need to be authenticated using a multi-factor token. After that, the device can access only the requested resource. To access other resources and apps, the user and device need to authenticate themselves once again.
RBI complements SDP the same way it works with zero trust networks: by securing external connections while SPD protects internal activities.
- User behavior analytics (UBA) — This technology detects suspicious user activity by analyzing logs of normal user behavior, establishing a baseline, and spotting unusual user actions. User behavior analytics solutions are usually based on artificial intelligence algorithms or statistical analysis. This technology is especially effective for detecting insider threats and targeted attacks that involve theft of user credentials.
One of RBI’s advantages is the collection of detailed logs on user activity: access to and interactions with websites, downloads, inputted information, etc. These logs can provide a basis for UBA solutions.
Browser-based threats like phishing, credential theft, and web-based attacks are getting more and more widespread. They target both private users and large organizations, stealing and corrupting their sensitive data.
Remote browser isolation technology moves browser execution from a user’s device to a remote endpoint, isolating any possible threats. In this way, RBI provides solid protection against web-based threats for an organization’s data, devices, and networks. This technology provides companies with many cybersecurity benefits. It also brings several challenges that RBI developers need to take into account.
To gain maximum benefits and avoid the limitations of RBI, such a solution has to be adjusted to a company’s needs. Or even better — designed and developed specifically for a certain organization.
At Apriorit, we have a team of cybersecurity experts that know all the pitfalls of RBI development alongside other types of cybersecurity solutions. Contact us to start discussing how you can isolate your web browsing security risks!