What Is Browser Isolation?

Browser isolation is process by which an internet users browser and browsing activity is physically isolated away from their local networks and infrastructure, isolating malware and browser based cyber-attacks in the process.

According to Gartner, more than 50% of enterprises will actively begin to isolate their internet browsing to reduce the impact of cyber attacks over the next three years (Gartner BIT Report 2016). Gartner are also recommending browser isolation technologies as one of the most effective ways that an enterprise can reduce web based attacks. With this in mind, lets take a closer look at exactly what browser isolation is and why its being embraced so quickly by enterprise.

Browser isolation was an invention borne out of necessity, in 2018 our current security tools (anti-virus, firewall, intrusion detection and prevention software and current security spend are failing to protect us from malware, ransomware and browser based cyber attacks. Browser based malware attacks are increasing in frequency, with Gartner estimating that 98% of external information security attacks are carried out over the public internet and that of those attacks 80% of them are targeted directly at end users through their browsers as they use the internet normally.

Over time and under the stress of sometimes daily attacks, many organizations realized that their browsers (along with all of the associated browsing activity and risk) do not actually need to be connected to their internal networks and infrastructure. In fact they realized that to let your users openly browse the internet from their work machines, ones connected to internal networks, was an incredibly bad idea from a cybersecurity perspective.

We know that most cyberattacks begin with the browser, we understand that the browser is the window through which cyber-criminals climb into your local machine and networks, but our browsers are so useful to our every day work and lives, that we keep leaving the window open. But there is a better way, you can physically isolate your browser by putting a WEBGAP between you and the malware, a WEBGAP is effectively an air-gap between you and the internet.

A quick and easy way to physically isolate your users browsers, is to give each of your users their own hosted virtual desktop, a fully functional desktop operating system, contained in a virtual machine hosted on a third party server and delivered to the user over the internet. I first deployed this model to Lawrence Livermore National Laboratory (LLNL.gov) in 2009, we hosted a virtual desktop platform for 5000 federal government users, over a four year period.

Our users would logon to their hosted virtual desktops and browse the internet through them rather than on their local machines. This proved to be an incredibly effective model which allowed LLNL to shut down the vast majority of cyber attacks that were directly targeting their end users. This project became known as Safeweb, was the worlds first browser isolation production deployment and it taught me a lot about browser isolation in general.

I consider this deployment to be the birth of large-scale browser isolation and after leveraging virtualization for this reason for close to a decade, I learned the hard way that virtualization as a tool of browser isolation was unfit for purpose.

Although the physical isolation model is highly effective, virtualization is a inefficient vehicle for handling browser compute loads at scale, requiring lots of expensive server hardware and SAN centralized infrastructures. Virtualization is a technology that was invented to consolidate physical server loads and later adapted to browser isolation. In our defense, it was the only isolation tool we had a the time that was capable of handling a users internet browsing activity.

Browser isolation has come a long way since those bad old days of giving each of your users an expensive virtual machine, but a lot of browser isolation vendors still cling to this old model, something that makes them expensive at scale over a large number of users. My team and I realized a long time ago that we had to bring the cost of browser isolation down, so that it would be a viable solution for the many rather than the few and so we moved away from virtualization.

Over the last two years my team and I have been busy building the WEBGAP engine, a browser isolation platform built using a containerized and grid distributed architecture, making it highly scalable and cost-effective. We understood that with millions of internet users globally, our browser isolation solution had to be able to cost-effectively scale to support millions of simultaneous internet users and this was what drove us to build and launch WEBGAP.

If you are looking for a browser isolation solution, there are a number of vendors out there that can supply you with the technology, but none of them have anything quite like WEBGAP and most of them are still stuck using the old virtualization based models that we here at WEBGAP abandoned years ago.

Our WEBGAP engine is the most highly scalable and cost effective browser isolation platform on the market, it leverages a containerized, grid distributed architecture which allows WEBGAP to offer the most competitively priced browser isolation solution on earth. Its proprietary technology, one that we developed in-house and designed to be fit for purpose.

If you are looking for a cost-effective way to physically isolate your users browsers and internet browsing activity, have a browse through our website and check out our remote browsing solution. We have been isolating browsers longer than most and we can always bring something to the table. Get in touch for a conversation with us!

EDITORIAL NOTE: What’s that? You like the things we write? Follow @WEB_GAP on Twitter for more!

Previous PostThe WEBGAP Engine
Next PostWhat Is Remote Browsing?