Jump to content

Browser isolation

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 61.220.176.205 (talk) at 06:07, 21 May 2019 (→‎History: Update founder info, and product release date). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Browser isolation is a cybersecurity model that physically isolates an internet user's browsing activity away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal, effective isolation of the web browser and a user's browsing activity as a method of securing web browsers from browser-based security exploits, as well as web-borne threats such as ransomware and other malware.[1]

When a browser isolation technology is delivered to its customers or users as a cloud hosted service, this is known as remote browsing, Browser as a Service (BaaS)[2][3], or remote browser isolation (RBI), a model which enables organizations to deploy a browser isolation solution to their users without managing the associated server infrastructure.

The benefits of browser isolation are not limited to security, the remote browsing technology is also used in browser testing[4][5]. Another major benefit of remote browsing is the browser performance boost. With the powerful servers in the cloud, the performance is no longer limited by user local devices but by the remote cloud servers.[6][7][8][9]

Mechanism

Browser isolation typically leverages virtualization or containerization technology to isolate the users web browsing activity away from the endpoint device - significantly reducing the attack surface for rogue links and files. Browser isolation is a way to isolate web browsing hosts and other high-risk behaviors from mission-critical data and infrastructure. Browser isolation is the process by which you physically isolate your users browsing activity away from your local networks and infrastructure, isolating malware and browser based cyber-attacks in the process.[10]

Market

In 2017, the American research group Gartner identified remote browser (browser isolation) as one of the top technologies for security.[11][12] The same Gartner report also forecast that more than 50% of enterprises would actively begin to isolate their internet browsing to reduce the impact of cyber attacks over the coming three years.

Similar research conducted by Transparency Market Research shows that remote browser market is projected to reach US$5079.8 by the end of 2025; expanding at an exceptional CAGR of 19.6%.[13]

By Market Research Media, the Browser as a Service (BaaS) market is forecast to reach $10 Billion by 2024, growing at CAGR 30% in the period 2019-2024.[14]

Comparison to other techniques

Unlike traditional web security approaches such as antivirus software and secure web gateways[15][16], browser isolation does not rely on filtering content based on known threat patterns or signatures.[17] Traditional approaches can't handle 0-day attacks[18][19][20] since the threat patterns are unknown. Rather, browser isolation approach treats all websites and other web content that has not been explicitly whitelisted as untrusted, and isolates them from the local device in a virtual environment such as a container.

Web-based files can be rendered remotely so that end users can access them within the browser, without downloading them. Alternatively, files can be sanitized within the virtual environment, using file cleansing technologies such as Content Disarm & Reconstruction (CDR), allowing for secure file downloads to the user device.[citation needed]

Effectiveness

Typically browser isolation solutions provide their users with 'disposable' (non-persistent) browser environments, once the browsing session is closed or times out, the entire browser environment is reset to a known good state or simply discarded. Any malicious code encountered during that session is thus prevented from reaching the endpoint or persisting within the network, regardless of whether any threat is detected. In this way, browser isolation proactively combats both known, unknown and zero-day threats, effectively complementing other security measures and contributing to a defense-in-depth, layered approach to web security.

History

Browser isolation began as an evolution of the 'security through physical isolation' cybersecurity model and is also known as the air-gap model by security professionals, who have been physically isolating critical networks, users and infrastructures for cybersecurity purposes for decades. Although techniques to breach 'air-gapped' IT systems exist, they typically require physical access or close proximity to the air-gapped system in order to be effective. The use of an air-gap makes infiltration into systems from the public internet extremely difficult, if not impossible without physical access to the system . The first commercial browser isolation platforms[21] were leveraged by the National Nuclear Security Administration at Lawrence Livermore National Laboratory, Los Alamos National Laboratory and Sandia National Laboratories in 2009, when browser isolation platforms based on virtualization were used to deliver non-persistent virtual desktops to thousands of federal government users.

These early projects represented the birth of the modern browser isolation space and became known as Safeweb,[22] to this day thousands of federal government employees refer to the browser isolation platforms that they use to connect to the internet as 'Safeweb'. The name Safeweb was originally[23] coined by Robin Goldstone, project leader at Lawrence Livermore National Laboratory and Guise Bule to describe the platform they still use in 2018 to isolate their users browsing activity.

In June 2018, the Defense Information Systems Agency (DISA) announced a request for information for a "cloud-based internet isolation" solution as part of its endpoint security portfolio. As the RFI puts it, “the service would redirect the act of internet browsing from the end user’s desktop into a remote server, external to the Department of Defense Information Network.” At the time, the RFI was the largest known project for browser isolation, seeking "a cloud based service leveraging concurrent (simultaneous) use licenses at ~60% of the total user base (3.1 Million users)."

Remote browsing has a long history on consumer market, especially on mobile devices. CloudMosa (founded by Shioupyn Shen) released its paid version Puffin Web Browser Pro on Apple App Store in November 2010, and on Google Play in December 2010. Later, CloudMosa released the free version Puffin Web Browser on Google Play in December 2011, and on App Store in January 2012. The Puffin Web Browser was the first (so far the only one) known free remote browser in consumer market. The Puffin rendering engine in the cloud makes the page loading, content rendering, and Javascript execution extremely fast.[24][25][26][27][28][29] Besides Apple iOS and Google Android, Puffin browser is also available on Windows[30], macOS[31], and Linux[32]. Till November 2018, Puffin browser has reached 100 million users worldwide.[33][34]

Cost

A commonly neglected topic when discussing browser isolation is the remote browser server “cost” behind the scenes. Ilan Paretsky (CMO @ Ericom) and Guise Bule (CEO @ WebGap) talked about the issue[35][36] which is essential to the widely adaption of browser isolation technology, especially for web isolation products of browser as a service (BaaS) model[37][38][39].

The know-how of building remote browsing servers in the cloud, and managing the cloud service efficiently at large scale, has a direct impact to the overall cost. CloudMosa, the vendor of 100-million-user[33][33] Puffin browser, disclosed its BaaS data center[40][41] architecture at Cloud & Edge Summit 2018. CloudMosa deployed 10 thousands servers in data centers to serve its worldwide users. To reduce the server cost, their choice of server deployment began with virtual machine, transition to bare metal later, and then finally settled down with container.[42]

Known vendors

On Index.co,[43] the Browser Isolation Vendors directory lists Apozy, Authentic8, Bromium, Ericom, Menlo Security, Randed, Symantec, and WEBGAP. An IDC report, Validating the Known: A Different Approach to Cybersecurity[44] identifies several key RBI vendors: Ericom Software, Inc. (Ericom Shield), Fireglass (recently acquired by Symantec Corporation), Authentic8 (Silo), Cyberinc (Isla), Light Point Security, LLC (Light Point Web Full Isolation Platform), Menlo Security, Inc.[45] (Menlo Security Isolation Platform) and Randed[46] (Randed Isolation Technology - RITech).

Besides those vendors listed on above directories, there are many vendors delivering web isolation in the form of mobile apps, software packages, or services: CloudMosa (Puffin[47]), Mentistech (WIT[48]), Crusoe, Appsverse (Photon[49]), Skyfire (Acquired by Opera[50]), Cigloo, and Citrix (Secure Browser[51]).

Compared with other vendors mostly focus on single platform, client device, or few hardware architectures, CloudMosa Inc. has relatively very comprehensive product lines on many diverse platforms based on their browser isolation technologies (Puffin Browser on Android[52] and iOS[53], Puffin Secure Browser on Windows[30] and on macOS[54], Puffin Internet Terminal[32] on Linux, Puffin TV Browser[55] on smart TV, Puffin OS[56] on main stream smart phones. It's also known to work smoothly on resource-limited hardware like Raspberry Pi[32], set-top box[57], TV stick[58], etc).

Telecom giants are also known to provide BaaS (Borwser as a Service). The largest mobile network operator in Singapore, Singtel, announces Managed Web Isolation Service.[59][60] The largest Thailand's largest GSM mobile phone operator, Advanced Info Service, ships remote browser in their MoD set-top boxes.[57][61] Internet Initiative Japan Inc. (IIJ), one of Japan's leading internet access and comprehensive network solutions providers Secure Browsing Service.[62]

See also

References

  1. ^ Miller, Daniel. "Cyber Threats Give Rise to New Approach to Web Security". Retrieved 2018-01-23.
  2. ^ Gruschka, Nils; Lo Iacono, Luigi (2011). "Browser as a Service (BaaS): Security and Performance Enhancements for the Rich Web". {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ Reber, David (2017-12-08). "Web browsers: Securing your most vulnerable entry point". Speaking of the Cloud…. Retrieved 2019-05-17.
  4. ^ "Cross Browser Testing Tool: 2050+ Real Browsers & Devices". crossbrowsertesting.com. Retrieved 2019-05-17.
  5. ^ "Most Reliable Mobile App & Browser Testing Platform". BrowserStack. Retrieved 2019-05-17.
  6. ^ Inc, CloudMosa (2017-10-16). "Puffin Browser is Faster than Other Browsers — Here's Why". Medium. Retrieved 2019-05-17. {{cite web}}: |last= has generic name (help)
  7. ^ Chi (tigercosmos), Liu An (2018-09-08). "How the Puffin Browser Works". Medium. Retrieved 2019-05-17.
  8. ^ Raspberry Pi Taiwan台灣樹莓派 (2018-12-03), Puffin Internet Terminal和Chromium在Raspberry Pi上的展示與比較, retrieved 2019-05-17
  9. ^ www.instructables.com https://www.instructables.com/id/Supercharge-Your-Web-Browsing-on-a-Raspberry-Pi/. Retrieved 2019-05-17. {{cite web}}: Missing or empty |title= (help)
  10. ^ Bule, Guise. "What Is Browser Isolation?". The Browser Isolation Blog. Retrieved 2018-03-02. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  11. ^ "Canvas". Retrieved 10 May 2019.
  12. ^ "Gartner Identifies the Top Technologies for Security in 2017". Retrieved 2018-01-28.
  13. ^ "Remote Browser Market to reach US$5079.8 mn by 2025 | TMR". www.transparencymarketresearch.com. Retrieved 2019-05-17.
  14. ^ "Browser as a Service Market Forecast 2019-2024". MarketAnalysis.com. 2018-09-12. Retrieved 2019-05-17.
  15. ^ "secure Web gateway - Gartner IT Glossary". www.gartner.com. Retrieved 2019-05-17.
  16. ^ Inc, Gartner. "Secure Web Gateways Reviews". Gartner. Retrieved 2019-05-17. {{cite web}}: |last= has generic name (help)
  17. ^ "Validating the Known: A Different Approach to Cybersecurity". www.idc.com. Retrieved 2018-04-03.
  18. ^ Goodin, Dan (2016-11-30). "Firefox 0-day in the wild is being used to attack Tor users". Ars Technica. Retrieved 2019-05-17.
  19. ^ "Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly". The Hacker News — Cyber Security and Hacking News Website. Retrieved 2019-05-17.
  20. ^ "Disclosing vulnerabilities to protect users across platforms". Google Online Security Blog. Retrieved 2019-05-17.
  21. ^ "Lawrence Livermore National Laboratory deploy disposable virtual desktops for browser isolation". Retrieved 2018-03-02. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  22. ^ "Safeweb, a cybersecurity model developed in collaboration with the NNSA". Benzinga. Retrieved 2018-03-02.
  23. ^ "Safeweb Browser Isolation Cybersecurity". secjuice™. 2017-11-15. Retrieved 2018-03-02.
  24. ^ "Need for speed - What's the fastest Android browser?". Android Authority. 2018-05-01. Retrieved 2019-05-17.
  25. ^ "Download Puffin browser to speed up slow, old Windows PCs". Windows Report - Windows 10 and Microsoft News, How-to Tips. 2019-05-01. Retrieved 2019-05-17.
  26. ^ Play4Tech (2018-06-15), Chrome Vs Firefox Vs Edge Vs Puffin Speed Test, retrieved 2019-05-17{{citation}}: CS1 maint: numeric names: authors list (link)
  27. ^ "r/firefox - Tell me this is a joke, new Puffin Browser Beta 2x faster than FF 57". reddit. Retrieved 2019-05-17.
  28. ^ "When It Comes to Mobile Browser Speed, This Puffin Can Soar | Reviews | TechNewsWorld". www.technewsworld.com. Retrieved 2019-05-17.
  29. ^ Inc, CloudMosa (2019-05-16). "Puffin Secure Browser vs WebGap: 5 times the speed at 1/5 the cost". Medium. Retrieved 2019-05-17. {{cite web}}: |last= has generic name (help)
  30. ^ a b "Puffin Secure Browser - The cloud is the most powerful safeguard". www.puffin.com. Retrieved 2019-05-17.
  31. ^ "Puffin Secure Browser - The cloud is the most powerful safeguard". www.puffin.com. Retrieved 2019-05-17.
  32. ^ a b c "Puffin Internet Terminal - Turning a tiny Raspberry Pi into a high-end PC". www.puffin.com. Retrieved 2019-05-17.
  33. ^ a b c "Puffin Browser Reaches 100 Million Users Worldwide". www.businesswire.com. 2018-11-07. Retrieved 2019-05-17.
  34. ^ Inc, CloudMosa (2018-11-07). "Another Milestone Achieved: CloudMosa Reaches 100 Million Users Worldwide". Medium. Retrieved 2019-05-17. {{cite web}}: |last= has generic name (help)
  35. ^ "How to Find a Cost-Effective Browser Isolation Solution". www.cso.com.au. Retrieved 2019-05-17.
  36. ^ "Why Has Remote Browser Isolation Not Been More Widely Adopted?". Secjuice Infosec Writers Guild. 2018-07-22. Retrieved 2019-05-17.
  37. ^ "WEBGAP GO (monthly package)". webgap.io. Retrieved 2019-05-17. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  38. ^ "Puffin Secure Browser product plans". www.puffin.com. Retrieved 2019-05-17. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  39. ^ "Randed - Tecnología disruptiva de aislamiento web". Randed (in European Spanish). Retrieved 2019-05-17.
  40. ^ "快速創建大規模雲端機房,單兵維運萬台伺服器,超高效資料中心揭密". iThome Cloud Summit 2018 (in Chinese (Taiwan)). Retrieved 2019-05-17. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  41. ^ "快速創建大規模雲端機房 單兵維運萬台伺服器 超高效資料中心揭密" (PDF). {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  42. ^ "臺灣團隊打造世界級瀏覽器,維運萬臺伺服器靠Docker". iThome (in Traditional Chinese). Retrieved 2019-05-17.
  43. ^ "Follow Browser Isolation Cybersecurity Vendors on Index.co". Index.co. Retrieved 2018-02-26.
  44. ^ "Validating the Known: A Different Approach to Cybersecurity". www.idc.com. Retrieved 2018-01-23.
  45. ^ "www.menlosecurity.com - For 100% Secure Browsing, Don't Detect. Isolate".
  46. ^ "www.randed.com - Complete Isolation of your company´s digital environment".
  47. ^ "Puffin Browser - The magic is in the cloud". www.puffin.com. Retrieved 2019-05-17.
  48. ^ "Web Isolation Technology – WIT". Mentis Technologies, LLC. 2017-02-22. Retrieved 2019-05-17.
  49. ^ "Photon Flash Player & Browser - Apps on Google Play". play.google.com. Retrieved 2019-05-17.
  50. ^ Russell, Jon (2013-02-15). "Opera Buys Skyfire for up to $155M". The Next Web. Retrieved 2019-05-17.
  51. ^ "Citrix Secure Browser – Virtual Browser". Citrix.com. Retrieved 2019-05-17.
  52. ^ "Puffin Browser on Android - Spend less, enjoy more". www.puffin.com. Retrieved 2019-05-17.
  53. ^ "Puffin Browser on iOS - It's wicked fast!". www.puffin.com. Retrieved 2019-05-17.
  54. ^ "Puffin Secure Browser - The cloud is the most powerful safeguard". www.puffin.com. Retrieved 2019-05-17.
  55. ^ "Puffin TV Browser - Born for Excellence". www.puffin.com. Retrieved 2019-05-17.
  56. ^ "Puffin OS - Puffin OS for Smartphones". www.puffin.com. Retrieved 2019-05-17.
  57. ^ a b Inc, CloudMosa (2019-05-16). "Puffin TV Browser is ranked the best browser for Android TV". Medium. Retrieved 2019-05-17. {{cite web}}: |last= has generic name (help)
  58. ^ Nak 'D Ninja (2019-02-28), Puffin tv browser installed on Firestick, retrieved 2019-05-17
  59. ^ "Cloud Protect – Managed Web Isolation Service | Singtel Cloud". cloud.singtel.com. Retrieved 2019-05-17.
  60. ^ "Protect Your Endpoints and End Users Against Web-Borne Attacks" (PDF). {{cite web}}: Cite has empty unknown parameter: |dead-url= (help); line feed character in |title= at position 31 (help)
  61. ^ "ที่สุดของความบันเทิงระดับโลก ต่อตรงถึงบ้านคุณ พร้อมทีวีสดกว่า 100 ช่อง". www.ais.co.th. Retrieved 2019-05-17.
  62. ^ "IIJ Secure Browsing Service/Type C | Business | IIJ". Internet Initiative Japan Inc.-IIJ. Retrieved 2019-05-17.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Browser_isolation&oldid=898071404"