Remote Browser Isolation / Web Isolation
- Benefits of RBI
2. Protection Against Web-Based Attacks(Phishing): Phising Email executes script on machine to get data. Now script will not execute on client machine.
3. Support for BYOD and Remote Work: access the web without risking the security of corporate networks or sensitive data stored on personal devices.
- How it works?
@startuml
!pragma teoz true
actor user as u
participant browser as b
box cloud #khaki
participant container as c
participant pixel_renderer as pr
end box
note over b #GreenYellow
page1 has
malicios code
end note
u -> b: Open page1
b -> c: send page1
note over c #GreenYellow
page1 opened
malicios code
c: not present
Do nothing
end note
pr -> u:Page rendered as pixel
u -> b:click url
b -> c:click url
note over c #GreenYellow
click url
end note
pr -> u: url1
@enduml
RBI Rendering Modes
| Used By | What | |
|---|---|---|
| Pixel Rendering | High Risk users(Administrators, Executives) | - Container does not send (pictures, fonts, style sheets, Javascript files) back to browser |
| DOM(Document Object Model) based Rendering |
Medium Risk Websites | - Container does not send Javascript files back to browser. - fonts, style sheets are sent to browser |
| Streaming Media | Lower risk | - RBI will only render risky web page elements, allowing other to be rendered in user's browser. |
RBI Types
| Type | Meaning |
|---|---|
| Targetted RBI |
- Coupled with SWG. - Creates containers on the fly, when uncategorized or risky website is surfed by user |
| Full RBI | For Executives. All websites are opened in RBI |
| Email RBI | Email is opened in RBI. All embedded URLs are done Read-Only |
| Document RBI |
User opens page on browser, that page is opened in cloud container. Any downloadable document is rendered as static pdf |
| Application Access Control RBI | Applications are opened in cloud and presented as pixel rendered. |