Web sites

Web and Browser Isolation | Occupational safety

Organizations can no longer rely on traditional web security solutions, so what’s the answer? asks James Derbyshire, browser isolation expert for cloud platform company Garrison.

Since the start of the pandemic, the security risk posed by employees has increased exponentially as remote working has become commonplace. When working from home, employees can operate beyond a company’s traditional security parameters, making organizations more vulnerable to cyberattacks and creating new challenges for security teams. Hybrid working means that governments and commercial enterprises are even more reliant on the judgment of individual employees who are largely free to decide which sites to browse and which links and email attachments to trust.

This comes at a time when social engineering attacks, especially phishing scams and ransomware, are becoming more sophisticated and commonplace. According to Verizon’s latest data breach investigation report, such attacks accounted for more than a third (36%) of all data breaches in 2021.

Web attacks are also a growing threat. Google Safe Browsing lists over two million known dangerous websites. But since this only includes known threats, the real number is likely to be much higher. The result is that security teams are grappling with unprecedented levels of threat, especially targeted attacks against high-risk personnel, which could put entire organizations at risk.

The need to rethink traditional security solutions

Historically, organizations have relied on detection-based security tools such as firewalls and web filters to keep users safe, but these traditional methods are struggling to keep pace with growing attacks. complex and targeted. To add to the challenge, these methods are generally ineffective in defending against zero-day attacks, leaving organizations vulnerable to growing unknown threats.

Many companies are choosing to invest in user training to counter this growing problem. But even equipped with exhaustive training, a conscientious employee can still fall prey to a cleverly disguised social engineering attack. All it takes is one wrong move by an employee to breach your security perimeters and allow malicious code access to your critical network and sensitive data.

Ushering in a new era of security

Security-conscious organizations in both the public and private sectors are increasingly turning to browser isolation to defend against social engineering and web threats.

Browser isolation ensures that user devices never come into contact with web code, using a remote machine that accesses web pages for the user and then delivers a safe and clean version. For employees, there’s no discernible difference when they go online, but the security implications are a game-changer; By isolating an organization’s internal network from risky web pages, browser isolation completely removes the threat of attacks.

Protection without compromised access

Cyberattacks typically target users with access to the most sensitive data or systems. While traditional security techniques focus on restricting web access for these groups, browser isolation allows full web access while providing much higher levels of security.

Complete protection against phishing and ransomware attacks

Organizations continue to try to educate users not to click on risky links, but experience shows that this has limited long-term success. The reality is that users are not security experts and risky URLs and suspicious files are getting harder and harder to detect. Using a browser isolation solution takes the pressure off employees, leaving them free to follow links and open attachments securely in an isolated cloud environment, without putting data and systems at risk sensitive to the organization.

Unlimited internet access

Traditionally, security teams have sought to minimize risk by using URL filtering to restrict access to websites. However, the disproportionate number of sites worldwide (over 1.9 billion at the time of writing) as well as limited security information to guide decision-making means that it is difficult, if not impossible, to rank sites. web with confidence and pace. This often results in frustration for businesses if the restrictions are too onerous or increased organizational risk if the restrictions are too lax.

By confining the web browser to an isolated environment before serving web content back to the user, browser isolation provides users with secure access to the web, regardless of a page’s security status.

Partial or full browser isolation

When choosing a browser isolation solution, security professionals must choose between partial and full browser isolation. These solutions use different approaches to return the web page to the user and therefore provide different levels of security.

Partial browser isolation

Partial browser isolation tends to use transcoding, a process that breaks website code into smaller subsets of information, removes any malware, then rebuilds it and sends it back to the user’s device. user.

Unlike full browser isolation, partial browser isolation is a porous solution that still lets some of the original web code through. And since most transcoding providers don’t offer details about what code is passed and what is removed, it’s impossible to know exactly how secure a solution is.

An additional complication is that partial browser isolation solutions can offer poor compatibility with media content, restricting employees’ browsing experience and therefore potentially also their ability to perform their job duties.

The Zero Trust Solution

Conversely, Full Browser Isolation takes a Zero-Trust security approach, completely separating all web code from the user’s device, meaning your company’s core network is 100% protected. against malicious code. Full browser isolation handles all web browsing and then returns the information as a video stream, known as Pixel-Pushing, much like a virtual desktop solution but with a far superior user experience.

Employees never interact with the original web code, but only see a series of pixel images of the web page. This means that unlike partial browser isolation options, an organization benefits from robust, uncompromising security, while the user enjoys a seamless web browsing experience.

Software or hardware solution?

While software and hardware Pixel-Pushing offer high levels of protection for users, the software option can be CPU and bandwidth intensive, resulting in high operating costs. New hardware solutions alleviate much of these bandwidth requirements, dramatically reducing ongoing costs and improving the browsing experience.

Hardware-accelerated Pixel-Pushing has the added benefit of being able to be deployed in the cloud or on-premises. Cloud solutions running on purpose-built hardware can deliver the same benefits without the hardware deployment and maintenance costs, delivering a powerful blend of security, usability, and compatibility, along with reduced management costs and overhead.

Zero-Trust Security with Uncompromising Web Access

Today’s threat landscape means businesses and government departments can no longer rely on their employees or detection-based security solutions to comprehensively protect their critical data and systems from attack.

The browser isolation provided by Pixel-Pushing is a Zero-Trust approach that provides organizations with comprehensive web security, IT simplicity, and cost effectiveness, all without negatively impacting the user experience.