It has been nearly two years since Gartner published the technology report that put RBI (Remote Browser Isolation) technology on the map. This report, entitled Innovation Insight for Remote Browser Isolation, introduced enterprise security and IT teams to the power of isolation-based web security. More importantly, it made the case for RBI’s important role in key web browsing and e-mail access use cases. The Gartner report also provided enterprises with the first detailed guide for evaluating isolation solutions from different vendors. The “Evaluation Factor” questions in the report have been invaluable to the thousands of organizations that have adopted isolation over the past few years.
In its analysis, Gartner highlighted the fact that almost all successful attacks on users and the enterprise networks to which they connect originate from the public internet and that many involve web-based attacks. It described how security teams could vastly reduce damage by using remote browser isolation to separate end-user internet browsing sessions from enterprise endpoints and networks.
The alarming reality that the report exposed was that existing tools and approaches, which rely on a combination of historical threat and reputational information about malicious websites, as well as sandboxing of downloaded content, were not keeping pace with the sophisticated attacks coming from the web. Frustration with the growing number of enterprise network compromises and security incidents resulting from web malware that quickly worked its way from endpoints to back-end network systems, necessitated a new, isolation-based approach.
With isolation, ransomware and advanced web threats are prevented from reaching user endpoints, since all active web content is executed in a remote, isolated container. An interactive media stream representing the website is sent to the endpoint browser, providing a safe, seamless user experience. Whether users browse to a malicious site on their own or by clicking a URL embedded in a phishing email or a malicious PDF document, they are safe since no web content is ever executed directly on their device. For additional phishing protection, websites launched from URLs in emails can be rendered in read-only mode to prevent users from entering credentials. Attached files can be sanitized before being transmitted to endpoints, ensuring that malware within downloads cannot infect users’ devices.
As all of us who browse the web daily as part of our jobs know, a “default deny” approach for employee Internet access is simply not feasible. Gartner also acknowledged this and recommended that security practitioners adopt remote browser isolation solutions for internet access as a means to strike the right balance between improving security on the one hand and delivering a more “people-centric” web access proposition for their organizations on the other.
Better security, happier employees, simpler web access policy rules, reduced operational burden – sounds good, right? Others saw it that way as well. Trials, evaluations, RFPs and interest in isolation began to grow exponentially in the Spring and Summer of 2018 and has continued to grow since then. Whether its adding protection for secure web browsing or finally solving the challenge of protecting against phishing URLs in emails, security teams are embracing isolation.
Gartner is seeing the change as well. In its most recent Magic Quadrant for Secure Web Gateways report, they noted growing demand for remote browser isolation technology. Many customers are implementing remote browser isolation technology to complement secure web gateways (SWGs) by isolating uncategorized or risky websites. The report also mentions that some highly security-conscious organizations are replacing their SWGs with remote browser isolation capabilities.
In my view, Gartner’s Innovation Insight for Remote Browser Isolation was a huge catalyst for establishing the RBI market. By bringing the technology to the attention of CIOs and CSOs around the globe, it played a crucial role in improving the security of hundreds — if not thousands — of organizations. The change is already immense, but I am excited to see which new areas the technology will impact in coming years. We in the industry are looking forward to the first ever Magic Quadrant for Remote Browser Isolation – maybe by 2022? Or perhaps even sooner!