By Paul Gillin
It sounds like a near-perfect cybersecurity solution: intercept incoming data before it reaches the user’s web browser; isolate it in a secure sandbox; and send only screen images (or pixels) to the browser. The ephemeral server is completely isolated from the organization’s computing resources and data, and its browsing sessions are destroyed when the user closes a tab.
This technique is called Remote Browser Isolation (RBI) and prevents malicious code or software from infiltrating end-user devices, making it theoretically impossible for bad actors to pull off an attack on the web. Since the browser is at the heart of most of what people do on their PC these days, it seems like the right solution at the right time.
But if RBI is so effective, why isn’t it used more widely? The answer: $$$
“It’s very expensive,” says Thayga Vasudevan, vice president of product management at Skyhigh Security.
RBI requires a significant amount of server resources because the server must simultaneously handle all browser sessions for all users. Since users often have 20 or more browser tabs open at once, with each tab potentially consuming over 500 megabytes of memory, the cost of providing the necessary CPU and memory resources adds up quickly.
This translates to RBI licenses typically costing $40 or more per user. For a company with 10,000 endpoints, that’s a big chunk of the cybersecurity budget. In fact, the fully loaded RBI cost can be as high as “almost any other security product…combined,” says Al-Abdulla.
There is also a user experience penalty. We’ve all used remote desktops of varying descriptions, and no matter how good the engine is, the end experience is never quite the same as native.
For all of these reasons, most companies limit the use of the RBI to only those most at risk employees, who typically represent less than 5% of the population.
A sensible solution
A more practical and cost-effective solution is to combine RBI with intelligent traffic analysis and a robust security stack that allows you to isolate only those data streams that cannot be certified safe with a high level of confidence. For most businesses, less than 1% of all web traffic is both potentially harmful (eg, contains active content or executable code) AND unrecognized against known safe behaviors.
In Edge of security services (SSE), the combined intelligence of an advanced system Secure Web Gateway and the robust application intelligence of a Cloud Access Security Broker (CASB) combine to allow security administrators to intelligently apply isolation to risky traffic, rather than being forced to triage a small number of users (and impacting safe browsing for those users).
“Users have a natural browsing experience in almost all cases,” says Vasudevan. “Potentially compromised sites may load in isolation, but you’re protected.”
This solution reduces IT overhead, significantly reduces the risk of web-born threats, and enables extremely granular session controls, such as limiting copy-and-paste or downloads. License fees are minimal. In fact, the Edge of Skyhigh Security Service The wallet offers selective isolation at no additional cost.
While there is no such thing as absolute protection, the combination of a unified cloud security platform and RBI certainly moves the needle on web and cloud security.
Click on here to learn more about how RBI combined with intelligent traffic analysis can mitigate web browsing risks.
Comments are closed.