• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Products & Services

Protecting Users From Online Threats With Remote Browser Isolation

Author avatar of Artsiom HolubArtsiom Holub
Updated — February 27, 2023 • 4 minute read
View blog >

It’s hardly a stretch to say that the COVID-19 pandemic has pushed most of the world online. The Internet has become an integral part of our daily lives – how we engage with each other, attend classes, do business. In this brave new Internet-enabled world, security solutions like remote browser isolation have become more important than ever. After all, bad actors know the importance of the world wide web and are more than willing to exploit our dependence on it.

For companies with remote employees – all of whom require consistent interaction with the Internet – remote browser isolation (RBI) offers a way to protect their increased attack surface without the need to install any agents or browser plug-ins on the endpoint. Malicious javascript, malvertising (malicious ads injected in web pages via exploits or compromised ad networks), exploit kits, drive-by downloads and many other attacks target users interacting with web content via their browser. Since this is the main way the average user engages with online content, finding an RBI solution that integrates into your security stack and offers robust coverage is critical.

How Secure Is Your Average Browser?

The short answer: Not really. HIGH severity vulnerabilities in browsers are patched quite often. For example, Google recently issued multiple patches for 14 browser vulnerabilities. For Patch Tuesday, Microsoft has issued patches for six vulnerabilities targeting the Windows Environment. While the browser zero days are primarily affecting Chrome/IE browsers, since Microsoft Edge is also now based on Chrome, Edge users will also be vulnerable to these flaws. Some of them, for example CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution) and CVE-2021-30551 (Type Confusion in V8), are being exploited in the wild.  Once a browser with such a vulnerability is connected to a malicious site, it gives cybercriminals an opportunity to not just compromise the user’s machine but the whole network as well.

Organizations have to use a layered approach to try to mitigate this risk. It can be done by utilizing DNS protection to block known malicious websites, Newly Seen domains (category offered by Cisco Umbrella), different categories of the domains implemented through Content Policies. However, this approach might not be enough when a highly reputable domain gets compromised. At the same time, some organizations have to lower strictness of web security policies during the pandemic and mandatory work from home times. So how can companies provide their employees with internet access that doesn’t impact their ability to perform work while still protecting the organization?

Remote Browser Isolation Meets the Needs of Modern Cybersecurity Teams

In 2017, Amy Ann Forni and Rob van der Meulen of Gartner made the case for RBI solutions, stating:

Almost all successful attacks originate from the public internet, and browser-based attacks are the leading source of attacks on users. Information security architects can’t stop attacks, but can contain damage by isolating end-user internet browsing sessions from enterprise endpoints and networks. By isolating the browsing function, malware is kept off of the end-user’s system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.1

That’s why Cisco Umbrella has moved to provide users with this kind of protection, offering remote browser isolation as an add-on to SIG Essentials and SIG Advantage packages.

A graphic that shows how RBI creates an isolation platform between the client's web browser and the internet. The isolated content runs in disposable virtual containers, and 100% safe rendering of information is delivered to the web browser via adaptive clientless rendering.

RBI protects users from potential malware and other threats by redirecting browsing to a cloud-based host. Isolation is achieved by serving up the web content to users via a remotely spun up surrogate browser located in the cloud. Typically, when a user’s browser is compromised, the attacker achieves access to the machine the browser runs on. However, with RBI, the remote browser runs in an isolated container in the cloud, thus mitigating the attack surface. The content from the remote browser is rendered in the user’s local browser without impacting the end user experience.

Sourcing Remote Browser Isolation Through Cisco Umbrella

Remote Browser Isolation (RBI) for Cisco Umbrella is available as three exclusive add-ons, all with varying degrees of isolation options:

Isolate Risky

Security Categories:

  • Malware
  • Command and Control Callbacks
  • Phishing Attacks
  • Potentially Harmful

Content Categories:

  • Uncategorized

Isolate Web Apps

Content Categories:

  • Chat
  • File Storage
  • File Transfer Services
  • Instant Messaging
  • Organized Email Professional Networking
  • Social Networking
  • Webmail

Applications:

  • Cloud Storage (eg. Box, Dropbox, Google Drive)
  • Collaboration (eg. Slack, WhatsApp, Facebook Messenger)
  • Office Productivity (eg. Smartsheet, Lucidchard, Gmail)
  • Social Media (eg. Facebook, Twitter, Instagram)

Isolate Any

Any security categories, content categories, applications, and destination lists can be isolated.              

In the recording below, we demonstrate how easy it is to enable the remote browser isolation feature for an added layer of protection. We also show the functionality of RBI and how it protects even vulnerable browsers from dangerous exploits including zero-days attacks aimed at browsers.

 

1 Gartner, Gartner Identifies the Top Technologies for Security in 2017. Amy Ann Forni, Rob van der Meulen 2017.

For companies with remote employees – all of whom require consistent interaction with the Internet – remote browser isolation (RBI) offers a way to protect their increased attack surface without the need to install any agents or browser plug-ins on the endpoint.

Tweet this quote

Additional Resources

  • Package: Cisco Umbrella Secure Internet Gateway (SIG) Essentials
  • Package: Cisco Umbrella Secure Internet Gateway (SIG) Advantage

Suggested Blogs

  • Embrace SASE With Cisco February 28, 2023 3 minute read
  • Cisco Umbrella + Cisco Duo Are Better Together February 14, 2023 7 minute read
  • Cisco Enhances Cloud DLP With Unified Management and More December 8, 2022 3 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella