Hysolate Browser

Why do I need another browser?

In today’s cyber threat landscape, the built-in security capabilities of modern browsers are just not enough to stop malware or malicious insiders from doing harm. Furthermore, human error can lead to data leaks and breaches.

As an example, attackers find numerous critical vulnerabilities in Chrome every year, and can leverage these vulnerabilities to craft malicious websites/files – and when this malicious content is rendered by the browser, the attacker can take over the endpoint and use it to breach an organization, leak data, or deploy ransomware.

Furthermore, employees or contractors can by mistake or intentionally leak enterprise data accessed via Chrome. The problem becomes even worse as organizations allow 3rd parties and employees to use unmanaged and potentially infected endpoints to access enterprise apps via their browser.

Introducing Hysolate Browser

Hysolate Browser is a Chromium-based browser running within a local isolated virtual machine. It provides strong bi-directional separation between the endpoint OS and the Hysolate Browser, allowing users to safely access content, be it enterprise apps containing sensitive data or risky/malicious content on the wild web. It is instantly deployed, provides a familiar local experience to users, and includes multiple built-in security controls beyond VM isolation.

A Familiar User Experience

Behind the scenes, Hysolate Browser runs the standard Chromium browser. This lets users feel right at home when using the Hysolate Browser – there’s no learning curve or training. Furthermore, as opposed to Remote Browser Isolation technologies (RBI) or VDI/DaaS, the Hysolate Browser runs locally and does not require a high bandwidth/low latency network connectivity for a great user experience. The browser leverages the user’s existing hardware, eliminating the need for the high data center/cloud costs that are typically associated with VDI/DaaS/RBI.

Advanced Security Controls

As the Hysolate Browser runs in a virtual machine, browser vulnerabilities are no longer a concern. If the Chromium browser has a vulnerability and the user browses to a malicious website/file, the attack will be contained within the VM and will not spread out to the rest of the endpoint. The VM can also be reset to a clean snapshot on demand. Hysolate Browser also secures itself from the host operating system: if a 3rd party/employee uses an unmanaged endpoint to access enterprise resources, the Hysolate Browser prevents them from leaking data out of the browser, including screenshot protection, VM disk encryption, clipboard protection, etc.

Instantly Deployed

The Hysolate Browser doesn’t require you to prepare any virtual machine image. The product includes everything you need out-of-the-box and is installed just like any other app, including the underlying guest OS that will be running the Hysolate Browser. For example, on Windows, the Hysolate Browser leverages the latest innovations in Hyper-V to automatically create a VM out of the existing trusted Windows files that exist on the host OS – eliminating any overhead previously associated with creating or updating the guest OS.

Minimal Requirements

Hysolate Browser requires 8GB of RAM, an Intel/M1 CPU from the last 5 years, and an SSD disk. It runs on Windows 10/11 Pro/Enterprise or macOS Big Sur 11.0 or later. For the best user experience, 16GB of RAM is recommended.

Web Gateway Security: Applying Zero Trust to Web Traffic

What is a Secure Web Gateway?

Secure Web Gateways (SWGs) are network security devices designed to protect the network and its users from web-based threats. Once the SWG is installed, it prevents malicious traffic from intruding and infecting the network and its endpoints.

The main purpose of the SWG is to act as a proxy between internal users and the Internet. It serves as an obstacle that prevents users from accessing potentially malicious web pages, and prevents malicious web pages already accessed, or malicious web traffic, from penetrating the network. SWGs can be deployed as hardware, software, or virtual devices, and may be deployed locally or in the cloud.

SWG solutions work together with access control measures like zero trust network access (ZTNA), which ensures users can only access the applications or data they are authorized to use. While ZTNA protects against malicious activity on the internal network, secure web gateways protect against threats originating from inbound and outbound web traffic.

This is part of our series of articles about browser security.

Why are Secure Web Gateways Important?

Secure web gateways are becoming increasingly common as cybercriminals exploit seemingly harmless websites, injecting threat vectors. These fake or compromised websites can cause significant damage if employees unknowingly visit them. Examples include fake online shopping websites with well-known brands, fake government websites, or B2B intranets.

Some fraudulent websites trick users into entering personal or sensitive information, such as credit card numbers and social security numbers. Other sites can take control over the user’s web browser and can infect the user’s device, and the network, with malware.

Secure web gateways can help mitigate these threats, by blocking access to fraudulent sites and preventing sensitive data from leaving the organization.

Learn more in our detailed guide to secure web gateways (SWG) (coming soon)

What are the Benefits of a Secure Web Gateway?

A secure web gateway uses flow-based security mechanisms like firewalls to detect threats concealed in web traffic. The SWG is often the only security measure that can block a web-based attack in real time. Secure web gateways use a proxy-based architecture and intelligent monitoring tools to keep track of new attack signatures, and respond to emerging and zero-day threats.

The secure web gateway monitors traffic to identify possible attack vectors and provide visibility over who is using the network. SWG can decrypt web and cloud-based traffic, so an attack cannot be hidden via encryption. The SWG can send suspicious content to systems like DLP and CASB for analysis.

SWG is an important tool for safeguarding your digital assets and complying with security regulations and policies. Another important benefit is that it allows you to define security policies for web traffic, both outbound and inbound, and apply them consistently across the enterprise.

Related content: read our guide to web filtering

Secure Web Gateway Deployment Options

There are three main deployment options for secure web gateways:

• Cloud SWG—solutions are designed for cloud environments.
• On-premises SWG—solutions are designed for local infrastructure.
• Hybrid SWG—solutions are designed to protect complex ecosystems including both cloud-based and on-premises resources.

Regardless of the location of the infrastructure, SWGs are typically deployed as a software component, running on the existing servers of the organization. The servers can be physical (bare metal), virtualized, or containerized.

SWGs can route traffic in several ways, including:

• Placing the SWG inline.
• Implementing proxy auto config (PAC) files on the client.
• Transmitting web traffic to the SWG using either policy-based routing or generic routing encapsulation (GRE).
• Deploying agents on the client.

Web Gateway Security Best Practices

Here are a few best practices that can help you make more effective use of secure web gateway solutions to secure web traffic for your organization.

Complement SWG with Traditional Security Controls

A secure web gateway helps protect users and devices from malware when they access the public Internet. However, organizations must not rely entirely on the SWG to secure their network.

Protecting enterprise applications, data centers and cloud environments requires a defense in-depth security approach, combining traditional network security tools with access control measures and incident response mechanisms.

The SWG helps protect the network perimeter, but if an attacker manages to infiltrate the network, they are free to move laterally within the network. To protect your applications in the event your perimeter is compromised, you should use access control measures such as zero trust network access (ZTNA) and multi-factor authentication (MFA). ZTNA technology helps ensure that users can only access the applications or data they are authorized to use.

Identify and Manage Shadow IT

Enterprise networks are often exposed to hundreds of unauthorized applications that users install on their devices, or access remotely via the cloud. This increases the network’s attack surface and the risk of a breach. You can leverage the visibility provided by SWG solutions to identify and respond to shadow IT in your network.

As a general rule, all applications used in the network should be identifiable and their use monitored. Applications that represent a higher security risk should be identified and blocked either entirely or in part, for instance by blocking downloads but allowing uploads.

Inspect Encrypted Traffic

Encrypting data in transit helps protect against attacks that tamper with or spy on web traffic. The standard for web traffic encryption is Transport Layer Security (TLS), which connects endpoints via a secure tunnel.

However, encryption can also be used by attackers to conceal malicious activity and block access to files via ransomware. SWG solutions are a proxy server that allows you to control and inspect HTTPS-encrypted web traffic. The proxy server decrypts traffic so it can be analyzed in plaintext, and then re-encrypts and transmits the data via a secure connection.

The proxy can inspect the requested URL for malicious content, protect the integrity and confidentiality of TLS-encrypted traffic, and provide visibility over threats or anomalies in encrypted communications.

Web Gateway Security with Hysolate

Hysolate is more than just a secure web gateway. Hysolate isolates your entire OS environment, isolating risky or sensitive activities in an isolated VM. Within Hysolate users can access untrusted websites, applications, documents and even external applications like USBs and printers in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data. IT admins can save time and resources by reducing web filtering and whitelisting sites and applications, and users can be more productive.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including granular policies for different teams.

Read more about isolating risky activities with Hysolate here.

Secure Web Gateway: Making Your Choice

What is a Secure Web Gateway?

A secure web gateway (SWG) helps achieve two main objectives: protecting against web-based threats, and enforcing company policies for web traffic.

To achieve these objectives, a secure web gateway solution typically employs several technologies, such as URL filters, malware scanners, and application control.

Organizations leverage SWG solutions to promote browser security, ensuring employees and third parties can safely browse the pages without putting the corporate network at risk.

How Does a Secure Web Gateway Work?

A secure web gateway monitors web traffic flowing between the web and the network or user endpoints.

There are two options to install SWGs—as software components or as hardware devices. Once the SWG is installed, all traffic occurring between users and network components is routed through the gateway, which monitors web traffic activities.

When monitoring traffic, a secure web gateway looks for malware, analyzes web application use, and checks all attempted URL connections. The SWG may use a stored whitelist to validate URL addresses, as well as blocklists to restrict sites deemed off-limits.

You can store and update whitelists and blacklists in a secure gateway database. The SWG uses the database to filter incoming and outgoing traffic. You can also check data flowing throughout the network, restricting or allowing pre-approved data traffic only.

SWGs can enforce application-level controls on-premise or in the cloud. You can use this capability to secure Software as a Service (SaaS) applications like Salesforce and Office 365. This allows you to restrict or limit uploads or downloads, for example.

Learn more about using SWG to improve your security posture in our detailed guide to web gateway security (coming soon)

Secure Web Gateway Features

To protect against web-based attacks and enforce policies, SWGs use several technologies, including URL filters, anti-malware scanners, and application control.

URL Filtering

URLs are strings of text that appear when a browser loads a web page. For example, https://www.hysolate.com/resources/.

URL filtering enables you to allow, restrict, or limit the websites each user can load. It typically requires the use of blocklists, which include restricted sites, and whitelists, which include sites that are allowed. The SWG uses the lists when filtering sites.

Anti-Malware Scanner

SWGs are responsible for scanning network traffic, looking for potential malware threats. The majority of these scanners look for known threats. Alternatively, the scanner may also use a sandbox, which is an isolated environment, to safely execute the code.

A sandbox enables the scanner to assess the behavior of the code in a controlled environment, far removed from the main production environment. Once malware is detected, the gateway blocks it from entering the system. You can keep the code in the sandbox for future analysis.

SWGs can also decrypt HTTPs traffic, and then scan it for malware. Once the scan is complete and the traffic is deemed sage, the SWG re-encrypts it and forwards it to the web server or the end user.

Application Control

An application control system enables you to detect the applications used on the network and control applications traffic. For example, you can completely restrict certain applications from being added to the IT environment, allow only access to approved applications, limit the amount of resources an application can consume, and more. SWGs use application control to identify, authenticate, and authorize applications and users.

Related content: read our guide to application whitelisting.

Content Filtering

This feature can detect unwanted content and block it on user devices. Content filtering, for example, can prevent videos and photos that are not in line with the organization’s Internet use policy, or may create legal or compliance exposure, from entering the corporate network. Corporate IT administrators can use secure web gateways to set custom content filtering policies for the entire enterprise.

Related content: read our guide to web filtering.

Data Loss Prevention (DLP)

Not all web security gateways offer this feature, but it is very effective in preventing data leakage. DLP can prevent sensitive content from leaving the network. It can detect sensitive data, such as credit card numbers, social security numbers, or documents marked as confidential, detect sensitive data transferred from a corporate network, and block or flag the data to prevent data leakage.

Secure Web Gateways vs Firewalls

Like SWGs, firewalls are responsible for monitoring incoming and outgoing traffic and can differentiate between normal activities and potentially malicious traffic. The two are network security measures, but each work differently.

A firewall uses a predefined set of security rules to allow or restrict data packets, whereas a secure web gateway uses lists and policies to allow or restrict web-traffic. The two technologies may seem identical, but each performs a different function using different techniques.

How to Evaluate Secure Web Gateway Solutions

These are some key things to consider when evaluating a secure web gateway solution:

• Do you have a complete understanding of the web-based threats and vulnerabilities affecting your organizations and how they may impact your users? What are the business risks these vulnerabilities pose?
• What control measures do you already have in place to compensate for these vulnerabilities and help mitigate web-related risk?
• Does your organization have other business needs or specific security requirements? What gaps need to be addressed to achieve your business and security objectives?
• Have you set up any internal resources for deploying and managing new security tools?
• What support will your organization need when deploying on the cloud? Can you integrate your existing on-premises resources with the cloud offering?
• How will you evaluate the success of implementing a secure web gateway? Will your enterprise’s security management approach accommodate changes easily or do you need to adjust your strategy?

Once you have defined your specific needs, you can compare the SWG products on offer and choose the one that best meets those needs. Choosing the right Secure Web Gateway product is essential for ensuring that you can mitigate the risks to your information assets and data systems. You also need to take into account resource requirements and budget.

Securing Web Traffic with Hysolate

Hysolate is more than just a secure web gateway. Hysolate isolates your entire OS environment, isolating risky or sensitive activities away from your host device. Within Hysolate users can access untrusted websites, applications, documents and even external applications like USBs and printers in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data. IT admins can save time and resources by reducing web filtering and whitelisting sites and applications, and users can be more productive.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams.

Want to try out Hysolate for yourself? Try Hysolate Free here.

Browser Security: Threats, Solutions, and User Education

What is Browser Security?

The web browser has evolved from a mechanism for displaying text documents to the ubiquitous tool for interacting with a huge variety of online content, including rich media and dynamic web applications.

Having a single platform for handling all these various functions and media types is useful for the user, but it comes at the expense of security. The complexity of the browser exposes numerous points of weakness that an attacker can exploit.

Some of the most commonly exploited weaknesses of a web browser include weak antivirus and other defenses on the user’s device, unblocked popups, malicious redirects, unsafe plugins, DNS attacks, and unsafe use of save passwords and form data.

There are two primary avenues for preventing these threats: adopting technical solutions that can limit their impact, such as browser isolation and web filtering, and educating users to adopt safe browsing practices.

Top Browser Security Threats and How to Prevent Them

Weak Antivirus Software and Other Protections

Threat actors are devising increasingly sophisticated ways to breach antivirus software, firewalls, and other measures of protection. Many threat actors manage to sidestep these defenses without being detected.

How to prevent

You can implement web browsing proxies, content filtering, and email scanners, to prevent threats before they reach the user’s browser. To provide additional layers of protection, deploy endpoint protection platforms (EPP), which can detect unknown and fileless threats, using machine learning-based analysis.

Additionally, organizations should implement automated patching, to ensure browsers, operating systems and other software is always running the latest, most secure, version. Employee training is also essential, because it can help users avoid falling for phishing and other social engineering attacks, and reduce their exposure to threats.

Learn more in our detailed guides about:

• Endpoint security

• Endpoint Protection Platforms (EPP)

Redirects and Pop up Ads

Pop ups are commonly used by threat actors as a means to infect computers with malicious code. The pop up may try to coerce users into accessing unsafe web pages, or downloading malware. There are various techniques for forcing users to interact with the popup—attackers may create a popup that cannot be closed, or include a warning that will urge the user to download a malicious payload.

Another technique is malicious redirects—these take the user from a safe web page to a malicious page. The malicious page may use browser or operating system vulnerabilities to trigger a drive-by download, might announce a warning or a threat, to trick users into downloading malware, or may pretend to be a legitimate page requesting the user’s sensitive details.

How to prevent

Popup and ad blockers can be very effective in reducing the threat of these attack techniques. Content filtering solutions can add another layer of defense, preventing malicious content from being displayed to users in the first place. Web filtering can be deployed on the user’s device or at the enterprise level—for example by using a secure web gateway (SWG).

Browser Extensions and Plugins

Plugins and browser extensions help improve user experience and extend the functionality of websites. However, while some plugins are well made, others are poorly designed and introduce vulnerabilities into the site. There are also plugins that are deliberately created with malicious intent.

How to prevent

To prevent this type of threat, create a policy that restricts users from installing plugins and extensions, preferably using a list of allowed and restricted plugins. Another option is adopting centralized software whitelisting and blacklisting solutions—these can be applied to plugins as well, enabling a centrally-governed solution for unsafe plugins.

Related content: read our guide to application whitelisting

Communication with DNS Servers

When a user types an address into a web browser, the browser connects to a DNS server to discover the IP address matching that address. The DNS server is responsible for redirecting the browser to the appropriate site, but attackers can subvert this connection through a variety of means, directing the browser to a malicious site instead.

How to prevent

To protect against DNS attacks, organizations should use a private DNS resolver and ensure it is secure. Another option is to use a secure hosted DNS service, ensuring the DNS provider has strong security and compliance measures.

Saved Passwords and Form Info

Passwords protect valuable information and access to systems and networks. If threat actors manage to steal or decipher passwords, they can use these credentials to gain unauthorized access to certain systems and databases, or the entire network. The problem is that many users create the same weak password for many accounts, and use their browser to save passwords in an unprotected way.

How to prevent

It is critical to educate users not to use the browser’s password saving feature, and if possible, to disable it. However, because users do need a way to remember and organize passwords, organizations should implement password management software with the appropriate security and access control features.

A stronger, more effective measure is multifactor authentication (MFA). You can provide more than one way for a user to authenticate—using a piece of information they know (like a password), something they possess (like a mobile device or security token), or a personal characteristic (for example, their voice or fingerprint).

Browser Security Solutions

Here are a few technical solutions that can improve browser security in your organization.

Virtual Browser

The standard web browser is installed on an endpoint device, where it communicates directly with the web to search for information or process transactions. When users interact with the Internet via a standard web browser, they may expose their device to threats.

An alternative to a device-based browser, which can help mitigate web-based threats, is a virtual browser. This is a web browser hosted in a virtual environment, completely isolated from the operating system of the end-user device. This ensures that if the user comes across a malicious script or downloads malware, the script or malicious software executes within the virtual machine, and cannot harm the underlying operating system or access the user’s data.

A virtual browser can be isolated in various ways, most commonly by running on a virtual machine, but also using container engines like Docker, or dedicated browser sandboxing platforms.

The downside of virtual browsers is that they often require a large amount of system resources, can slow down the user’s machine, and may be complex to deploy.

Learn more in our detailed guide to virtual browsers

Remote Browser Isolation (RBI)

To provide an extra layer of security when users surf the web, organizations can provide a web browser that is hosted in the cloud. This is known as remote browser isolation. Remote browsing lets users take advantage of the public internet, while maintaining physical isolation from the user’s workstation or mobile device.

Just like a virtual browser, RBI ensures that if the user comes in contact with threats while using the Internet, the infection is contained within the cloud infrastructure and cannot bridge the physical distance between the browser and the local machine.

A downside of RBI is that the user needs to access the remote browser over an Internet connection, and this can introduce latency and performance issues.

Learn more in our detailed guide to remote browsers

Web Filtering

A web filter is a software application that reviews content in web pages and either grants or denies permission to view the content. To determine whether or not to display the content, the web filter uses a predefined set of rules, or more advanced methods such as machine learning-based analysis.

Organizations use web filtering to prevent users from accessing web content that may be malicious (such as web pages that trigger drive-by downloads or run malicious scripts) and content that is not suitable for the workplace. The goal of web filtering is to increase productivity, reduce accountability, and protect corporate networks from web-based threats.

Web filtering solutions can perform additional functions such as traffic analysis reporting, soft blocking (warning users of unsuitable content before access is blocked), and the ability for administrators to unblock specific content at the request of users.

Learn more in our detailed guide to web filtering

Secure Web Gateway

Secure Web Gateway (SWG) solutions can help companies achieve two main goals: protecting against web-based threats and implementing corporate policies for web traffic. These solutions typically combine several technologies, such as URL filters, malware scanners, and application controls.

Organizations use SWG solutions to improve browser security, and allow employees and third parties to safely navigate the web without compromising the corporate network.

Learn more in our detailed guide to Secure Web Gateways (SWG) coming soon.

Educate Your Users: 6 Browser Security Best Practices

Browser security is not complete without user education. Over 90% of cyber attacks include a form of social engineering, and your users are the weakest link in the browser security chain. Teach your users the following best practices, to ensure they adopt safe browsing practices and help protect the organization from threats.

1. Keep Browsers Up-to-Date

Keeping your browser software updated is an essential part of browser security and must never be overlooked. Hackers are constantly hunting for flaws in browsers that they can exploit, with new vulnerabilities being exposed every day.

On company-owned devices, ensure you have an automated patching mechanism to update browsers to the latest version. On user-owned devices, educate users to always run the most up-to-date version of the web browser to protect themselves and the network from browser attacks.

2. Use HTTPS

When visiting a website, users should make sure the site uses HTTPS, which is a secure, encrypted communication protocol. Users should look for the green padlock in the URL bar of the browser, and if it isn’t there (a warning will typically be displayed), avoid using the website.

Users must be aware that HTTPS encrypts the data transmitted between the browser and a website, so it cannot be intercepted. In particular, when the user enters confidential data into the browser, they must ensure that the green padlock appears, otherwise attackers can intercept their communication and steal the data.

3. Use Unique Passwords

Reusing the same password across multiple sites means attackers can compromise a user’s sensitive information more easily, as they can access multiple resources once they have cracked a single password. Users need to understand that billions of cracked passwords are freely available on the dark web, probably including their own weak, reused passwords.

Give users a simple technique to generate strong, unique passwords they can remember. Alternatively, provide an automated mechanism to generate strong passwords. Ensure that users change their passwords frequently, at least every 90 days.

4. Disable Auto-Complete for Forms

Most browsers, as well as many websites, provide the option of remembering passwords and personal details entered into forms. This information, intended to make it easier to revisit websites and fill out forms in future, provides a reservoir of data that attackers can exploit. Hidden fields allow websites to steal form data.

Educate users that an attacker can more easily detect if they have enabled auto-complete for forms. If they remain logged into a site, attackers can hijack their browsing session and steal their data. Users must disable auto-complete features on the browser are disabled and clear any stored passwords.

5. Block Pop-ups and Ads

Pop-up windows are usually a form of online advertisement designed to drive web traffic or obtain the user’s email address. A pop-up window typically opens a new web browser window displaying an advertisement.

While many pop-ups are displayed by well-known companies and are safe, malicious sites and adware programs generate pop-ups that can deliver malware or spyware to user devices, hijack browser sessions, or perform other malicious activity.

Ads can also be malicious—there have been many cases of advertisements shown on legitimate publisher websites, which contained malicious scripts that could do damage to visitors.

Modern browsers have a built-in ability to block popups, and users should enable this option. It is preferable for users to  install a browser extension from a known, safe software provider to block popups and ads.

6. Limit the Use of Cookies

Cookies are small text files that are stored in the browser cache when a user visits certain websites. There are two main types of cookies:

• First party cookies are stored directly by the websites you visit and may contain information such as username and login credentials. This allows users to quickly login on subsequent visits, and remembers their session data. However, these cookies are an attractive target for cybercriminals, who can use them to steal user credentials or sensitive data.
• Third party cookies are served by the website the user is visiting, on behalf of an external website or advertiser. They may be used to track the user’s activities for marketing purposes, but may also be used for malicious purposes.

Cookies may be stored on a user’s system for weeks or longer, unless browser settings specify that cookies should be deleted on a regular basis. Users should specify conservative cookie settings, enabling cookies, but limiting the time cookies stay on their system, and requiring explicit permission before accepting cookies.

Browser Security with Hysolate

Hysolate is more than just a remote virtual browser. Hysolate isolates your entire Operating System, so your team can get their jobs done in a productive, secure way. Within Hysolate users can access not just untrusted websites, but also applications, documents and external peripherals like USBs and printers in a fully isolated “untrusted environment”, that doesn’t introduce malicious threats to their corporate or sensitive data in the main OS.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency with heavier applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.

Learn more about Hysolate’s full OS isolation solution

Web Filtering: An In-Depth Look

What is Web Filtering?

A web filter is a software application that screens incoming web pages and then either grants or denies permission to view the content. To determine whether content should be displayed or not, a web filter checks the content and its origin against a set of predefined rules.

Organizations use web filtering to prevent users from accessing web content like spyware and viruses, as well as content inappropriate for the workplace. The goal of web filtering is to improve productivity, reduce liability, and protect the corporate network against web-based threats.

A web filtering solution can provide a wide range of capabilities, in addition to the basic filtering service. Notable features include reporting capabilities that analyze traffic, soft blocking that can display warnings before denying access, and an overriding functionality that lets administrators unblock pages.

This is part of our series of articles about browser virtualization.

Why is Web Filtering Important?

Here are a few ways your organization can benefit from web filtering technology.

Reduced Malware Infections

By blocking access to known bad sites with a high risk of malware or malicious activity, you can protect your data and users before malicious payloads are introduced. Web filtering can significantly limit threats, reducing the need for responding to malware alerts and performing maintenance work to clean employee endpoints.

Modern web filtering systems are highly effective at preventing malicious software from reaching your network. In addition to restricting access to entire domains, firewalls with web content filtering systems can also check and scan individual web pages to identify potential threats.

Protection Against Exploit Kits

While network security technologies continue to evolve, hackers are also developing smarter ways to illegally access data and networks. Exploit kits contains code specifically designed to attack web browser vulnerabilities, through browser extensions and plugins.

When users unknowingly visit malicious URLs, they may cause an exploit kit to be deployed, which exploits vulnerabilities in their browser or underlying operating system. Vulnerabilities could enable the attacker to download malware to the user’s device, hijack sessions and credentials, and more. Content filters can effectively identify exploit kits and block access before payloads are downloaded to the user’s device.

Improved Productivity

Unchecked access to social media, video, news sites, or other web content unrelated to work activity, can distract employees and reduce productivity. A web filtering solution provides a way to restrict access to certain websites users do not need to perform their jobs. Each company can establish a policy determining what type of content is or is not appropriate for employees to consume during work time or on work devices.

Minimized Company Liability

Organizations that actively monitor employee web use can avoid the dangers of Internet abuse. Your organization has a responsibility to prevent employees from performing inappropriate, harmful or illegal activities online, including:

• Posting offensive content on blogs and social media
• Posting discriminatory or vulgar offensive content
• Cyberbullying
• Downloading pirated content
• Accessing materials not appropriate for a work environment
• Accessing content that is illegal under local laws

While web filtering cannot eliminate all these risks, it can dramatically reduce them, and also provide the tools to identify and intervene if employees are engaging in problematic activity.

Content Filtering Methods

There are many different methods for web filtering at work, and most solutions combine them.

Whitelists and Blacklists

Blacklists are used to block access to specific domains and URLs through third-party or user-defined blacklists. Whitelists are always used to allow access to specific URLs or domains, optionally blocking all other content for users.

Related content: read our guide to application whitelisting (coming soon)

Category Filtering

Category filtering is the easiest way to filter content. Web filtering solutions assign websites to categories based on their content. System administrators can use check boxes in the web filtering solution’s configuration UI to select categories of content to block. Commonly blocked categories include adult websites, gambling, games, dating, social media, news, and webmail.

Content Analysis

Some web filters perform web content analysis to detect specific keywords or web content, including inappropriate images, and assign a score to each URL. Thresholds can be set for individual users, departments, or the entire organization, and when that threshold is exceeded, the web page or website is blocked.

DNS Based Web Filtering

DNS-based web filtering blocks web content at the Domain Name System (DNS) level. It can block access to websites early on, when a user tries to connect to the website and the browser attempts to resolve its domain name using DNS. DNS-based filtering can prevent the browser from connecting the site, and display a warning message to the user.

In a DNS-filtering system, the organization uses the DNS server of a third-party service provider. The service provider maintains a database of classified websites and web pages. when a DNS lookup is performed, it works as follows:

• If the user tried to visit a website that is allowed by the filtering policy, and is not malicious, they are redirected to the appropriate IP address
• If the website is malicious, suspicious, or blocked by the filtering policy, the user is forwarded to a local IP address hosting the DNS blocking page, to notify the user that the content is blocked

The process does not affect browsing speed, and end-users are typically not aware they are browsing through a filtering system. Access attempts to the website are recorded through DNS logs, so administrators can monitor access attempts and take appropriate action.

How Do DNS Filtering Services Work?

When browsing the web on a corporate network, all DNS queries are sent to the DNS resolver. A specially configured DNS resolver acts as a filter, by denying query resolution for specific domains tracked in a block list, and can prevent users from accessing these domains. DNS filtering services can also use whitelists instead of blacklists.

When an employee attempts to visit a malicious URL, before the browser loads the website, it first queries the company’s DNS resolver. If the malicious website is on the DNS resolver’s blacklist, the resolver blocks the request, and prevents the malicious website. This can prevent a majority of phishing attacks.

Blacklists and whitelists can be defined by domain name or IP. If the former, the resolver does not resolve domains listed on its blacklist. If the latter, it resolves all domains, but if the resulting IP is blacklisted, it does not return it to the user’s browser.

DNS Filtering Considerations

Like any ad hoc solution, FNS filtering cannot provide full coverage. However, you can encompass a lot of ground by using a solution that provides three layers of DNS filtering, including:

• IP addresses—botnets and other servers usually leverage custom application protocols to perform malicious activities. To protect against these attacks you need to implement IP address blocking.
• Domains—to protect against attacks that perform malicious activities on non-web protocols, such as SMTP, you need to implement full domain name blocking.
• URLs—to defend against malicious content which is hosted on content delivery networks (CDNs) or a file-sharing system, you need to implement URL blocking because.

Proxy Filtering

Proxy filters (or proxy servers) are software or machine components that serve as middlemen between a client and servers.

A proxy filter hides the client’s identity and location. Users accessing a server via a proxy trick the server into believing it performs a request made by the proxy and not the user.

Here are several use cases for proxy filtering:

• Restricting access to specific sites within the network
• Getting around network restrictions
• Accessing content available in other regions

It is important to note that a proxy filter bypasses web filters. A user can use a proxy to access restricted websites.

Pros and Cons of a Proxy Server

Here are several common advantages of using a proxy server:

• Increased privacy—of Internet users. To achieve this, the proxy server conceals the IP address of the user and tricks the server into seeing a single computer instead of multiple clients.
• Blocking malicious sites—in this case, the proxy server is used as a content filter, which blocks access to inappropriate or malicious websites.
• Site caching—a proxy server can cache (save) a copy of a frequently visited site and then directly serve it to the user. Caching ensures users quickly gain access to content.
• Bypass restrictions—a proxy server can help users bypass restrictions and gain access to content that is only available to certain regions.

Here are several limitations of using a proxy server:

• Slower speeds—since a proxy server mediates between the server and the client, the proxy becomes an additional layer through which traffic flows. This may slow down the load time of non-cached content.
• No encryption—proxy servers usually do not encrypt the traffic. This might expose the user (and potentially also the network) to third-party threats.
• Server logging—since the entire traffic of the user flows through the proxy, the server can log the Internet history of the user. Since there is no encryption, the privacy and security of the users are at risk of being exposed.

Browser-Based Web Filtering

Another way to improve security for web users is to filter content at the browser level. There are several approaches to browser-based filtering.

Isolated or Virtual Browser

An isolated browser, also known as virtual browser, is a browser running on the end-user’s machine, but isolated within a virtual machine or virtual appliance. Running the browser in an isolated environment means that security threats cannot affect the underlying device.

It also provides more control over content filtering, making it possible to block certain content, and whitelist or blacklist domains and URLs.

Learn more in our detailed guides to:

• Virtual browser 

• Browser isolation

Remote Browser

Remote browser isolation (RBI) involves running browsers as a remote, cloud service, and allowing users to access the remote browser from their local device. Content from the remote browser can either be visually streamed using “pixel pushing”, or reconstructed in a local browser, after stripping content that might constitute a security threat.

Both techniques improve security compared to unprotected local browsers, but each has challenges both for the user and the organization operating the remote browser solution.

Learn more in our detailed guide to remote browsers.

More Than Just Web Browsing Security with Hysolate

Hysolate is more than just a remote virtual browser. Hysolate isolates your entire OS environment, so your team can get their jobs done. Within Hysolate users can access untrusted websites, applications, documents and even external applications like USBs and printers in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data. IT admins can save time and resources by reducing web filtering and whitelisting sites and applications, and users can be more productive.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.

Want to try out Hysolate for yourself? Try Hysolate Free here.

Remote Browser Isolation (RBI): An In-Depth Look

What is a Remote Browser?

Remote browser isolation (RBI), a virtual browser technique, provides an additional security layer against threats originating from web browsers. RBI helps you reduce the attack surface by separating user browsing activities from endpoint hardware.

Here is how the process typically works:

A user attempts to access a web application or page.

• The web application or page is loaded on a remote browser.
• The remote browser serves the user with a rendering of the requested page. The page loads as usual, but the remote browser delivers only pixels to the end-user device, not full HTML.

This process ensures that active content, including malware, is not downloaded—ensuring the endpoint device remains safe.

How RBI Shields Your Network From Cyber Attacks

Remote browser isolation technology takes a zero trust approach, and does not implicitly trust any website. It moves all Internet activity into an isolated environment, ensuring a safe web browsing experience. Gartner reports that by 2022, 25% of businesses will adopt browser isolation technology, and that RBI can reduce attacks on end-user systems by as much as 70%.

RBI solutions allow businesses to manage remote access to corporate networks, and secure unmanaged devices when accessing Internet resources. When users access the Internet through a remote browser application, they view web content over a secure channel—typically only the visual representation of web pages, without accessing files or executing codes on the local environment. If a malicious link is opened in an isolated environment, it will not affect the employee’s system.

RBI can protect organizations from known and unknown web-based threats such as ransomware, zero-day attacks, and drive-by-download attacks. RBI not only protects web browsers from attacks, but also prevents disclosure of sensitive user data and browser history that attackers can use for malicious purposes.

Related content: read our guide to browser isolation

Key Functionality of an RBI Solution

RBI solutions can provide a wide range of capabilities, depending on the type of isolation enabled. Here are several functionalities any RBI solution should provide:

User Authentication

when an RBI is asked to create an isolated browser instance, it first needs to authenticate the user. Once the user is authenticated, the solution can load the profile permissions, preferences, and settings of the user, and create the browser accordingly. There are solutions that use a cache to enable users to log in without having to constantly input their credentials.

Instance Management

there are several ways to create an isolated instance—as a container, a virtual machine (VM), or as a sandbox. During normal operations, the solution shuts down the instance when the user ends the session.

Several responses are initiated when the solution detects a threat. First, the instance attempts to eliminate the threat. If the instance becomes compromised, the solution shuts it down and deploys a new instance (including all tabs that were open during the session).

User Session Management

Here is what the RBI solution should do during a remote browser session:

• Process user requests
• Pass user requests to the browser instance
• Collect session data, including the duration, browser cache, and opened URLs
• Save session data after the session is terminated

Web Content Mirroring

The main functionality provided by RBI systems is streaming remote browser data to a local endpoint. To achieve this, RBI solutions need to do the following:

• Process user events, including keystrokes, mouse clicks, scrolling, and more
• Match user events with the relevant web page elements
• Detect changes that occur in open tabs
• Send changes to the user, in the form of a sanitized web page or video.
• Support browsing features, including plug-ins and Software as a Service (SaaS) applications.

Cybersecurity Policies

Cybersecurity policies help you efficiently manage RBI. You can use a cybersecurity policy to whitelist trustworthy web applications, as well as content that can be rendered on devices. You can also use policies to specify user permissions, defining who can access certain types of content or URLs.

Threat Detection

The main purpose of RBI is to secure browsing and prevent threats. To do this, the RBI solution needs to come with threat detection capabilities, which enable the solution to monitor for threats and suspicious activity. Once the RBI system detects a threat, it needs to sanitize the content and then send the sanitized content to the user.

Load Balancing

RBI solutions rely heavily on content mirroring. This can negatively impact the bandwidth of users and the remote instance. To ensure positive user experience and optimal performance, RBI solutions need to balance the load. Here is how:

• Compress data sent to user devices
• Create additional instances when instances become overloaded
• Reduce the quality of media content like video and audio

Multi-Tenancy Support

Multi-tenancy helps RBI systems to maintain high availability for users across the world, generally improve bandwidth and load management, and improve scaling.

How Does Remote Browser Isolation (RBI) Work?

The user’s endpoint device interacts with a remote browser isolation service, which manages a number of containerized or virtualized browser instances. The RBI service also facilitates communication between this browser and the Internet. Finally, the RBI service delivers rendered web content back to the endpoint device.

There are two primary techniques used to stream content from cloud-based browsers to end-user devices:

• Pixel pushing—captures pixel images of content rendered in the remote browser, and transmits them to the client’s browser or a locally-deployed agent. This is similar to desktop sharing solutions. The inherent advantage of this approach is that it is very secure, since files or executable code never reaches the endpoint device.
• DOM reconstruction—attempts to clean web page code before sending it to the local endpoint, where it is rendered on the browser as usual. The remote browser removes potentially malicious code. This technique was introduced in response to the challenges of pixel pusing (detailed below), and provides a much faster user experience and high fidelity rendering of web pages.

Another element of RBI systems is a remote file viewer, that allows users to view files like Microsoft Office documents or PDFs, without having to download them. The remote browser may offer the option of downloading files to the user’s local device in a controlled manner, after scanning and verifying the files are safe.

Challenges of RBI Technology

Each of the two RBI techniques we detailed above has its unique challenges.

Challenges of pixel pushing

• High cost—encoding and transmitting video streams to multiple user endpoints is computationally intensive, and requires high bandwidth.
• High latency—because of the need to render browser pages on a remote browser, create a video stream and push it to the user, typically over a public network, this technique involves high latency and creates a poor user experience compared to local browsing.
• Mobile support—the need for high bandwidth makes it difficult to support this technique with common mobile devices.
• Low resolution—pixel pushing does not display well on high DPI displays, such as Apple Retina.

Challenges of DOM reconstruction

• Security issues—although DOM reconstruction aims to “clean” website code from malicious elements, it is not foolproof. There is a major risk that malicious code will not be identified or properly cleaned and will make its way to the user’s device.
• Limited fidelity—in the attempt to remove malicious elements, this technique often breaks web pages, especially if they are dynamically generated using JavaScript. Modern web users access a wide variety of complex web applications using their browsers, and many of these applications will not work or will present limited functionality.

Evaluating Remote Browser Solutions

Here are some important considerations when evaluating remote browsers for your organization:

• Need for local agent—check if the solution requires deployment of an agent or local proxy on user endpoints. This can make deployment and operations of the solution much more complex.
• Rendering engine—check how content is rendered and delivered by the remote browser service, and whether it uses the pixel pushing or DOM reconstruction technique.
• Support for plugins—check which browser plugins are supported, and whether the remote browser solution supports common extensions like PDF and Java.
• Support for web applications—check if the remote browser supports SaaS applications used by your users, such as Gmail and Office 365. In some cases, web applications may be blacklisted by the remote browser due to security concerns.
• Cut and paste—if your security policy allows users to cut and paste content to the local device, check if the remote browser solution supports this, and whether copy-paste is enabled only for text, or also for rich objects like images and documents.
• Operating system licensing—check which operating system is used for browser containers or VMs. If it is Windows, identify if licensing is included in the service price or if you need to provide licenses for each remote browser.
• Virtualization model—check if browsers run in full VMs or containers. VMs provide stronger isolation, but they require more resources to run and take longer to start. Containers offer faster startup and better server utilization.

Hysolate- More than Just a Remote Browser

Hysolate is more than just a remote browser. Hysolate isolates your entire OS environment, isolating any risk to your corporate data, not just risks from web browsing. Your users can access untrusted websites, applications, documents and peripherals like USBs and printers in an isolated “risky zone”.

Hysolate sits on your users’ endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications like Slack or Zoom, but it also comes with full admin management from the cloud. Admins can deploy Hysolate at scale across their company, including different policies for different teams. Workspace can also be wiped at the push of a button if it contains malicious activity, or if it is no longer needed, giving extra peace of mind to your IT and Security teams.

Hysolate Free isolates all risky activity on your endpoint. Try it for yourself.

Browser Isolation: An In-Depth Look

What is Browser Isolation?

Browser isolation is a security model that physically isolates Internet users’ browsing activity from their local computers, networks, and infrastructure. In this model, browser sessions are abstracted from the hardware the browser is running on, and the Internet connection being used, ensuring that harmful activities can only affect the isolated browser environment. This model is also known as a virtual browser.

Browser isolation works by providing users with a one-off, non-persistent browsing experience. This can be done in a number of ways, but usually includes virtualization, containerization, or cloud-based application virtualization. The isolated environment is reset or deleted when the user closes the browsing session or the session times out. In addition, malware and malicious traffic are also discarded, so they do not reach the endpoint device or network.

Types of Isolated Browsing

There are two main containment techniques for isolated browsing: local and remote isolation.

Local Isolation

This is the traditional isolation method. It includes running a sandbox or virtual machine on the user’s local computer to isolate its data from dangerous web browsing.

Remote Isolation

Remote browser isolation uses virtualization to create an isolated browser environment on a remote server. The user browses the Internet on the remote virtual environment. The remote server can be located in an organization’s network or hosted in the cloud.

In the remote isolated browser, there are two primary ways to isolate the user’s local device from web content. DOM mirroring is a technique that excludes certain types of web content that is considered dangerous, while displaying other types of web content in their original form—but the browser is not fully isolated.

Another technique is visual streaming, where the browser runs on the remote server and only its visual output is transmitted to the user’s device. This works similarly to virtual desktop infrastructure (VDI) systems. This provides complete isolation between the remote browser and endpoints.

What Threats Does Browser Isolation Defend Against?

Most modern web pages use JavaScript, and attackers can use JavaScript code to perform a variety of malicious activity on user devices. Because browsers execute JavaScript by default on a web page, these malicious scripts run as soon as a user visits the page. The scripts could be planted by malicious site owners, or by others, unbeknownst to the site owners, as in cross site scripting (XSS) attacks.

This can lead to attacks like drive-by downloads, in which the browser downloads files without the user’s consent, “malvertising”, in which malicious code is executed when the user views an ad, and clickjacking, which involves tricking users into clicking links they did not intend to click. XSS can also be used to hijack user sessions and steal credentials.

There are several other browser-based threat vectors, including forced redirects to malicious URLs, and exploiting unpatched browser vulnerabilities.

Almost all these threats can be prevented by using browser isolation, because malicious activity occurs in an isolated or remote environment, not directly on the user’s device. For example, if a malicious script forces a redirection or a drive-by download, this would not affect the user, as the URL or file are executed in an isolated environment.

Browser Isolation: Key Security Features

Here are a few of the key security features browser isolation products offer:

• Blocking malware—allows users to browse the web without being exposed to malicious downloads or malicious scripts on websites.
• Phishing protection—when users access email through an isolated browser, they are protected against malware hiding in email attachments or links. This can help prevent a majority of phishing attacks.
• Credential theft prevention—browser isolation can help prevent theft of private information. Administrators can prevent users from typing sensitive information like passwords or bank account details, except in known, safe locations.
• Document isolation—many document formats can contain malware. In an isolated browser, users view documents within the isolated environment, meaning that malicious scripts do not affect the local device. After scanning the file for malware, the user can be allowed to download it to their personal device.
• Blocking unsafe plugins and technologies—if users access websites rendered with legacy technologies like Adobe Flash, or install plugins that have security vulnerabilities, attacks will be shielded from the personal device.
• Reporting and forensics—with browser isolation, administrators can monitor and audit browsing activity, see when users access unsafe content, and when attacks occur within an isolated browser, determine the root cause.

Components of a Browser Isolation System

An isolated browser system is typically built of the following components.

Client

End users initiate web requests using a client interface, deployed on their local device. A client can be deployed on any desktop, laptop, smartphone or other computing device that has an Internet connection and local web browser.

In local browser isolation, the client coexists with an isolation solution that can run the browser separately from the local environment. In a remote browser solution, the client shows the visual output of the remote browser.

Web Security Service

Determines what traffic and types of content should be allowed for the user. Most browser isolation solutions have built-in web security services that can be configured according to your business needs. For example, you can choose to exclude traffic from certain websites, filter out specific types of content (such as Adobe Flash elements), block downloads in certain circumstances, and display warnings when suspicious behavior occurs.

Threat Isolation Engine

A decision engine that can run specific types of content in an isolated browser, depending on security rules from the web security service. It allows users to work in a regular, non-isolated browser, and switch activity to an isolated browser when needed.

Disposable Container

Containers are independent packages that can run software independently of the surrounding infrastructure. The container is disposable, launched to accommodate one user session, and securely deleted when the user ends their session, to ensure any malware or threats are removed from the local system.

Web Socket

A secure channel for data to flow between the client and the web security service. The web socket is connected to the client, receives instructions from the security service, and applies them to the browser environment in real time.

Hosting Environment

This is the infrastructure that runs the isolated browser. It can be:

• The local user’s device, running an isolation solution
• A server managed by your organization on-premises
• A server running in the cloud
• A fully managed third party service

The Public Web

The user uses the client to access addresses in the public Internet. However, unlike a regular browsing experience, communication is between public websites and the isolated browser, which may be hosted in a remote location. Some of the data may be blocked or filtered as defined in the web security service. The resulting content is displayed in the client.

The Content

Internet content retrieved by browser isolation systems can be legitimate or malicious. Some solutions display all content as is, as long as it meets basic security requirements. Other solutions add a layer of content filtering, allowing you to block inappropriate content and preventing it from being accessed by the client, even if it bears no direct security risk.

Browser Isolation with Hysolate

Hysolate is more than just a remote virtual browser. Hysolate isolates your entire Operating System, so your team can get their jobs done in a productive, secure way. Within Hysolate users can access not just untrusted websites, but also applications, documents and external peripherals like USBs and printers in a fully isolated “untrusted environment”, without introducing malicious threats to their corporate or sensitive data in the main OS.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency with heavier applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.

Request a demo or try out Hysolate Free to learn more about Hysolate’s full OS isolation solution.

Understanding Virtual Browsers: Concepts and Use Cases

What is a Virtual Browser?

A browser is an application that enables end users to interact with information over the Internet. A virtual browser is physically or logically isolated from the underlying operating system (OS) of a computer.

Virtual browsers can improve security by preventing malware infections from malicious websites and links, enable users to run browsers that are not compatible with their personal devices, enable large-scale browser compatibility testing, and support additional use cases.

Types of Virtual Browsers

There are two main ways to virtualize browsers:

• A standalone application—in this case, the browser application is placed within a virtual machine (VM), which contains a full version of the OS.
• A virtual appliance—in this case, the VM requires just enough operating system (JEOS) when running the browser software.

There are two main ways to deploy a virtual browser:

• Locally—in this case, end users can access the virtual browser when connecting to a corporate network.
• In the cloud—in this case, the virtual browser is kept in the cloud and end users can use an Internet connection to gain access.

There are two main modes to access a virtual browser:

Anonymous—also known as incognito or private mode. In this case, all cookies, settings, history, and bookmarks are erased after each session.

• Authenticated—user information, including settings, bookmarks, history, and cookies are all saved and accessed in each user account.

Remote desktop deployment tools and techniques enable administrators to remotely deliver browsers to end users. When end users connect to the virtual browser, they see only the browser while the other components of the virtual desktop are hidden.

During a remote session, only the client providing access to the remote resource is running on the local computer. Remote delivery of virtual desktops enables administrators to address browser compatibility issues while protecting the underlying OS against malware.

What are Virtual Browsers Used For?

Prevent Web-Based Malware Infections

A virtual browser can act like a protective barrier, placed between web-based threats and the computer connected to the corporate network. In this scenario, malware cannot reach the endpoint, because the session is virtual.

Avoid Browser Compatibility Issues

Many organizations still use legacy applications, which were designed to run on old, deprecated versions of browsers, like Internet Explorer. Typically, this requires organizations to download multiple versions of browsers on each machine. A virtual browser solves this problem, letting end users run remote sessions of browsers configured to be compatible with the application.

Browser Testing

Web developers often need to test their project on a wide range of browsers. Since each browser works differently, a web application needs to be tested on each browser to ensure compatibility and a positive user experience for the target audience. Instead of installing many versions and applications on their machines, web developers can use a remote session.

What is Remote Browser Isolation (RBI)?

Remote Browser Isolation (RBI) lets users interact with the browser in a remote environment, isolated from the local network. This process places the remote virtual browser in a lightweight Linux container, which allocates a separate resource for each individual browser tab.

Here is how the process works:

• A user starts a browser session by entering a URL or clicking on a link
• A container is allocated for the user session
• Inside the container, active web content gets rendered into sound and images
• Web content is transmitted in real time to the device of the user
• When users hide or close tabs, the relevant container is eliminated

This process ensures that there is no web code running on the user device and the network remains protected from threats in the source code.

Virtual Browser vs Remote Web Browser

Virtual browsers and remote web browsers may appear similar, but there are key differences that highly distinguish the two. Below is a summary of the main differences.

Virtualization vs containerization

Virtual browsers run on virtual machines, which come with a strict set of hardware and software requirements. For example, to ensure compatibility between the virtualized environment and the end user machines, you might need to upgrade your machines.

A remote web browser runs on a Linux-based containerized architecture. This architecture is typically more flexible and scalable than a VM-based architecture, and can provide high granular control over resource allocation and cost optimization.

Time to start

Virtual browsers typically take more time to start than remote browsers. A virtual browser often relies on heavy remote processes, and cannot start before the processes are initiated. A remote web browser is more lightweight and takes less time to start. It can also route browsing traffic quickly to ensure users can view internal and external sites from the same browser or tab.

Security

A remote web browser acts much like a sandboxed browsing environment, which is launched for each new browsing session and tab. Since sessions are dropped when the session is no longer active, this process prevents malware propagation and persistence.

Challenges with Virtual Browsers

• Virtual browsers only secure website traffic

While virtual browsers add an additional security layer, they only isolate websites and web content. An end user device can still be at risk from downloaded applications, untrusted documents sent as email attachments, or opened through a USB.

Virtual browsers can negatively affect the user experience

Because virtual browsers connect users via the cloud, they can cause latency and lag issues for users. This is particularly an issue with heavy communication applications or websites like Zoom and Microsoft Teams.

Virtual Browsers can cause new security issues

Virtual browsers are commonly adopted for security reasons, because they isolate malicious content from the user’s local device. However, they can also create new security concerns:

Traffic to and from a cloud-based browser is difficult to monitor and control

• Cloud-based browsers store information outside your organization, and depending on the region in which the cloud provider operates, this might have compliance implications.
• Line of business (LoB) applications may require connections to servers in your internal network. For these apps to work with a remote browser, you would need to open ports to external addresses, which exposes the network to attacks.

Hysolate: More than a Virtual Browser

Hysolate is more than just a virtual browser. Hysolate isolates your entire OS environment, so your team can get their jobs done. Within Hysolate users can access untrusted websites, applications, documents and external applications like USBs in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data.

Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.

Learn more about the Hysolate Workspace platform