Browser isolation

Source: Wikipedia, the free encyclopedia.

Browser isolation is a cybersecurity model which aims to physically isolate an internet user's browsing activity (and the associated cyber risks) away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal, effective isolation of the web browser and a user's browsing activity as a method of

weasel words] to their users without managing the associated server infrastructure. There are also client side approaches to browser isolation,[2] based on client-side hypervisors, which do not depend on servers in order to isolate their users browsing activity and the associated risks, instead the activity is virtually isolated on the local host machine. Client-side solutions break the security through physical isolation[3]
model, but they do allow the user to avoid the server overhead costs associated with remote browser isolation solutions.

Mechanism

Browser isolation typically leverages

virtualization or containerization technology to isolate the users web browsing activity away from the endpoint device - significantly reducing the attack surface for rogue links and files. Browser isolation is a way to isolate web browsing hosts and other high-risk behaviors away from mission-critical data and infrastructure. Browser isolation is a process to physically isolate a user's browsing activity away from local networks and infrastructure, isolating malware and browser based cyber-attacks in the process while still granting full access.[4]

Market

In 2017, the American research group Gartner identified remote browser (browser isolation) as one of the top technologies for security.[5] The same Gartner report also forecast that more than 50% of enterprises would actively begin to isolate their internet browsing to reduce the impact of cyber attacks over the coming three years.

According to Market Research Media, the remote browser isolation (RBI) market is forecast to reach $10 Billion by 2024, growing at CAGR 30% in the period 2019–2024.[6]

Comparison to other techniques

Unlike traditional web security approaches such as

container or virtual machine
.

Web-based files can be rendered remotely so that end users can access them within the browser, without downloading them. Alternatively, files can be sanitized within the virtual environment, using file cleansing technologies such as Content Disarm & Reconstruction (CDR), allowing for secure file downloads to the user device.[14]

Effectiveness

Typically browser isolation solutions provide their users with 'disposable' (non-persistent) browser environments, once the browsing session is closed or times out, the entire browser environment is reset to a known good state or simply discarded.

zero-day threats, effectively complementing other security measures and contributing to a defense-in-depth, layered approach[16]
to web security.

History

Browser isolation began as an evolution of the 'security through physical isolation' cybersecurity model and is also known as the air-gap model by security professionals, who have been physically isolating critical networks, users and infrastructures for cybersecurity purposes for decades. Although techniques to breach 'air-gapped' IT systems exist, they typically require physical access or close proximity to the air-gapped system in order to be effective. The use of an air-gap makes infiltration into systems from the public internet extremely difficult, if not impossible without physical access to the system . The first commercial browser isolation platforms[17] were leveraged by the National Nuclear Security Administration at Lawrence Livermore National Laboratory, Los Alamos National Laboratory and Sandia National Laboratories in 2009, when browser isolation platforms based on virtualization were used to deliver non-persistent virtual desktops to thousands of federal government users.

In June 2018, the Defense Information Systems Agency (DISA) announced a request for information for a "cloud-based internet isolation" solution as part of its endpoint security portfolio.[18] As the RFI puts it, "the service would redirect the act of internet browsing from the end user’s desktop into a remote server, external to the Department of Defense Information Network." At the time, the RFI was the largest known project for browser isolation, seeking "a cloud based service leveraging concurrent (simultaneous) use licenses at ~60% of the total user base (3.1 Million users)."[19]

See also

References

  1. ^ Miller, Daniel. "Cyber Threats Give Rise to New Approach to Web Security". Retrieved 23 January 2018.
  2. ^ "Remote Browser Isolation Market". Secjuice Infosec Writers Guild. 28 June 2018. Retrieved 21 May 2019.
  3. ^ "Security Isolation - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 21 May 2019.
  4. ^ "How Does Browser Isolation Work?". Expert Insights. 19 September 2019. Retrieved 22 October 2020.
  5. ^ "Gartner Identifies the Top Technologies for Security in 2017". Retrieved 28 January 2018.
  6. ^ "Browser as a Service Market Forecast 2019-2024". MarketAnalysis.com. 12 September 2018. Retrieved 17 May 2019.
  7. ^ "secure Web gateway - Gartner IT Glossary". www.gartner.com. Retrieved 17 May 2019.
  8. ^ "Secure Web Gateways Reviews". Gartner. Retrieved 17 May 2019.[dead link]
  9. ^ Pratt, Mary K. (16 January 2018). "What is Zero Trust? A model for more effective security". CSO Online. Retrieved 21 May 2019.
  10. ^ "Validating the Known: A Different Approach to Cybersecurity". www.idc.com. Archived from the original on 23 January 2018. Retrieved 3 April 2018.
  11. ^ Goodin, Dan (30 November 2016). "Firefox 0-day in the wild is being used to attack Tor users". Ars Technica. Retrieved 17 May 2019.
  12. ^ "Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly". The Hacker News — Cyber Security and Hacking News Website. Retrieved 17 May 2019.
  13. ^ "Disclosing vulnerabilities to protect users across platforms". Google Online Security Blog. Retrieved 17 May 2019.
  14. PMID 31632229
    .
  15. ^ "National Security Agency - Steps To Secure Browsing" (PDF). National Security Agency.
  16. ^ "What is Browser Isolation? - Definition from Techopedia". Techopedia.com. 22 August 2018. Retrieved 22 May 2019.
  17. Marketwire. 10 October 2010. Archived from the original
    on 2 March 2018. Retrieved 2 March 2018.
  18. ^ "DOD wants to use 'internet isolation' to secure Pentagon networks". 5 June 2018.
  19. ^ "SAM.gov | Home". sam.gov. Retrieved 3 June 2023.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Browser_isolation&oldid=1215245940"