Understanding Virtual Browsers: Concepts and Use Cases
What is a Virtual Browser?
A browser is an application that enables end users to interact with information over the Internet. A virtual browser is physically or logically isolated from the underlying operating system (OS) of a computer.
Virtual browsers can improve security by preventing malware infections from malicious websites and links, enable users to run browsers that are not compatible with their personal devices, enable large-scale browser compatibility testing, and support additional use cases.
Types of Virtual Browsers
There are two main ways to virtualize browsers:
- A standalone application—in this case, the browser application is placed within a virtual machine (VM), which contains a full version of the OS.
- A virtual appliance—in this case, the VM requires just enough operating system (JEOS) when running the browser software.
There are two main ways to deploy a virtual browser:
- Locally—in this case, end users can access the virtual browser when connecting to a corporate network.
- In the cloud—in this case, the virtual browser is kept in the cloud and end users can use an Internet connection to gain access.
There are two main modes to access a virtual browser:
Anonymous—also known as incognito or private mode. In this case, all cookies, settings, history, and bookmarks are erased after each session.
- Authenticated—user information, including settings, bookmarks, history, and cookies are all saved and accessed in each user account.
Remote desktop deployment tools and techniques enable administrators to remotely deliver browsers to end users. When end users connect to the virtual browser, they see only the browser while the other components of the virtual desktop are hidden.
During a remote session, only the client providing access to the remote resource is running on the local computer. Remote delivery of virtual desktops enables administrators to address browser compatibility issues while protecting the underlying OS against malware.
What are Virtual Browsers Used For?
Prevent Web-Based Malware Infections
A virtual browser can act like a protective barrier, placed between web-based threats and the computer connected to the corporate network. In this scenario, malware cannot reach the endpoint, because the session is virtual.
Avoid Browser Compatibility Issues
Many organizations still use legacy applications, which were designed to run on old, deprecated versions of browsers, like Internet Explorer. Typically, this requires organizations to download multiple versions of browsers on each machine. A virtual browser solves this problem, letting end users run remote sessions of browsers configured to be compatible with the application.
Web developers often need to test their project on a wide range of browsers. Since each browser works differently, a web application needs to be tested on each browser to ensure compatibility and a positive user experience for the target audience. Instead of installing many versions and applications on their machines, web developers can use a remote session.
What is Remote Browser Isolation (RBI)?
Remote Browser Isolation (RBI) lets users interact with the browser in a remote environment, isolated from the local network. This process places the remote virtual browser in a lightweight Linux container, which allocates a separate resource for each individual browser tab.
Here is how the process works:
- A user starts a browser session by entering a URL or clicking on a link
- A container is allocated for the user session
- Inside the container, active web content gets rendered into sound and images
- Web content is transmitted in real time to the device of the user
- When users hide or close tabs, the relevant container is eliminated
This process ensures that there is no web code running on the user device and the network remains protected from threats in the source code.
Virtual Browser vs Remote Web Browser
Virtual browsers and remote web browsers may appear similar, but there are key differences that highly distinguish the two. Below is a summary of the main differences.
Virtualization vs containerization
Virtual browsers run on virtual machines, which come with a strict set of hardware and software requirements. For example, to ensure compatibility between the virtualized environment and the end user machines, you might need to upgrade your machines.
A remote web browser runs on a Linux-based containerized architecture. This architecture is typically more flexible and scalable than a VM-based architecture, and can provide high granular control over resource allocation and cost optimization.
Time to start
Virtual browsers typically take more time to start than remote browsers. A virtual browser often relies on heavy remote processes, and cannot start before the processes are initiated. A remote web browser is more lightweight and takes less time to start. It can also route browsing traffic quickly to ensure users can view internal and external sites from the same browser or tab.
A remote web browser acts much like a sandboxed browsing environment, which is launched for each new browsing session and tab. Since sessions are dropped when the session is no longer active, this process prevents malware propagation and persistence.
Challenges with Virtual Browsers
- Virtual browsers only secure website traffic
While virtual browsers add an additional security layer, they only isolate websites and web content. An end user device can still be at risk from downloaded applications, untrusted documents sent as email attachments, or opened through a USB.
Virtual browsers can negatively affect the user experience
Because virtual browsers connect users via the cloud, they can cause latency and lag issues for users. This is particularly an issue with heavy communication applications or websites like Zoom and Microsoft Teams.
Virtual Browsers can cause new security issues
Virtual browsers are commonly adopted for security reasons, because they isolate malicious content from the user’s local device. However, they can also create new security concerns:
Traffic to and from a cloud-based browser is difficult to monitor and control
- Cloud-based browsers store information outside your organization, and depending on the region in which the cloud provider operates, this might have compliance implications.
- Line of business (LoB) applications may require connections to servers in your internal network. For these apps to work with a remote browser, you would need to open ports to external addresses, which exposes the network to attacks.
Hysolate: More than a Virtual Browser
Hysolate is more than just a virtual browser. Hysolate isolates your entire OS environment, so your team can get their jobs done. Within Hysolate users can access untrusted websites, applications, documents and external applications like USBs in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data.
Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.