Posted on June 25, 2021
Want to interview Chase?Contact
Remote Browser Isolation, aka RBI, was more of a “fringe” technology when it first came on the scene. I wrote about RBI a few years ago while working as an analyst. At that time, it was noted as something that was interesting, innovative, and a potential future solution that would be key to extending the defensive edge of an organization. The concept is a powerful one – by moving web browsing sessions off the endpoint, and instead isolating them in remote network (or cloud) containers, RBI would protect devices from all bad things on the web. Early versions of the technology had some rough edges as far as performance and user experience, but that was years ago – an eon in cybersecurity terms. Jumping forward to today, security teams have discovered that innovation and hard work have delivered a new class of RBI product that is ready for prime time.
In the last year RBI has been announced as a product offering from a variety of organizations that have lengthy histories in as cybersecurity solutions providers. The company I work for, Ericom, has an RBI product and works with well-known partners such as Forcepoint and Netskope, as well as on its own, to bring it to market. Other recognizable brands that are now directly active in the RBI space include Menlo Security, McAfee, Zscaler, Symantec, and, just recently, Cisco and Cloudflare. There are a variety of ways these solutions are offered and in truth many of them are RBI features, not really RBI products. That’s not to say that they are any less useful in the context of extending security controls to the Zero Trust Edge but some of them are features, not products, period. Buyers and users should be aware of that.
But why is RBI suddenly a “thing”? Why have some of the largest and longest serving security providers on the planet started offering this? How does RBI fit strategically into the future state of an organization’s security?
The answer isn’t that complicated. RBI is now being offered by these organizations because to be concise, it works. RBI helps to deliver on the threat prevention promise that legacy anti-virus and anti-malware products attempted to provide decades ago. And RBI fits into the strategy of an organization because it extends the defensive plane all the way out to the internet. By using containers and the cloud as part of that extended defensive edge and by functioning as the interface that a user would leverage to operate in the most threatened space there is, the internet, an organization’s security strategy is effectively optimized. A good RBI solution does not negatively impact the user experience, but it does eliminate and negate the most prolific of attack vectors where they operate, the web. It’s basically that simple, and that’s why RBI is now becoming popular.
Think about things in this way for a second. If you accept that 1) statistically, numerically, historically speaking, data indicates your users will be your most likely avenue for exploitation; and 2) your users are most likely to be compromised by either a phishing link, credential harvesting, or drive by download malware, then where are attacks most likely to occur? The web, end of story. Therefore, if you can leverage a solution that sits between the users and limits their interactivity with negative content and the nefarious techniques that hackers employ you can finally tip the scales of efficacy in the never-ending daily battle we face in cyberspace.
Ultimately, this is the final way that you should think about the value RBI offers: it is around that reality that we operate in a combat environment in cyberspace. If you were looking out across a vast expanse of a combat environment, would it make more sense to try and fight the enemy hand to hand, sticks and fists once they had penetrated en masse within your carefully constructed base perimeter? RBI moves the engagement zone outside of your territory and keeps your home front safe – that’s the value. Fighting inside of your own environment once it has been breached, that is what legacy anti-virus type solutions get you.
RBI, as well as other Zero Trust security controls, are designed to keep the engagement as far from your base defenses as possible. By preventing the enemy from gaining a viable beachhead from which they can move laterally and spread you, in essence, take the high ground and dominate the battlespace.
So, I’ll put it to you – which approach makes more sense?
Engage the enemy on your terms, with you in the power position, or continue to try and “stay ahead of the threat” with legacy anti-virus/anti-malware scanning solutions that we have 30 plus years of proof don’t help you win? Or use technologies that help you take back the initiative from your adversaries?
These are the reasons why RBI, and why now.
One emerging solution architecture that has gained traction to help secure modern distributed organizations is called Secure Access Service Edge (SASE).
According to a Bloomberg report, the attack on Colonial Pipeline can be traced to the company's insufficient diligence in following a number of IT best practices related to its remote access solutions.
Midsize enterprises, and the MSSPs that serve them, are typically an afterthought for big enterprise security vendors. Enter ZTEdge - the right solution at half the cost.