Affordable Browser Isolation

Written by Guise Bule, Editor at Secjuice

Affordable Remote Browser Isolation

According to Gartner, browser isolation is the hottest and most effective new way of protecting your users from malware and web based cyber attacks, but how can you deliver a remote browser solution in a cost effective way without seriously denting your budget?

The more technically aware amongst you will have known for a long time that your anti-virus and firewall do not really protect you from modern cyber threats in a meaningful way, they have failed to protect the majority of internet users from malware, adware, or even ransomware attacks, where criminals encrypt your data and refuse to decrypt it unless you pay them a large, bitcoin ransom payment.

Larger businesses, the federal government and those with more money to spend on cybersecurity are increasingly leveraging a new cybersecurity model called browser isolation, or remote browsing if you look at it from a user perspective. Remote browser isolation is a highly effective solution to the problem of browser based cyber attacks, because the browser is where most web based attacks begin and our beloved browsers are almost always the original source of infiltration into our local machines and networks.

The big problems in browser isolation are cost and scale. A browser isolation technology has to solve these problems and be able to accommodate millions of simultaneous users in a cost-effective way in order to meet the market requirements.

Using remote browser isolation to physically isolate your users browsers and risky browsing activity away from your local machine and networks is by far the most sensible and effective way to protect yourself from browser based attacks, you simply isolate yourself from the internet when you engage with it, making sure that the internet (and all of the associated cyber risks) can not touch you back in the process.

Browser isolation may be the sexiest new way of protecting your users from web based attacks, but how do you isolate your users browser and more importantly deliver a remote browser solution in a cost effective way? It can be as easy as running open source VirtualBox on your desktop and using a VM to browse the internet, a solution used by many that is an effective way of containing malware, even if its clumsy at scale.

There are different ways to accomplish browser isolation and a number of companies approaching the problem from different angles, all of them trying to achieve more or less the same goal. Some remote browser isolation solutions stream a remote browser to you over the internet, others let you connect to a remote browser hosted on a local appliance and there are others which force you to install client side hypervisors onto your local machine. All of these solutions are usually costly to deploy at any sort of scale.

Our team was the first to develop a commercial browser isolation model in collaboration with the National Nuclear Security Administration at Lawrence Livermore National Laboratory back in 2010, when the best technology we had to isolate remote browsers was desktop virtualization technology. Back then virtualization was the most effective way to isolate the internet facing activity of an internet user and it was an absolute godsend at a time when cyberattacks were rapidly becoming the norm. Instead of browsing the internet from a browser on local machines, we simply gave users a remote browser on a virtual desktop and it was a wonderfully effective way of protecting large amounts of users, if horrifically expensive at scale.

This browser isolation model has since evolved and spread, today thousands of federal government employees call this remote browsing model 'Safeweb' and use remote browsers to connect to the open internet. We realized early on that in order for the model to become adopted by the mainstream browser isolation platforms had to protect lots of users cost effectively, but the problem with using virtualization for remote browser isolation is that its an inefficient vehicle for handling the browser compute load.

Using virtualization to isolate browser compute loads requires you to pay for a lot more server infrastructure than you really need to in order to handle this risk load, it gets incredibly expensive at scale, especially if you have embraced some kind of appliance, or SAN centralized model. The way around this is not a client side hypervisor, because this breaks the underlying security through physical isolation model.

If you really want to protect a huge amount of internet users by providing them with remote browsers in a cost effective way, then containerization based infrastructures which leverage distributed infrastructures are the way forward and this is something we at WEBGAP do incredibly well. I am quite proud of the fact that nobody else does what we do, in quite the way we do it, but I do lament the fact that few fail to grasp the nuance around our architecture and model until they try to deploy browser isolation solutions at scale.

When it comes to isolating thousands of individual remote browsing compute workloads simultaneously, containerization is an infinitely more efficient way of dealing with these workloads than virtualization, but its only recently that we have adopted containerization and most of our space is still stuck on virtualization.

Malware, ransomware and other kinds of browser based cyber attack are a huge problem for everyone, not just large businesses and the government, but also very small businesses too. The browser isolation model is still too expensive for the many, something my co-founders and I set out to change with WEBGAP. Browser isolation is quite clearly the future of endpoint security, but this future will only happen if it becomes cost effective enough to protect the many rather than just the few, the reason we built WEBGAP.

We will soon be releasing our browser isolation technology as a standalone piece of software for you to download and install on your own servers. In the meantime if you are looking for a cost-effective remote browser service check out our remote browser platform. We have been delivering remote browsers longer than most and we built the worlds first browser isolation platform for the US federal government.

Get in touch for a conversation with us about browser isolation, we love questions!

Like the things we write? Follow @WEBGAP on Twitter for more!