Virtual Browser vs Remote Sandboxed Browser: Best Safe Browsing Solution
Of course, the average business user is probably not inclined to visit sites that they do not consider safe. However, even if you only browse legal sites, you can never be completely sure that they are safe.
Hackers can manipulate almost any site by inserting code that infects your browser in seconds, as soon as you load the site or click somewhere. Before you know it, your device, along with your entire corporate network, will be compromised.
The bottom line is that if you don’t have some form of safe browsing enabled, every time one of your employees uses the internet, they put your business at enormous potential risk. Malware can be installed overnight – including fileless or previously unknown zero-day threats that can elude most anti-malware solutions.
Secure browsing
There are several approaches to protecting yourself and your company from web malware. The traditional approach relies on solutions such as antivirus software and firewalls to detect and block threats. In addition, there are many steps you can take to protect common browsers, such as installing plugins to disable scripts and adjusting privacy settings. However, the conventional approach is not enough: too often, something unexpected can slip through these guarantees. Getting online with confidence requires a completely different and more proactive method.
We will compare and contrast the two leading approaches to Safe Browsing, namely browser virtualization and remote browser isolation.
What is a virtual browser?
In browser virtualization, the web browser runs in a virtual environment that is separate from the local operating system, thereby providing a buffer between the browse operation and the endpoint. As a result, any malware encountered during a browsing session will only infect the virtual environment in which the browser is actually running.
Virtual browsers can take many forms. At a basic level, a virtual browser can run client-side, in a sandbox, or in a browser-specific virtual machine that is physically located on the endpoint. Alternatively, the viewer can reside on a remote computer, such as a designated server in the organization’s DMZ or even in the cloud. This type of virtual browser usually involves setting up a dedicated RDS (Remote Desktop Services) or VDI (Virtual Desktop Infrastructure) environment (usually Windows based) for web browsing. Implementing such an environment involves a complex RDS / VDI infrastructure and may also require the purchase of Microsoft RDS CALs.
Remote browser isolation
Remote Browser Isolation (RBI) starts with the same basic virtual browser concept but takes it one step further. As its name implies, Remote Browser Isolation performs the user’s browsing behavior in a remote location isolated from the local network, unlike the RDS / VDI scenario described above. But that’s where the similarities end. Rather than using the full RDS or virtual desktop implementation, with RBI, the remote virtual browser is launched in a dedicated lightweight Linux container, with a separate resource allocated for each browser tab. When a user first starts a browsing session, whether it be clicking on a link or entering a URL in the browser, one of the containers from the pool is allocated for that session. All active web content is rendered into images and sound inside the container and transmitted in real time to the user’s device for fully transparent and interactive web browsing. Since no web code runs on the user’s device, your network and endpoints are protected from any malware or other threats that might be hiding in the source code. When a user closes or hides a tab, the corresponding container is thrown away along with malware that could otherwise compromise the security of the organization.
Virtual Browser VS Remote standalone browser.
While both solutions provide much-needed protection against browser threats, RBI offers many benefits in terms of overhead, user experience, and most importantly, security.
Furthermore. Many remote virtual browsers run on RDS / VDI technologies, which means that hardware requirements and server / client configuration are not trivial, and may also require the purchase of Microsoft CALs (Client Access Licenses). Likewise, the hardware compatibility requirements of some client-side virtualization solutions may require a PC upgrade and may not support other operating systems other than Windows. In contrast, RBI solutions using a Linux-based container architecture require significantly less server infrastructure than virtualization-based solutions, providing significant cost savings in the long term (and making them exponentially more scalable).
User experience. Virtual browsers take time to start – it can take a few seconds to initiate an RDP session. The containerized remote browsers used for RBI solutions start instantly. Moreover, due to the resource-intensive requirements of a typical virtual browser solution, many virtual browsers use separate browsers or separate tabs to view internal sites versus external sites. In remote browsers, you can use the same browser or the same tab, and browsing traffic will be routed flawlessly according to your organization’s proxy definitions.
Safety: The lightweight browsing containers used in the RBI implementation allow a new sandboxed browsing environment to be launched for each tab and browsing session, and dropped when the tab or session is no longer in use, thereby eliminating malware propagation (such as XSS) and persistence. Ericom Shield, in particular, offers an extra layer of security by providing built-in sanitization of any downloaded files to protect against hidden malware that might be embedded inside.
Whether you choose a browser virtualization approach or remote browser isolation, we strongly recommend that you upgrade to a truly secure web browsing technology. Traditional solutions such as firewalls, antivirus software, and secure web gateways are no longer suitable for protecting against a variety of threats posed by a single incorrect mouse click.
Article translated by the company Softprom – an official distributor Ericom…
And on our platform you can learn more about ERICOM Shield Remote Browser Isolation and its main competitors.
