2021 was a banner year for remote browser isolation (RBI), with a record number of organizations adopting the solution to support key security use cases within the Gartner SASE framework. SASE, introduced in Gartner’s 2019 “The Future of Network Security is in the Cloud” report, is an acronym with which everybody in the networking space became familiar last year. SASE, in a nutshell, offers a pragmatic framework for securing the modern distributed enterprise, whose apps, data, and users are spread across many locations as result of digital transformation initiatives.
In its recent Hype Cycle research for Networks and Endpoint Security, Gartner stated: “We see RBI being a critical capability in the future delivery of a secure access service edge (SASE), supporting integration with SWG, CASB and ZTNA services. RBI also is used in the reverse direction when unmanaged devices are accessing sensitive data and applications. By controlling the browser used to access the application and data, this gives information security a critical control point when dealing with unmanaged and potentially compromised devices.”
RBI-Powered Secure Web Gateways– Preventing Ransomware and Phishing
A secure web gateway (SWG) powered by RBI provides organizations with a powerful layered defense for web security. The SWG sends suspicious or risky web traffic to RBI, which executes the website in a remote cloud container. This approach ensures that phishing attacks, ransomware, zero-day malware, and other advanced web threats never reach endpoints. Whether users browse to a malicious site directly or by clicking a URL embedded in a phishing email, they are completely safe since no web content is ever executed directly on their devices. An interactive media stream representing the website is sent to their device’s browser, providing a safe, fully interactive, seamless user experience. Attached files are sanitized before being transmitted to endpoints, ensuring that malware within downloads cannot compromise users’ devices.
An additional benefit of RBI technology is that its controls enable restriction of data sharing activities associated with web and cloud use. For example, policy-based controls may be applied to restrict web browser capabilities such as printing, downloading and copy/pasting content to or from websites. Sites that might be phishing sites, such as those that are newly created or linked to from emails, can be opened in “read-only” mode to prevent users from entering data such as login credentials. RBI offers many additional protections — check out our white paper to learn more about the data security benefits of remote browser isolation.
To help organizations like yours better understand RBI and which key capabilities are most important to consider when evaluating solutions, we developed this “Key Questions to Ask RBI Solution Providers” document.
CASB plus RBI – Enforcing Policy on Unmanaged Devices
When combined with RBI, Cloud Access Security Brokers (CASB) deliver a powerful solution for securing SaaS applications and data from risks associated with unmanaged device access. CASBs have historically attempted to secure unmanaged devices using a technology known as a “Reverse Proxy”.
Those who have worked with reverse proxies are aware of their well-earned reputation as being brittle. For example, SaaS providers occasionally have to update their URLs for technical reasons, and when that happens the re-written reverse proxy link that allows for control of unmanaged devises can be broken. In addition, reverse proxies can support only a few dozen cloud applications – nowhere near the thousands of cloud apps that sell into enterprises.
RBI provides a better approach to enforce CASB policies on unmanaged devices. It requires no URL rewriting, has no limits on cloud app support: It simply delivers just a great user experience, with IT teams no longer having to worry about unmanaged device security for their sanctioned cloud applications.
The same data-sharing restrictions enabled by remote browser isolation that I mentioned earlier are available for these SaaS application use cases as well. Data sharing functions associated with the browsers on unmanaged devices can be controlled via RBI.
RBI-enhanced ZTNA – Protecting Private Apps by Reducing Their Attack Surface
Many organizations are adopting Zero Trust Network Access (ZTNA) to connect their users to private corporate cloud and web apps. When combined with RBI, ZTNA delivers a powerful security solution that protects these apps and the data they store, from hackers and potentially compromised unmanaged devices (for instance, think about a 3rd party consultant who does not have a corporate-provided device but needs to access your HR or accounting apps). As in the case of SaaS application access, RBI-enabled data-sharing restrictions are available in this private application access use case to prevent loss of sensitive data.
RBI Innovations – Virtual Meetings and Instant Messaging – Drive Further Adoption
In 2021, we moved RBI into some exciting new areas, which led to additional adoption of the technology. In April, Ericom introduced our patent-pending Virtual Meeting Isolation solution. Regulated organizations in sectors like defense, government, financial services, and healthcare have significant security issues with virtual meeting solutions such as Zoom, Microsoft Teams, and Google Meet. In response to these concerns, Ericom pioneered innovative web rendering approaches to create a first-of-its-kind solution.
Virtual Meeting Isolation leverages the powerful security benefits of RBI technology to support must-have online meeting features like camera and microphone use as well as sharing of local endpoint screens, all while ensuring that no virtual meeting solution code runs on users’ local web browsers and that IP addresses remain private. Moreover, users can securely access Virtual Meeting Isolation from their devices via the Ericom RBI Cloud Service. Complementary security capabilities that virtual meeting solutions offer natively, such as multi-factor authentication and end-to-end encryption, are fully compatible with Ericom Virtual Meeting Isolation.
Ericom also aimed RBI at a set of challenges associated with use of Instant Messenger solutions, like the WhatsApp Web client, on enterprise endpoints. Organizations can now use Ericom RBI to protect their endpoints and networks from malware, ransomware and exploits hidden within chats opened on IM web clients, securing browser-based IM access that users view as essential. The solution renders instant messages in isolated containers in the cloud, allowing only safe rendering data representing the message to be sent to the web client on users’ regular browsers. Users chat just as they are accustomed to – only now without the risk. And to protect organizations from weaponized files or images sent via IM web clients, when a user clicks on an attachment, Ericom’s solution downloads it in the isolated container, where it’s examined for malware and, if necessary, disarmed before being delivered to the user.
What’s in Store for RBI in 2022?
Judging by how busy we’ve been during the very first weeks of the new year, 2022 is already shaping up to be another record year for RBI adoption. This is not surprising since RBI has taken its place as a foundational capability – one that every organization that upgrades to SASE needs in order to truly enforce Zero Trust security for web and internet access. Another sure sign of the market’s increasing appreciation of RBI is the recognition that RBI solutions are not all created equal. Organizations seeking a solution that offers flexibility and high-performance are extremely pleased to discover Ericom’s advanced feature set and excellent end-user experience. It is great to see our hard work paying off.
In its “Strategic Roadmap for SASE Convergence”, Gartner recommends adopting integrated SASE offerings from a single vendor or two explicitly partnered vendors. This “two explicitly partnered vendors” approach is where Ericom’s RBI comes in. Under this type of model, we work closely with leading SASE players like Palo Alto Networks, adding RBI to cover key use cases in their SASE platforms. You can read more about our partnership with Palo Alto Networks here or watch our 5-minute video to learn more about how Ericom RBI extends the SASE platforms of our technology partners.
Finally, some exciting new RBI innovations are under development in our labs. I’m looking forward to sharing those capabilities and use cases with you later in the year. Check back with us soon!