Gartner listed the following recommendations for an isolation platform should be able to do.
- Does not require a local client/agent.
- Uses an industry-standard web rendering engine that is kept up to date with changes in HTML5.
- Supports plug-ins, including PDF and Flash.
- Supports cloud SaaS applications such as Office 365 or G Suite.
- Provides a remote viewer when users encounter file objects on the public Internet.
- Allows users to access native documents locally when appropriate and ensures that these files are rendered safely.
- Supports basic browsing features such as cut/paste.
- Maintains and patches web servers as appropriate.
- Uses full VMs or containers for browser sessions
- Restores each browser session back to a known good state for each new user session.
- Has little or no effect on bandwidth.
- Has a multi-tenant cloud architecture distributed geographically for global users?
- Ensures high availability by avoiding a single point of failure.
- Automatically and transparently determines what content is rendered remotely and what content is rendered locally
- Includes SWG capabilities for traffic that isn’t remotely presented.
- Protects users against web-based attacks from embedded links in email—even if the email client rewrites URLs as a security precaution.
Browser Isolation Has Value in Managed and Unmanaged Device Use Cases.
For managed devices,
- Handling potentially malicious content or code on a trusted desktop
- Allowing enterprise users to browse the public internet.
For unmanaged devices,
- Handling sensitive content on an untrusted system,
- Allowing unmanaged devices to access enterprises applications and data.
- Web isolation GUI portal provides the administrator to decide what kind of data or web categories to be sent to the Web Isolation platform.
- If the customer willing to download any files, those files will go to sandbox before start download.
- Remote browsing can shield the organization from browser and browser plug-in zero days, as well as zero day and targeted attacks carried in content.
- There may be additional beneﬁts for bring-your-own-device and home worker scenarios if attacks are kept isolated from the device.
- Web isolation is a costlier solution as all the user browser will be running on the remote location. Serving up a browser session for one user is one thing, but can it handle thousands of users and millions of connections across a whole organization in real time? Streaming content is time sensitive.
- There is a huge Data center required to handle the traffic if customers start adopting to the Web isolation cloud.
- The Video or audio cannot be run in remote and share only the rendered page to end users may encounter issues like audio, video delay.
- The remote screen share or the end user intervention is highly required sites will give lot of issues.
- Some sites always look for client intervention, obviously those sites should be exempted from rendering.
- If customer is required to download a file. There should be another mechanism to identify the content in that file and blocked. Such as sandboxing.