3 Perspectives on Browser Isolation

Tal Zamir
August 20, 2019
browser isolation

Isolation is an increasingly popular endpoint security strategy, and with good reason. It reduces risk by separating endpoint attack vectors from cyber criminals. Browser isolation is one of several isolation approaches. (Application, virtual and physical air gaps and virtual desktop infrastructure/VDI are others). Its concept is simple: move Internet activity away from a company’s local networks and infrastructure. Instead, users access the web via a browser application running on a locked-down virtual machine in the cloud. 

Here’s a look at how cyber attackers, users, and IT administrators view the pros and cons of browser isolation.


No doubt about it, the web is one of the main ways attackers distribute malware and gain entry into the endpoint. Browser isolation eliminates this path by blocking malicious web content. But it leaves other vectors completely exposed. Cyber criminals can easily trick users into downloading and running malware from email, for example. In fact, some studies show that 92% of malware is delivered this way. Attackers can also target the end-users’ OS directly, other applications, external hardware like USBs, and browsers that aren’t covered by the remote browsing solution.  


As anyone who has been blocked from accessing the web knows, job productivity and satisfaction can take a massive hit. So having open web access with security is a big plus for end-users. That’s not to say there aren’t frustrations associated with browser isolation. Performance suffers because every time you open a browser, it first has to hop through the isolation application. Reliability can also be a problem, particularly when the application isn’t keeping pace with browser updates. You never know when you’ll run into websites and web services that simply won’t work with it.


IT administrators love that browser isolation applications are easy to deploy. But its simple implementation is offset by the burden of having to mitigate all those compatibility issues, handle additional attack surfaces and deal with personal traffic. For instance, if a user is at home browsing YouTube videos, all of that traffic would go through the browser isolation service. This raises privacy, liability and cost concerns as the organization pays for every MB of traffic going through that service.


Web-based attacks aren’t going away any time soon – or at all. Blocking them with browser isolation is a good start. But it only solves a small part of the endpoint security problem. There are too many other ways to infiltrate the endpoint. 

Learn how Hysolate extends browser isolation all the way down to the endpoint. Request a demo with a specialist to see for yourself.

Tal Zamir

Tal is a 20-year software industry leader with a track record of solving urgent business challenges by reimagining how technology works. An entrepreneur at heart, he has pioneered multiple breakthrough cybersecurity and virtualization products. Before founding Hysolate, Tal incubated next-gen end-user computing products in the CTO office at VMware. Earlier, he was part of the leadership team at Wanova, a desktop virtualization startup acquired by VMware. Tal began his career in an elite IDF technology unit, leading mission-critical cybersecurity projects that won the prestigious Israeli Defense Award. He holds multiple US patents as well as an M.Sc. degree in Computer Science, and the honor of valedictorian, from the Technion.