News, Web Isolation
by Ramesh M

Web Isolation Recommendations and Benefits


Gartner Recommendations

Gartner listed the following recommendations for an isolation platform should be able to do.

  1. Does not require a local client/agent.
  2. Uses an industry-standard web rendering engine that is kept up to date with changes in HTML5.
  3. Supports plug-ins, including PDF and Flash.
  4. Supports cloud SaaS applications such as Office 365 or G Suite.
  5. Provides a remote viewer when users encounter file objects on the public Internet.
  6. Allows users to access native documents locally when appropriate and ensures that these files are rendered safely.
  7. Supports basic browsing features such as cut/paste.
  8. Maintains and patches web servers as appropriate.
  9. Uses full VMs or containers for browser sessions
  10. Restores each browser session back to a known good state for each new user session.
  11. Has little or no effect on bandwidth.
  12. Has a multi-tenant cloud architecture distributed geographically for global users?
  13. Ensures high availability by avoiding a single point of failure.
  14. Automatically and transparently determines what content is rendered remotely and what content is rendered locally
  15. Includes SWG capabilities for traffic that isn’t remotely presented.
  16. Protects users against web-based attacks from embedded links in email—even if the email client rewrites URLs as a security precaution.

Use cases:

Browser Isolation Has Value in Managed and Unmanaged Device Use Cases.

For managed devices,

  1. Handling potentially malicious content or code on a trusted desktop
  2. Allowing enterprise users to browse the public internet.

For unmanaged devices,

  1. Handling sensitive content on an untrusted system,
  2. Allowing unmanaged devices to access enterprises applications and data.

Key benefits

  1. Web Isolation Platform is a proactive way to protect endpoint devices from browser vulnerabilities, JavaScript redirects, Flash vulnerabilities and font/image vulnerabilities by rendering mirrored or transformed content to the user’s local browser.
  2. Web isolation GUI portal provides the administrator to decide what kind of data or web categories to be sent to the Web Isolation platform.
  3. If the customer willing to download any files, those files will go to sandbox before start download.
  4. Remote browsing can shield the organization from browser and browser plug-in zero days, as well as zero day and targeted attacks carried in content.
  5. There may be additional benefits for bring-your-own-device and home worker scenarios if attacks are kept isolated from the device.

Disadvantages

  1. Web isolation is a costlier solution as all the user browser will be running on the remote location. Serving up a browser session for one user is one thing, but can it handle thousands of users and millions of connections across a whole organization in real time?  Streaming content is time sensitive.
  2. There is a huge Data center required to handle the traffic if customers start adopting to the Web isolation cloud.
  3. The Video or audio cannot be run in remote and share only the rendered page to end users may encounter issues like audio, video delay.
  4. The remote screen share or the end user intervention is highly required sites will give lot of issues.
  5. Some sites always look for client intervention, obviously those sites should be exempted from rendering.
  6. If customer is required to download a file. There should be another mechanism to identify the content in that file and blocked. Such as sandboxing.