Internet browsers represent one of today’s largest attack surfaces. The overhauls in how and where employees work from has already stretched perimeter security past snapping point, and the biggest victim is the browser. 2022 saw rapid increases in the number of malicious browser extensions, with 4.3 million unique browsers targeted between January 2020 and June 2022. These serve as keyloggers, adware servers, and malicious affiliate link providers, enabling attackers to establish footholds in otherwise protected environments.
The browser attack surface is facilitated by each browser’s direct proximity with the end-user’s authenticated device. When a user requests a malicious page – or accidentally triggers a malicious web page component – any code embedded in that page is run by the user’s browser. There is almost no barrier between the device’s browser and further pieces of the broader operating system, lending attackers incredible swathes of control after just one device is infiltrated.
Remote browser isolation (RBI) places physical distance between the end device and the browser. This air-gap approach means that a third-party cloud service handles any malicious code that may be packaged with a web page, ultimately protecting the end-user’s device – and the enterprise’s broader network – from infection.
Despite the protection promised by remote browser isolation, real-world benefits have been decidedly lackluster. The challenges of remote browser isolation often come as a shock to end-users, and technical limitations have occasionally forced organizations to make the choice between user experience or browser protection. LayerX understands that browser security can be more than laggy webpages and broken sites.
Button: [Learn about the LayerX browser protection platform]
The Two Types of Remote Browser Isolation
While RBI describes the air gapped form of browsing, pixel pushing and DOM manipulation offer two distinct methods to separate the user’s device from external webpages. Both approaches can have uniquely severe impacts on the wider enterprise network, making it vital to understand the ins and outs of each.
Pixel Pushing
‘Pixel pushing’ was the first commercially successful form of remote browser isolation. Loading the untrusted webpage within a virtual machine or isolated container, a fully remote browser executes all page content. A representation of each page and interaction is streamed back to the user’s device in vector graphic format, facilitating online interaction as near-close to typical browsing as possible. This solution handles phishing sites with a client-side warning, flagging potential sites and issuing them in read-only format. In this way, malicious code is kept far away from a user’s device, regardless of whether the user accidentally initiated a download or not.
DOM Manipulation
DOM manipulation starts out much the same way: the cloud server first loads the web page. However, instead of simply streaming a video representation to the user, this technique takes a more active role in browser security. DOM, or Document Object Model, refers to the objects making up each webpage section. In DOM manipulation, a cloud-based browser loads and evaluates every element within a webpage; the goal is to eliminate recognizable exploits, malicious pop ups, and active code such as JavaScript. The remote browser then forwards this code to the end-user’s browser, which uses it to reconstruct a ‘clean’ version of each site.
In 2018, Gartner Insights published their first report detailing the potential of Remote Browser Isolation. Titled It’s Time to Isolate Your Users from the Internet Cesspool, industries jumped at the chance of complete phishing, zero-day and malware protection. Since then, however, RBI has found itself severely limited in implementation thanks to a number of core challenges. From sky-high latency, to spiraling budgets, below is the breakdown of some of both approaches’ unique limitations.
The Challenges of DOM Manipulation
DOM manipulation represents a slightly newer approach to RBI, which attempts to solve the problems of pixel-pushing. However, the reconstructive process introduces some issues of its own.
Security issues
While DOM manipulation can wipe a payloaded website clean, there is the prevailing threat of hidden attacks. The misidentification of website code as non-malicious is possible through advanced attacks that hide their payload under alternative forms. Thanks to the architecture of DOM reconstruction, code that hides under the guise of non-malicious site content – particularly prevalent in phishing attacks- can still be passed over to the end-user’s local device. The linking of the device with the public internet, even despite a hard perimeter-style reconstruction process, continues to pose a threat to zero-trust.
Limited fidelity
Alongside zero-trust concerns, DOM rendering’s attempts to combat the severe user experience impacts of pixel-pushing haven’t been as successful as promised. In the process of actively removing malicious elements, the rewriting of entire web pages often completely breaks dynamic pages. Any site with uncommon architecture will also be mangled by the rebuilding process. Given that client-side JavaScript makes up an increasing number of modern websites, employee productivity is negatively affected thanks to the browser’s more limited functionality. Furthermore, DOM rendering has been reported to struggle supporting enterprise-wide productivity apps such as Office 365 and Google’s G Suite. The ensuing pileup of IT tickets can force an organization to swiftly backtrack on any developing steps toward widespread browser security.
The Challenges of Pixel-Pushing
Though this keeps a complete air-gap between the device and any external web servers, it comes at significant cost to user experience and, as such, protection.
Mobile support
The high bandwidth requirements of pixel pushing makes it near-impossible to implement for many of today’s mobile devices. With smartphones becoming the dominant way that employees interact with the web, the lack of protection has not gone unnoticed by malicious actors. For instance, throughout 2022, researchers detected increasing levels of mobile malware and browser extensions for both IoS and Android. Malware-laden apps were of particular concern, with repeated offenders boasting over 10 million downloads; these statistics hammer home the importance of browsing protection for every device.
Low resolution
The high demands of streaming video in near-real time leads to pixel-pushing naturally gravitating toward lower-density video quality. While this may not be immediately obvious on lower-end hardware, high DPI displays amplify the slightly sub-par resolution. End-users often complain about font quality, which can appear out of focus and fuzzy.
Security Issues
While pixel pushing may appear to represent a far more bulletproof approach to security, its severe ramifications on user experience can actually see a ‘safe browser’ damage an enterprise’s overall security stance. To sidestep the end-user issue, some enterprises only require the solution in departments that focus on highly sensitive information; or only apply the technique to webpages assumed to be particularly risky. Regardless of the approach, the air-gap foundation of pixel-pushing is immediately punctured when only applied sporadically.
General Challenges of Remote Browser Isolation
Alongside specific quirks of both pixel pushing and DOM reconstruction, there are some foundational challenges that RBI has yet to overcome.
High latency
Throughout the browsing process, each user’s browsing traffic is first diverted to the solution’s cloud-based system of choice. Whether this is hosted on the public cloud, or a geographically-limited enterprise network, the physical distance plays a heavier role in loading times. This extra distance demanded from these data packets may seem arbitrary, but the problem is compounded when placed into the greater context of a security-conscious enterprise. Secure web gateways and other proxies are rarely hosted in the same data centers as the RBI solution, leading to inefficient and frustrating browsing.
High bandwidth consumption
Browser isolation’s constant video streaming is intensely bandwidth-hungry. For those that struggle to scale their network resources accordingly, the security solution can quickly overburden a network. From lag to occasional outages, an unreliable connection is one of the driving forces behind incomplete RBI protection.
High costs
From a computational perspective, both forms of RBI are highly intensive. The continuous encoding of streams of video, and the in-depth page code reconstruction occurring with every new tab, requires some high-end hardware. The costs are passed to customers, resulting in patchy protection at high financial cost.
Protect from Browsing Risks with LayerX
Recognizing the widespread difficulties faced by RBI, LayerX addresses each with a commitment to truly user-friendly browser protection.
Our lightweight enterprise browser extension lies at the core of our bandwidth-light platform. By placing sensors at a network’s very edge, every single browsing event and web page feature can be assessed in real-time. At the heart of end-user protection lies our Plexus engine. The analysis provided by this machine learning tool is built from a dual-engine approach. Events gathered by the extension are constantly fed into this program, with each event being analyzed in respect to your enterprise-wide enforcement policies.
Alongside your organization’s own risk tolerance, threat analysis is bulked up by data from the LayerX Threat Intel database. With the context of both highly granular user data – and ever-adapting wider threat intelligence – this ready-to-rumble system allows for pinpoint detection of malicious code. This is shuttled back to the extension’s proactive enforcement system. Enforcer components use code injection and modification to neutralize high-risk code – before the browser is exposed.
This protective action occurs with no latency. Think of it like a natural evolution of DOM manipulation – instead of entire pages of code being actively rewritten, our highly focused approach allows for protection without latency. If no threats are present, the user is simply free to continue browsing as normal.
LayerX goes far beyond simple web page analysis; with a focus on cohesive protection across all devices, the user data that goes into its protection also allows for security teams to tighten security policies as necessary. All sensor-level events are aggregated and processed into the management console, offering next-level visibility into managed and unmanaged devices and the risks they face. This on-the-ground view of enterprise security allows for security teams to adapt their activity and access policies with far greater precision, leading to a heightened security stance that goes far beyond browser isolation.