Browser isolation is a cybersecurity model that physically isolates an internet user’s browsing activity away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal; effective isolation of the web browser and a user’s browsing activity as a method of securing web browsers from browser-based security exploits, as well as web-borne threats such as ransomware and other malware.
Web browsers are often targets of attackers and a weak link in the security chain because they can run scripts outside of the view of our antivirus and anti-malware products, silently allowing access deeper into the system. Another reason the browser is risky is that sensitive items such as passwords may be sent (or even stored) in clear text. Yes, the web browser is a critical communication tool but also a risk.
Browser isolation techniques take the browser off the desktop and move the experience to either a virtual server in your own data center or to a cloud virtual server, where the user is presented with a browser that is physically and logically separate from their desktop workstation. The browser is then destroyed after use, and if the same or another user browses again a brand new browser is spawned. This protects the end points inside of your organization. This is referred to as ‘server-side isolation’.
Another approach is called “client-side isolation”. These products attempt to isolate the browser directly on the user’s workstation by using software isolation techniques. You do not need a server and the experience has less potential for latency, however there is more risk in that you are relying on software to function correctly and not be exploitable instead of an actual physical separation.
Do you need to include browser isolation and if so what is the best approach for your business? Always this begins with knowing your organization’s security posture and obligations. Browser isolation maybe very important if your users spend a lot of time on the internet or there are few controls on your user’s internet access. Another key benefit is the ability to standardize and optimize the browser experience. A full review of the current security of the business and a review of the priorities should always be done prior to investing in any new tool. The best approach to browser isolation for your business also is a variable that depends on your current infrastructure, and your internal team’s capacity and bandwidth.
Browser isolation is another tool available to you in your defense in depth approach layering security controls, the more mature your program becomes the more tools you need in your belt. Browser isolation may be that next level.