Why remote browser isolation is core to zero-trust security
Providing internet access to users while protecting against web attacks is the most persistent security challenge organizations face. Unfortunately, the web has become cybercriminals’ attack surface of choice. It takes minutes for cybercriminals to create fraudulent landing pages and websites to drive phishing, malware, credential theft and ransomware attacks. In addition, cybercriminals are always sharpening their social engineering skills, making phishing and spoofing attempts difficult to spot.
Web is the attack surface of choice
Google’s Security Team saw a large jump in Chrome browser exploits this year and say the trend continues in 2022. A Google Security blog provides a detailed look at how security teams track exploits and identify zero-day attacks.
The increase is driven by Chrome’s global popularity and Google’s improved visibility into exploitation techniques. In addition, they’re seeing more zero-day exploits in the wild and have set up Project Zero, an internal team, to track zero-day exploits attempted. Zero-day vulnerabilities are those not known to the public or Google at detection. Google’s Project Zero Team recently released their findings of zero-day bugs by technology.
Phishing attacks continue to grow as cybercriminals look to exploit weak and sometimes nonexistent web access security at the browser level. For example, Proofpoint’s latest State of the Phish found that 15 million phishing messages with malware payloads were directly linked to later-stage ransomware. Hackers rely on Dridex, The Trick, Emotet, Qbot and Bazaloader malware variants most often. Additionally, 86% of organizations surveyed experienced a bulk phishing attack last year, and 77% faced business email compromise (BEC) attacks.
Why CISOS are turning to remote browser isolation for zero trust
Reducing the size of the attack surface by isolating every user’s internet activity from enterprise networks and systems is the goal of remote browser isolation (RBI). CISOs tell VentureBeat that the most compelling aspect of RBI is how well it integrates into their zero trust strategies and is complementary to their security tech stacks. Zero trust looks to eliminate trusted relationships across an enterprise’s tech stack because any trust gap is a major liability. RBI takes a zero-trust approach to browsing by assuming no web content is safe.
When an internet user accesses a site, the RBI system opens the site in a virtual browser located in a remote, isolated container in the cloud, ensuring that only safe rendering data is sent to the browser on a user’s device. The isolated container is destroyed when an active browsing session ends, including all website content and any malware, ransomware and weaponized downloads from websites or emails. To prevent data loss, policies restrict what users can copy, paste, and save using browser functions, such as social media or cloud storage sites. No data from SaaS sites remains in browser caches, so there’s no risk of data loss via the browser if a device is stolen or lost.
Considered a leader in providing a zero-trust-based approach to RBI, Ericom’s approach to RBI concentrates on maintaining native-quality performance and user experience while hardening security and extending web and cloud application support. For example, their RBI isolates websites opened from email links in the cloud, so malware can’t enter endpoints via browsers and halt phishing attempts. It also identifies and opens risky sites in read-only mode to prevent credential theft.
Additionally, Ericom has developed a unique RBI solution called Virtual Meeting Isolation that allows it to seamlessly isolate even virtual meetings like Zoom, Microsoft Team Meetings and Google Meet, to prevent malware and exfiltration of confidential data via the meeting. Ericom’s RBI can also secure endpoints from malware in encrypted sites, even IMs like WhatsApp. Every RBI vendor takes a slightly different approach to deliver secure browsing with varying user experience, performance, and security levels evident across each solution. Additional RBI vendors include Cloudflare, Menlo Security, McAfee, ZScaler, Symantec and others.
CISOs interviewed for this article also told VentureBeat via email that RBI works when securing endpoints by separating end-user internet browsing sessions from their endpoints and networks. In addition, RBI assumes all websites might contain malicious code and isolate all content away from endpoints so no malware, ransomware or malicious scripts or code can impact a company’s systems. One CISO says that his organization uses four core criteria to evaluate RBI. The first is the seamless user experience, a core requirement for any RBI solution to be deployed company-wide. The second is how consistently the system delivers the user experience. CISOs also look for how hardened the security and policy features are. The fourth factor is how deep the functionality and applications support is. These four criteria guide the selection process for RBI solution providers with CISOs today.
The future of RBI
Web access is necessary for every business to stay competitive and grow, making it the most popular attack surface with hackers and cybercriminals. As a result, CISOs want zero trust in the browser and session level with no degradation in user experience or performance. RBI’s rapid advances in secured containers, more hardened security, and a wider variety of functions deliver what CISOs need. The goal is to provide an air gap between a user’s browser sessions and enterprise systems. Leaders in providing RBI systems ensure their solutions can be complementary and scale with security tech stacks as they move toward zero trust.
