Protecting users from web-based attacks with browser isolation
Cybercriminals generate, launder, spend, and reinvest more than $1.5 trillion a year, and the damage they cause is predicted to reach $6 trillion annually by 2021.
Cybercrime has transitioned from an underworld of hoodie-wearing hackers to a booming economy that provides easy access to illicit tools, services, and expertise. No one is beyond its reach.
Battered by data breaches, organizations of all sizes and sectors are looking for new ways to reduce their attack surface. But with the deck seemingly stacked in the attackers’ favor, how can we protect ourselves?
Because you cannot prevent — or even detect — every attack, improving your organization’s ability to contain them is critical. One technology that can help is browser isolation.
Browsers are a top target
Employees and partners access a wide variety of internal and external websites throughout the day, so it’s not surprising that hackers routinely target browsers in their efforts to infiltrate corporate networks and steal sensitive data.
Browsers download a rich array of content, executing some of it locally to render pages. That execution puts organizations at risk. The use of out-of-date browsers and plug-ins compounds the threat. When these vulnerabilities are exploited, the endpoint can be compromised, resulting in the installation of ransomware or other malware, and attacks on adjacent systems.
Reducing the attack surface with browser isolation
Browser isolation protects against browser-based attacks by isolating browser activity from endpoints and networks. The code of a web page is executed in a secure virtual container that sits between the user’s device and the internet. A passive visual representation of the web content is sent to the user, while malware stays in the container. It’s a little like visiting an animal enclosure at the zoo; you can see everything, but nothing can escape and attack you.
Separating an attack from the network diminishes the attacker’s ability to move laterally and exfiltrate data. It even eliminates the need to detect malware; if the user opens a malicious attachment, the malware never reaches their machine.
Browser isolation has advantages over more familiar isolation techniques, such as running a virtual machine on a centralized server (virtual desktop infrastructure, or VDI) or on user devices (endpoint isolation). First, while these approaches help contain threats, the resource requirements involved with continuously running virtual machines (VMs) can make them slow to work with, impacting productivity and user experience.
The second advantage of browser isolation is ease of deployment. Because there is no endpoint agent, it can be scaled quickly and easily.
Gaining traction in the industry
While browser isolation has been around for a few years, it has only recently begun to gain traction. Gartner estimates that by 2022, 25% of enterprises will adopt browser isolation techniques for some high-risk users and use cases, up from less than 1% in 2017.
Not surprisingly, security companies such as Zscaler, which recently announced the addition of browser isolation through its acquisition of Appsulate, are investing in the technology. According to Manoj Apte, Chief Strategy Officer for Zscaler, “Browser isolation enables us to ensure the bad stays out, and the good stays in. Enterprises can prevent suspicious sites from sending malware to a user’s device. They can also enable employees to access critical data from personal devices, without the risk of accidental data exfiltration.”
There are numerous browser isolation providers, each different in their approach. With so many solutions out there, where should an organization start?
Before choosing, it’s important to consider key uses cases such as specific end users, untrusted external URLs, and high-risk browsers as well as features like support for operating systems and cloud applications, secure web gateway capabilities, behavior analytics, scalability, cost, and more.
Many organizations leverage a vendor-independent technology partner to help them test and evaluate potential solutions. Professional security assessments can pave the way to a successful deployment by evaluating the overall state of your organization’s endpoint security, and objectively detailing current policies, controls, and processes.
Don’t give malware a home
As cybercriminals continue to up their game, organizations need to find ways to limit the damage they can cause. According to Gartner, organizations that implement browser isolation will experience a 70% reduction in attacks that compromise end-user systems.
Your users are not going to stop clicking. Separating browsing from their devices allows them to browse freely without exposing corporate networks. It’s not a silver bullet, but when used together with secure web gateways, data loss prevention (DLP), and other security controls as part of a comprehensive cybersecurity program, it can help you reduce your overall attack surface and protect against web-based threats.
Anne Grahn contributed to this post.
- Boost critical infrastructure with a cybersecurity convergence model
The Cybersecurity and Infrastructure Security Agency’s convergence model can bolster critical infrastructure.Read More >