What Attackers Think About Your Cybersecurity Isolation Strategy

May 21, 2020

Isolation is something we’re becoming all too familiar with these days. However isolation is not a new concept, especially in the cybersecurity world.

Security professionals have been using isolation techniques to keep viruses at bay for years. The strategies have evolved over time, and today include virtual desktop infrastructure (VDI), app sandboxing, browser isolation, physical air gap, and virtual air gap. 

But, what’s the best technique? Hysolate recently published an ebook, Inside the Weakest Link, to explore popular isolation techniques from the perspective of an attacker, end user, and IT admin.

What Does the Attacker Think?

One of the best ways to evaluate isolation techniques is to look at them from the perspective of the attacker. The bad actor who wants to infect our endpoints, since they’re the gateway to a company’s most sensitive and valuable information. By understanding how strong of a roadblock the different technologies really are, and what hackers might do to get around them, you can make more informed decisions about the best options for your business.

What About the End-User’s Viewpoint?

Some cybersecurity isolation strategies put end-users at a disadvantage. For instance, they may impede productivity by introducing lag times, putting too much strain on computer resources, or causing end-users to do extra work. Unless your organization is willing to sacrifice productivity for security, you need to consider the impact of various isolation technologies on the knowledge workers who keep your business running. 

Don’t Forget the IT Folks

These are the people who need to implement and maintain the isolation solutions. Who have to field complaints from end-users if their applications aren’t responding fast enough, or at all. And who have to plug any holes resulting from security gaps. Clearly, their perspective needs to come into play when choosing an isolation approach. 

Cybersecurity Isolation Strategies At-a-Glance


  • VDI – VDI works by separating desktop images and apps from the user’s device. The images/apps reside on servers that, these days, are primarily in the cloud. Authorized users access VDI resources from their devices, which may be thin clients, full desktops, laptops, tablets or smartphones.


  • App Sandboxing – App Sandboxing contains threats coming from the sandboxed application to prevent them from affecting the operating system (OS). It completely blocks attackers who target an app that employs this technique. However, it doesn’t protect against vulnerabilities in other versions of the same app, the many unsupported applications, the underlying OS, middleware, malicious external hardware or networks.


  • Browser Isolation – This lets users access the web via a browser application running on a locked-down virtual machine or container in the cloud. Browser isolation does a great job at blocking malicious web content. But it leaves other vectors completely exposed.


  • Physical Air Gap – With these “Privileged Access Workstations” (PAW), the end user has one physical machine that is dedicated to sensitive tasks and is locked down, and another device for corporate tasks. Did you know, over the course of a week, shifting between workstations can add up to five hours of lost productivity.
  • Virtual Air Gap – Virtual air gap uses a single physical machine to deliver the same level of endpoint security as physical air gaps. It works by splitting an end-user device into multiple, fully isolated virtual OS environments. Everything an end-user does happens in segregated, local OSes that run side-by-side—for example, one that’s locked-down and restricted to sensitive resources, and another that’s unlocked and used for day-to-day work.

Virtual air gap approaches like Hysolate’s block cybercriminals from taking over the endpoint device and accessing sensitive resources. 

To learn more about attackers’, end-users’, and IT teams’ perspectives on the five cybersecurity isolation approaches, download this ebook, “Inside The Weakest Link: How Persistent Attackers View Your Cybersecurity Isolation Strategy.”