What is Remote Browser Isolation? Definition & Examples

Remote browser isolation is an answer to the evolution of work. By the end of 2023, Gartner forecasts that four in 10 knowledge workers globally will work in a hybrid arrangement. In an age when the Internet serves as the corporate office, and hybrid workforces are becoming the norm, organizations face challenges balancing security and productivity. IT teams must protect an attack surface that extends to wherever work gets done, while still providing a positive experience that doesn’t burden users with restrictive policies.

Remote browser isolation protects employees without disrupting their online activity, balancing the need for productivity and security. Remote browser isolation addresses key trends and evolutions in the threat landscape, which are listed below.

Mobile device use

Globally, users check approximately 43% of their emails on a mobile device, reflecting the convenience and flexibility afforded by these technologies. Yet with the benefits of convenience and flexibility come significant security concerns. Smaller interfaces and the tendency to use mobile devices while in transit can make it more difficult for users to carefully inspect emails. These factors increase cyber risk and offset the value of user awareness training. And that’s a considerable liability when acknowledging that email is the #1 vector for cyberattacks and the leading source of compromise.

A global survey of executives by PwC found that senior leaders expressed more concern over mobile-based threats than any other attack vector. And their fears are warranted. Nearly one in every two organizations experienced a mobile device-related compromise in 2021, according to Verizon’s Mobile Security Index. Among those that did, 73% described their incident as major. More than half of all respondents in Verizon’s study claimed to sacrifice mobile security for productivity.

Web-based attacks and vulnerabilities

Along with email, web-based attacks are a top channel for cyberthreats. Web-based vulnerabilities are persistent and growing cause of security incidents, as they create opportunities for threat actors to exploit potential victims. The Verizon Data Breach Investigations Report 2023 found that exploiting vulnerabilities is the third most common attack vector, trailing only stolen credentials and phishing. Most of these exploits targeted web applications.

Meanwhile, Edgescan found that 1 in 10 web application vulnerabilities in 2022 were deemed High or Critical Risk. High Risk vulnerabilities call for review and remediation as soon as possible, while Critical Vulnerabilities require immediate attention. For vulnerabilities falling into the latter camp, Edgescan found that the Mean Time to Remediation (MTTR) was 65 days—a period four times longer than the estimated amount a hacker would need to exploit it on average.

In countries like France, web-based attacks are especially common. Exploitation of a vulnerability accounts for the second highest volume of cyberattacks, followed by indirect bounce attacks and denial of service (DNS) attacks.

And web-based vulnerabilities aren’t the only aspect that makes web-based attacks attractive to hackers. Websites provide effective vehicles for delivering malicious payloads and harvesting sensitive information. Phishing emails, the leading cause of initial compromise among all cyberthreats, typically redirect intended targets to malicious webpages where a compromise occurs.

Remote browser isolation provides extended protection for users’ web-based activities, including those that originate from email and take place on a mobile device. This illustrates its growing importance as a cybersecurity solution, offering a necessary layer of security.

How does remote browser isolation work?

Remote browser isolation protects local machines and servers by hosting browser activity on the remote cloud server of an remote browser isolation vendor. There are three types of remote browser isolation solutions, each with advantages and disadvantages.

Pixel pushing

The pixel pushing method transmits a video stream from the remote server to the local device. This stream simulates the interaction between the user and the browser as if occurring on the local machine. This enables users to browse unknown sites without risk of compromise to their endpoint.

Depending on the solution, pixel pushing may require significant bandwidth, which can make it prohibitive from a cost and scale perspective. The high-bandwidth requirements may also make it difficult to use on mobile devices.

Document Object Model (DOM) reconstruction

DOM reconstruction attempts to remove malicious content from webpages before reconstructing them and delivering a “clean” version to the local machine.

While this solution may reduce the cost and latency issues of pixel pushing, it also tends to result in security and usability issues. DOM reconstruction can’t protect every possible vulnerability. It also can break webpages by removing elements.

Network Vector Rendering (NVR)

NVR relies on Skia, the graphics library used by some browsers and applications. Instead of streaming video content, NVR streams encrypted Skia commands to the local endpoint.

Like DOM reconstruction, NVR reconstructs webpage content and doesn’t entirely isolate it from the local device. Because NVR uses partial web isolation, it can’t eliminate the risk of compromise.

What are alternatives to remote browser isolation?

There are several substitutes to remote browser isolation solutions. They include:

Signature and reputation-based solutions – These use signature technology and reputation lists to differentiate between legitimate and malicious content. They analyze the signatures of data files and executables, as well as the reputation of URLs and DNS addresses based on recorded information. These solutions include secure web gateways (an intermediary between the endpoint and website or application), antivirus software, and firewalls.
Local browser isolation – This solution loads the webpage on the local endpoint and isolates browsing activity on a virtual machine. Because the hosting occurs locally, it leaves the endpoint at risk of compromise in the event of an isolation failure.
On-premise browser isolation – Similar to remote browser isolation, the browsing activity is isolated on a remote server. In this case, however, the server is located onsite and managed internally by the organization. This solution can be costly and leave local endpoints and networks at risk.

What threats does remote browser isolation protect against?

Remote browser isolation protects against a variety of browser-based attacks. Some common threats include:

Click-jacking – Via JavaScript, hackers design webpages to obfuscate malicious elements with seemingly legitimate features designed to attract clicks. Click-jacking can trick users into downloading malware, visiting phishing sites, and more.
Cross-site scripting (XSS) – Malicious code is injected into a trusted website or application for nefarious purposes. XSS attacks can steal session cookies, log keystrokes, redirect users to malicious sites, and more.
Drive-by downloads - Malicious code automatically downloads onto a user’s device when they visit a webpage. Drive-by download attacks may result in credential harvesting, malware infection, and other threats. These attacks typically exploit browser vulnerabilities.
Man-in-the-middle (MiTM) attacks – Attackers intercept or relay communications between the user and a legitimate website. MiTM attacks can steal session cookies, authentication codes, user credentials, and more.
Phishing attacks – Phishing attacks take a variety of forms. Most commonly, phishing emails lure users to illegitimate sites to harvest credentials, download malware, and more.
Redirect attacks – Users attempting to access a legitimate site are redirected to a malicious one controlled by hackers.

Remote Browser Isolation (RBI)

Table of Contents