Google Chrome’s growing popularity for zero-day exploits shows how popular the web as an attack surface has become. Hackers are often choosing to go after zero-day exploits on Chrome first.Malware, ransomware and phishing/social engineering attacks grew significantly in 2021 and continue to grow this year. All three approaches to attacking an organization are getting past current antivirus, email security and malware applications. Ransomware will cost victims approximately $265 billion by 2031 , with a new attack occurring on average every two seconds. Cybersecurity Ventures finds that cybercriminals are progressively refining their malware payout demands and exportation techniques, contributing to a predicted 30% year-over-year growth in damage costs through 2031.
Phishing attacks continue to grow as cybercriminals look to exploit weak and sometimes nonexistent web access security at the browser level. For example, Proofpoint’s latest State of the Phish found that 15 million phishing messages with malware payloads were directly linked to later-stage ransomware. Hackers rely on Dridex, The Trick, Emotet, Qbot and Bazaloader malware variants most often. Additionally, 86% of organizations surveyed experienced a bulk phishing attack last year, and 77% faced business email compromise (BEC) attacks.
Proofpoint’s 2022 State of the Phish Report reflects why the web is the attack surface of choice. Hackers combine attack strategies across the web, attempting to scale them and gain access to valuable data, credentials, and systems.
Why CISOS are turning to remote browser isolation for zero trust
Reducing the size of the attack surface by isolating every user’s internet activity from enterprise networks and systems is the goal of remote browser isolation (RBI). CISOs tell VentureBeat that the most compelling aspect of RBI is how well it integrates into their zero trust strategies and is complementary to their security tech stacks. Zero trust looks to eliminate trusted relationships across an enterprise’s tech stack because any trust gap is a major liability. RBI takes a zero-trust approach to browsing by assuming no web content is safe.
When an internet user accesses a site, the RBI system opens the site in a virtual browser located in a remote, isolated container in the cloud, ensuring that only safe rendering data is sent to the browser on a user’s device. The isolated container is destroyed when an active browsing session ends, including all website content and any malware, ransomware and weaponized downloads from websites or emails. To prevent data loss, policies restrict what users can copy, paste, and save using browser functions, such as social media or cloud storage sites. No data from SaaS sites remains in browser caches, so there’s no risk of data loss via the browser if a device is stolen or lost.
CISOs tell VentureBeat that RBI is core to their zero trust strategies because they address the proliferating number of threats every browser session can potentially lead to. Ericom’s RBI workflow provides a useful reference architecture illustrating the state of the industry.
Considered a leader in providing a zero-trust-based approach to RBI, Ericom’s approach to RBI concentrates on maintaining native-quality performance and user experience while hardening security and extending web and cloud application support. For example, their RBI isolates websites opened from email links in the cloud, so malware can’t enter endpoints via browsers and halt phishing attempts. It also identifies and opens risky sites in read-only mode to prevent credential theft.
Additionally, Ericom has developed a unique RBI solution called Virtual Meeting Isolation that allows it to seamlessly isolate even virtual meetings like Zoom, Microsoft Team Meetings and Google Meet, to prevent malware and exfiltration of confidential data via the meeting. Ericom’s RBI can also secure endpoints from malware in encrypted sites, even IMs like WhatsApp. Every RBI vendor takes a slightly different approach to deliver secure browsing with varying user experience, performance, and security levels evident across each solution. Additional RBI vendors include Cloudflare, Menlo Security, McAfee, ZScaler, Symantec and others.
CISOs interviewed for this article also told VentureBeat via email that RBI works when securing endpoints by separating end-user internet browsing sessions from their endpoints and networks. In addition, RBI assumes all websites might contain malicious code and isolate all content away from endpoints so no malware, ransomware or malicious scripts or code can impact a company’s systems. One CISO says that his organization uses four core criteria to evaluate RBI. The first is the seamless user experience, a core requirement for any RBI solution to be deployed company-wide. The second is how consistently the system delivers the user experience. CISOs also look for how hardened the security and policy features are. The fourth factor is how deep the functionality and applications support is. These four criteria guide the selection process for RBI solution providers with CISOs today.
The future of RBI
Web access is necessary for every business to stay competitive and grow, making it the most popular attack surface with hackers and cybercriminals . As a result, CISOs want zero trust in the browser and session level with no degradation in user experience or performance. RBI’s rapid advances in secured containers, more hardened security, and a wider variety of functions deliver what CISOs need. The goal is to provide an air gap between a user’s browser sessions and enterprise systems. Leaders in providing RBI systems ensure their solutions can be complementary and scale with security tech stacks as they move toward zero trust.