Browser Isolation
Protection from web based threats
Browser Isolation is a technique whereby only authorised sites are accessed directly from a local web browser. All other sites are viewed from a 'browser within a browser', a web browser running in a remote network, isolated from the corporate network but accessed easily and simply from the same local browser used to access trusted sites. Only image information is transferred, the remote browser has no ability to reach the corporate machine or network.
Your local corporate firewall is set to block outbound access to the internet for all but a few necessary servers & services (This should be standard practice anyway!)
Web browsers are set to use a local server to proxy their internet access requests and this is configured to block access to all sites except those present in an allowed list. Sites added to the allowed list should be those known and trusted by the company only. For sites not in the allowed list the user is redirected to a web page allowing them to request that it be added to the allowed list (after management review and approval) and in the mean time to open the site in an 'arms length browser', a browser running as a virtual machine on servers external to the corporate network but viewed by the user as a HTML5 page within the browser they are already using.
Should the site contain zero day vulnerabilities they are not able to take over a browser with access to company machines or data and once the user has finished browsing the virtual machine is shut down and a new clean machine started the next time they request a site not in the allowed list.
Browser Isolation is a technique for protecting corporate networks against zero day vulnerabilities, it cannot protect against phishing attempts where users are deliberately directed to look-a-like sites in the hope that they will try to log in and therefore give away their username and password.
Publicly accessible sites used by corporate personnel should all be using Two Factor Authentication (2FA sometimes called Multi Factor Authjentication - MFA) whereby they require more than just a username and password. If you have sites important to your business that do not support 2FA you should set a unique complicated password, make sure users always access them from the genuine approved web address only via the use of browser favourites or desktop shortcuts but more importantly ask yourself if you want to continue using a service that could so easily be accessed by someone else, somewhere else just by duping a user into giving away their login details.
The Web Isolation proxy uses known lists of phishing domains and DNS services to protect against already known sites but these criminals are experts at social engineer and a domain can be registered and content uploaded in a matter of minutes, it is impossible to guarantee protection against phishing threats. A tool that can help end users identify fradulent e-mails (the main way of duping users into visiting these sites) is our X-Ray Tool a plugin for Microsoft Outlook (versions for native web based Office365 and Google Apps are in development).
Our engineers each have many years of experience behind them and our advice is always free. Please do get in touch to arrange a chat about Browser Isolation technology or any other aspect of Information Security. We are here to help protect your business. Call us today on 01329 630018