Island
island
Rethinking Remote Browser Isolation (RBI)
Rethinking Remote Browser Isolation (RBI)
Let's explore the limitations of Remote Browser Isolation (RBI) technology, the issues users face when using it, and why.
Tad Johnson, Product Marketing Manager
Many companies place great importance on educating users to minimize risky behavior, and while this is extremely important, even proper education cannot prevent all of today's advanced threats.
Web browsers are typically built to execute third-party code directly on the endpoint, and most of this code execution on applications occurs without validation, making it a popular target for attackers.
Remote Browser Isolation helps protect users from such attacks by hardening existing proxy resources.
What is Remote Browser Isolation?
Remote Browser Isolation (RBI) is a technology that isolates web browsing activity from endpoint devices, significantly reducing the attack surface from malicious links and files. The technology aims to physically isolate users' web browsing activity and the associated cyber risks from local networks and infrastructure.
The idea behind RBI is to force unclassified or untrusted web traffic to be executed remotely in a virtualized cloud environment. When a user interacts with web content, the site they connect to is rendered in their browser via a video stream (often HTML5), which in principle protects users from malicious content.
How Remote Browser Isolation Works
Securing web access typically begins with gateway security, or proxies, for many organizations. While this has traditionally been a practical approach, the rise of encrypted traffic (SSL) and advanced threats such as browser code injection have meant that existing proxies and SASE solutions are no longer able to adequately protect end users. This has led to increased attacks targeting users' traditional browsers.
Rather than rendering web content directly on the user's device, RBI performs the rendering in a remote, isolated environment.
Common isolated environments include cloud servers and virtual machines, which can prevent malicious code from interacting with user devices and local networks.
A brief overview of the RBI process:
- User clicks on a link or opens a web page
- The link or web page is sent to a remote server
- The remote server renders and executes the web content.
- The remote server sends a pixel-based stream of the web page to the user's device.
- Users view web pages and interact with them as if they were running on their device
Why Enterprises Use Remote Browser Isolation
Phishing, malware, ransomware, and many other threats often begin with web-based communications. Consumer browsers like Edge and Google Chrome are not equipped to protect against these threats, so organizations must deploy security products and layer controls around the web browser to protect against these threats, including RBI.
By preventing malicious code from running directly on user devices, RBI significantly reduces the risk of malware infection and data breaches, protecting against zero-day attacks while reducing the burden on IT and improving productivity.
However, this measure has inherent drawbacks.
Disadvantages of Remote Browser Isolation
On the surface, RBI, which enforces potentially dangerous web content for users, seems like a valid protection strategy. However, this approach comes with challenges.
Issue 1: Poor User Experience
In the first place, we cannot route all user traffic through RBI because it would be untenable for everyday use due to user experience and performance issues such as latency and session drops. Rendering content remotely and streaming it to users introduces latency and visual defects such as distortion.
Challenge 2: Limited range of defense
Due to the aforementioned operational challenges, RBI is used in limited circumstances, such as when content needs to be isolated from potentially malicious web content on untrusted sites. This means that only a small percentage of traffic (typically 1-2%) initially passes through RBI technology. By reducing the scope of RBI involvement, organizations attempt to minimize the impact on end users.
Challenge 3: The attack surface is very large
Naturally, sites classified as file sharing, social media, etc. pose a significant risk. In these cases, web traffic does not pass through the RBI solution, but dangerous content still exists. Additionally, single-page applications (SPAs) and HTML5 canvas rendering are expected to run locally and do not pass through the RBI solution. In short, the attack surface is much larger than the area protected by RBI. These limitations call into question the value of the RBI investment.
Challenges of Remote Browser Isolation
The proliferation of web-based threats has led to increased interest in RBI technology, but RBI is a limited solution that only protects against specific techniques such as browser exploits and remote code injection.
In the world of cybersecurity, vendors often address high-profile issues and offer solutions that are limited to a small subset of the problem, as is the case with Remote Browser Isolation. The underlying problem is that consumer browsers are not designed to address the needs of the enterprise.
Remote Browser Isolation still struggles against common browser-based attacks
RBI is insufficient to counter the following common browser attack methods:
- phishing attack
- Data leakage
- Man-in-the-middle attacks
- Attacks targeting vulnerabilities in extensions
- Embedded malicious document content
- Tampering with localized browsers
- Man-in-the-browser attacks
In each of the above cases, RBI either does not protect against attacks or is only used for a portion of web traffic and therefore cannot provide complete protection.
Remote Browser Isolation Limitations
As mentioned above, RBI is most effective against web traffic destined for suspicious sites that are at risk of remote browser code injection attacks or that attempt to phish users using fake sites. However, RBI is less effective in the following cases:
- Securing SaaS and Internal Web Applications
- Contractor and third-party provisioning/protection
- Call Center Worker Governance
- Bring-Your-Own-Device Policy
- Privileged User Protection
These are the primary uses of web browsers. However, it's important to recognize that RBI can be largely ineffective against these targeted attack scenarios. First, the traffic required for these needs typically doesn't go through RBI. Furthermore, RBI was not designed to solve these challenges and does not have the functionality to address these key browsing-related use cases.
Self-protecting Enterprise Browser: An Alternative to RBI
What if a browser was built for business use? This is exactly the idea that Island had in mind when developing the industry's first enterprise browser.
Island Co-Founder and CTO Dan Amiga, inventor of Remote Browser Isolation, has extensive experience with browser technology and a deep understanding of its challenges. From the beginning, Island focused on providing the benefits of browser isolation without the need for the "remote" part.
The Enterprise Browser feature provides a smooth browsing experience while offering significantly higher security requirements than inconvenient RBI solutions, ensuring complete protection without negatively impacting the user experience.
How Enterprise Browsers Work
Island detects potentially malicious JavaScript from untrusted web destinations and dynamically blocks the execution of over a dozen APIs and modules, including WebRTC, WebGL, etc. Island also leverages several additional protections by enabling Arbitrary Code Guard, Control Flow Enforcement, and Control Flow Guard, each of which helps prevent direct injection of arbitrary code, even if it attempts to manipulate the Enterprise Browser's memory or execution flow.
By building Browser Isolation directly into the Enterprise Browser, Island eliminates the most dangerous areas of browser vulnerability and adds protection against exploits that target those vulnerabilities. As mentioned above, this doesn't just solve the problem when a threat indicator (potential threat) is detected, but rather addresses the underlying problem of advanced web threats. This alone prevents malicious code from executing directly within the browser, eliminating the need for a Remote Browser Isolation solution.
| feature | Island Enterprise Browser | Remote Browser Isolation |
| performance | Native browser performance | Performance degradation |
| Impact on user experience | Natural User Experience | Delays and session disconnections |
| Traffic Coverage | All traffic | 1-2% of traffic |
| Countermeasures against vulnerability attacks | Proactive, built-in vulnerability protection | Remote execution of content |
| Anti-phishing | Preventing domain misuse | Remotely render the site read-only for unclassified traffic |
| Password Manager | Integrated enterprise password manager | None (requires third-party services and extensions) |
| Man-in-the-middle attack protection | Complete man-in-the-middle attack protection | None |
| Man-in-the-Browser Protection | Complete Man-in-the-Browser Protection | None |
| Malware and Ransomware Protection | Upload and download file scanning blocks malicious payloads | Limited |
| Extension Protection | Complete Extension Control and Protection | None |
| Device Posture Support | Complete device posture assessment for policy-driven decision making | None |
| Document Separation | Isolation of localized documents with full file engagement | Rendering content in the cloud without engagement |
| Secure Storage | Built-in secure storage for complete file management | No secure storage |
| Last Mile Control | Full last-mile control for natural application protection and interaction | No last mile control |
| Industry Trends | future | past |
Inquiry/Document request
Macnica Island, Inc.
- TEL:045-476-2010
- E-mail:Island-sales-i@macnica.co.jp
Weekdays: 9:00-17:00