Browser isolation

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Browser isolation is a cybersecurity model that physically isolates an internet user's browsing activity away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal, effective isolation of the web browser and a user's browsing activity as a method of securing web browsers from browser-based security exploits, as well as web-borne threats such as ransomware and other malware.[1]

When a browser isolation technology is delivered to its customers or users as a cloud hosted service, this is known as remote browsing or remote browser isolation (RBI), a model which enables organizations to deploy a browser isolation solution to their users without managing the associated server infrastructure.


Browser isolation typically leverages virtualization or containerization technology to isolate the users web browsing activity away from the endpoint device - significantly reducing the attack surface for rogue links and files. Browser isolation is a way to isolate web browsing hosts and other high-risk behaviors from mission-critical data and infrastructure. Browser isolation is the process by which you physically isolate your users browsing activity away from your local networks and infrastructure, isolating malware and browser based cyber-attacks in the process.[2]

In 2017, the American research group Gartner identified remote browser (browser isolation) as one of the top technologies for security.[3] The same Gartner report also forecast that more than 50% of enterprises would actively begin to isolate their internet browsing to reduce the impact of cyber attacks over the coming three years.

Comparison to other techniques[edit]

Unlike traditional web security approaches such as antivirus software and secure web gateways, browser isolation does not rely on filtering content based on known threat patterns or signatures.[4] Rather, this approach treats all websites and other web content that has not been explicitly whitelisted as untrusted, and isolates them from the local device in a virtual environment such as a container.

Web-based files can be rendered remotely so that end users can access them within the browser, without downloading them. Alternatively, files can be sanitized within the virtual environment, using file cleansing technologies such as Content Disarm & Reconstruction (CDR), allowing for secure file downloads to the user device.


Typically browser isolation solutions provide their users with 'disposable' (non-persistent) browser environments, once the browsing session is closed or times out, the entire browser environment is reset to a known good state or simply discarded. Any malicious code encountered during that session is thus prevented from reaching the endpoint or persisting within the network, regardless of whether any threat is detected. In this way, browser isolation proactively combats both known, unknown and zero-day threats, effectively complementing other security measures and contributing to a defense-in-depth, layered approach to web security.


Browser isolation began as an evolution of the 'security through physical isolation' cybersecurity model and is also known as the air-gap model by security professionals, who have been physically isolating critical networks, users and infrastructures for cybersecurity purposes for decades. Although techniques to breach 'air-gapped' IT systems exist, they typically require physical access or close proximity to the air-gapped system in order to be effective. The use of an air-gap makes infiltration into systems from the public internet extremely difficult, if not impossible without physical access to the system . The first commercial browser isolation platforms[5] were leveraged by the National Nuclear Security Administration at Lawrence Livermore National Laboratory, Los Alamos National Laboratory and Sandia National Laboratories in 2009, when browser isolation platforms based on virtualization were used to deliver non-persistent virtual desktops to thousands of federal government users.

These early projects represented the birth of the modern browser isolation space and became known as Safeweb,[6] to this day thousands of federal government employees refer to the browser isolation platforms that they use to connect to the internet as 'Safeweb'. The name Safeweb was originally[7] coined by Robin Goldstone, project leader at Lawrence Livermore National Laboratory and Guise Bule to describe the platform they still use in 2018 to isolate their users browsing activity.

Known Vendors[edit]

On,[8] the Browser Isolation Vendors directory lists Bromium and WEBGAP (WEBGAP Remote Browser Isolation[9]). An IDC report, Validating the Known: A Different Approach to Cybersecurity[10] identifies several key RBI vendors: Ericom Software, Inc. (Ericom Shield), Fireglass (recently acquired by Symantec Corporation), Authentic8 International (Silo), Cyberinc (Isla), Light Point Security, LLC (Light Point Web Full Isolation Platform), Menlo Security, Inc.[11] (Menlo Security Isolation Platform) and Randed[12] (Isolation Cloud Technology - IC Tech)"


  1. ^ Miller, Daniel. "Cyber Threats Give Rise to New Approach to Web Security". Retrieved 2018-01-23.
  2. ^ Bule, Guise. "What Is Browser Isolation?". The Browser Isolation Blog. Retrieved 2018-03-02.
  3. ^ "Gartner Identifies the Top Technologies for Security in 2017". Retrieved 2018-01-28.
  4. ^ "Validating the Known: A Different Approach to Cybersecurity". Retrieved 2018-04-03.
  5. ^ "Lawrence Livermore National Laboratory deploy disposable virtual desktops for browser isolation". Retrieved 2018-03-02.
  6. ^ "Safeweb, a cybersecurity model developed in collaboration with the NNSA". Benzinga. Retrieved 2018-03-02.
  7. ^ "Safeweb Browser Isolation Cybersecurity". secjuice™. 2017-11-15. Retrieved 2018-03-02.
  8. ^ "Follow Browser Isolation Cybersecurity Vendors on". Retrieved 2018-02-26.
  9. ^ "WEBGAP Remote Browser Isolation Platform". Retrieved 2018-03-02.
  10. ^ "Validating the Known: A Different Approach to Cybersecurity". Retrieved 2018-01-23.
  11. ^ " - For 100% Secure Browsing, Don't Detect. Isolate".
  12. ^ " - Complete Isolation of your company´s digital environment".