Threats

The Internet is the de facto essential tool for organizations to succeed and remain competitive in the modern digital business landscape. It has revolutionized the way businesses operate, from marketing and customer engagement to supply chain management and data analysis. It's a legitimate question to ask whether any business could survive without it.

At the center of all the hype, web applications have revolutionized the way businesses operate and in doing so, focused an increasing amount of dependency on the Internet browser. The browser is arguably the most fundamentally important software application in day-to-day operations, replacing many other stand-alone apps such as email clients, office productivity suites, and project management tools. 

In today's blog, our team of ethical hackers explores browser isolation for defensive security, the concept of remote browser isolation, and browser-related FAQs.

The Numbers Are In: Browsers Are An Unavoidable Cyber Weakness

Web applications offer several advantages including rich functionality, scalability, and cross-device support, and provide easy access to collaboration and software budget cost savings by centralizing software development into the web standard. However, increased dependency on the web for business operations also places the need for browser security in sharp focus. 

The browser is now a single critical point of failure, offering cyber attackers almost certain visibility into an organization's IT infrastructure. Almost every business is using a major browser: attackers know this, and this allows them to craft targeted attacks.

Although Google employs the Project Zero and bug bounty program, which paid out approximately $12 million USD in 2022 for the responsible disclosure of vulnerabilities in its Chrome browser, there still continues to be a fairly reliable and steady flow of new vulnerabilities. In 2021 and 2022 Google Chrome has been assigned almost 300 CVEs with a CVSS score of over 6. Furthermore, it's reasonable to assume that some vulnerabilities in major browsers such as Google Chrome are never publicly disclosed but instead used covertly by advanced APT groups and nation-state military cyber espionage programs.

In short, the IT landscape seems to indicate that when there is enough motivation vulnerabilities can be found.

How Browser Isolation Can Help

Browser isolation is a security technique that aims to improve endpoint and network cybersecurity by isolating web browsing activities in a secure environment to improve protection against malware and some types of phishing attacks.

Browser isolation is a set of tactics to create a barrier between the user's endpoint and the host system to prevent malware from entering the user's endpoint and internal network. Essentially, browser isolation runs the web browser in a sandboxed environment, isolated from the underlying operating system and hardware. The sandboxed environment prevents all code that belongs to the website from executing on the endpoint.

Now that we understand the problem, let's examine the options available for protecting our valuable assets from browser escape:

#1: Managed Remote Browser Isolation

Remote browser isolation involves running the web browser on a remote server such as a cloud VPS, rather than on the end-user's device. When a user requests a web page, the browser session is created on the remote server, and the visual display is relayed to the user's device allowing them to interact as though the website was loaded in their local browser. However, all software execution associated with the website interactions is performed on the remote server, and the results are sent back to the user's device. 

One major technology that supports visualization of remote software program execution is X11, a widely used protocol for graphical user interfaces in Unix and Linux systems that displays graphical elements such as windows, buttons, and icons. Remote browser isolation security can be increased by using a secure baseline system image to ensure that even if the remotely isolated browser is compromised, the VPS image is destroyed and a fresh secure one is deployed periodically such as every 24 hours.

As a managed solution, an organization can purchase a browser isolation service from a managed service provider (MSP). 

#2: In-House On-Premise Browser Isolation

In-house on-premise browser isolation involves running the web browser on a dedicated server within the organization's network and using the organization's own IT staff to implement and support the solution.

This approach is similar to remote browser isolation, but the server is located on-premise rather than in the cloud. On-premise browser isolation can improve performance over remote browser isolation and can also ensure that an organization's browsing history and downloaded file content, session keys, cookies, and other sensitive information do not leave the premises and is not open to analysis by a third party such as an MSP.

The major downside to on-prem browser isolation is that it demands significant expertise and IT resources to manage and maintain.

#3: Client-Side Browser Isolation

Client-side browser isolation runs the web browser in a sandboxed environment on the user's device but isolated from the host operating system. This can create a software barrier to mitigate browser escape or other malware from infecting the underlying host, gaining a foothold on the victim's network, and compromising additional assets.

Client-side browser isolation would typically be achieved using a virtual machine hypervisor to load the browser as a sandboxed virtual appliance. This approach is less resource-intensive than remote or on-premise browser isolation, but it may be less effective against advanced threats since the sandboxed environment itself could be detected and attacked to exploit the sandbox and gain a foothold on the network.

As with other types of browser isolation, using a secure baseline and periodically refreshing the sandboxed environment to a known secure state can help mitigate the risk of sandbox escape to the end user's host device. 

Browser Isolation FAQs

"What is meant by browser isolation?"

Remote browser isolation (also known as RBI) is a web security technology that neutralizes online threats by hosting users' web browsing sessions on a remote server, rather than relying on the user's endpoint device.

"Should I turn on isolated browsing?"

Yes. Browser isolation helps mitigate the risk of phishing attacks, since all web-based emails and other forms of messaging are rendered harmless via a remote server. Since the bulk of cyberattacks is due to human error, this will work to further protect your remote or hybrid employees from potential browser-related threats.

"What are the key benefits of browser isolation?"

Browser isolation works to provide straightforward and effective malware protection during day-to-day browsing. It accomplishes this by eliminating the opportunity for malware to access the end user's business device.

Conclusion

The Internet has become an indispensable part of modern business operations, and the browser has emerged as the most critical business software application. However, browsers have become a critical entry point to the corporate network.

By isolating web browsing activities from the underlying operating system and hardware, browser isolation can help prevent web-based threats such as malware, and some types of phishing attacks from infecting endpoints on the network. 

Remote browser isolation, on-premise browser isolation, and client-side browser isolation are the three main types of browser isolation solutions that organizations can use to protect their sensitive data, improve their IT security, and enhance their overall cyber maturity.

Ready to leverage the benefits of browser isolation for defensive security? Reach out to our team today to get the needle moving.