Login

REQUEST PRICING
TRY IT FREE

Remote Browser Isolation Guide

Table of Contents

What is web isolation?

Remote browser isolation or web isolation technology is a security solution that keeps a user’s browser activity secure by separating the procedure of loading web pages from the user device that is displaying the web page. This can be extremely helpful as it prevents malicious code and malicious content from running on your computer in the back end.

Key Takeaways

  • Security through Separation: Remote Browser Isolation (RBI) protects devices by executing web code on a remote server rather than the local machine.
  • Threat Prevention: It effectively neutralizes common web threats such as malvertising, phishing, and drive-by downloads.
  • Two Main Methods: Isolation is typically achieved via DOM reconstruction (cleaning the code) or pixel pushing (streaming a visual representation).
  • Operational Efficiency: RBI reduces the need for restrictive web blocking, allowing employees to access necessary sites without compromising security.
  • Deployment Options: Organizations can choose between cloud-based solutions for scalability or on-premise setups for lower latency.

Using web apps or normally visiting a website involves a browser loading the web page by running and executing code, which can come from the website servers that, in some cases, can be fairly untrusted and harmful to a user’s sensitive data.

Keeping a user’s device and security in mind, internet browsing can be fairly dangerous in terms of security, which is why having some sort of security during your web browsing sessions is crucial. This is why remote browser isolation (RBI) loads and executes these codes far from the user’s device.

Moreover, browser isolation technology can act as a sandbox or virtual machine, creating an isolated environment to protect data from malware or malicious web content. There are many things that can harm our devices or put our data at risk, which we see almost every other day while going through the internet.

Some potential threats we can encounter while web browsing can be through various things such as malicious ads or other types of risky web content developed by cyber criminals solely to get hold of our sensitive and personal information.

While most websites may contain legit code, some may also contain code executes designed to steal user credentials and sensitive information. This can put your information security at risk and cause many organizations to struggle.

How remote browser isolation (RBI) works

Most normal internet users do not know what goes on in the back end when browsing the internet. Moreover, web browsers are one of the most common applications used in a business setting and for a normal user.

As mentioned above, one of the main jobs of a remote browser isolation (RBI) solution is to create a virtual environment that filters out the chances of malware or malicious code running and getting installed on your device.

A cloud-based web isolation tool is used to conduct a user’s browsing activities on a cloud-delivered server, usually controlled by a cloud vendor. It then displays the webpage on the user’s device as it would normally be displayed without loading the full webpage. What this does is it allows the web browsing activity of a user to take place without putting the user’s computer information at risk.

Many people often wonder how web isolation works when trying to input something into a web page, such as a form submission or a mouse click. It works the same way as it would work when displaying a webpage. When you input something into a webpage, the input goes to the cloud server, which is then carried out there.

Ways a remote browser can send a webpage to a device

There are 2 main ways through which a remote browser can send the webpage to a users device:

  • One of the most common ways can be to open the webpage in an isolated environment, rewrite the webpage by removing malicious content and malicious code, and then send the improved clean version to the user’s local device. Once the content is considered safe, the webpage is loaded a second time.
  • The second method, which is also very common, is known as pixel pushing. Pixel pushing lets the user view a video or image of their browsing activity. However, this method can cause latency issues, resulting in a poor browsing experience. Latency means that the image or video displayed to the user can often be delayed or not in sync with the user’s actual activity. This means that if you are watching something live, it can display a version 1-2 minutes behind the actual video.

On-premise browser isolation technology

On-premise isolation executes browser activity on a server within the organization’s private network. This approach offers distinct trade-offs:

  • Pro: Significantly reduces latency for a smoother user experience.
  • Con: High capital expenditure (CapEx) for dedicated server hardware.
  • Con: Increased management complexity for remote or distributed workforces.

Even though user devices are free of malware or potentially damaging malicious code, that does not mean the organization’s remote server and the network are safe from any threats. This can become even more costly as the organization might purchase network security tools to protect the network from cyber-attacks.

Moreover, on-premise web isolation can be quite difficult if an organization is trying to expand to multiple different networks and especially if an organization is trying to set up a remote workforce. It is because on-premise web isolation can only be useful for employees that are present on-site or at the office. Thus, making it much harder for remote workers to stay safe from web threats.

Why an organization needs isolated browsing

Many organizations that hope to avoid internet-related threats often end up blocking websites. However, this can be very counterproductive at times. Moreover, to combat the issue of blocked websites, many organizations have IT teams dedicated to unblocking websites for specific users or employees, which can end up taking a lot of time and decreasing overall productivity, as it delays even the most basic tasks that can be done in a short time.

Therefore, to avoid such an issue, an organization should have a web isolation tool so that employees don’t have to go through the hassle of having a website blocked each time they access it. Furthermore, this can save an organization the cost of hiring an IT team dedicated to unblocking websites for employees.

Another important reason an organization should consider having web isolation security tools set up is that web browsing can be one of the easiest ways for cyber criminals to target an organization’s resources and private data.

Many employees may often encounter malicious pop-up ads during their browsing sessions, which can then lead to malicious downloads on a user’s computer. Moreover, since many employees are often checking business emails, there is a high chance that they might end up falling victim to phishing emails. This is where remote browser isolation can help prevent users from falling victim to such scams.

What threats can browser isolation technology protect you from?

Many people often ask what remote browser isolation protects you from compared to normal antivirus softwares. Various website content that can be harmful to users include;

  • Redirect Attacks: Malicious code that forces the browser to load an attacker-controlled URL instead of the intended site.
  • On-path Browser Attacks: Harmful code injected into the browser to steal session tokens and impersonate the user.
  • Drive-by Downloads: Automatic malware or ransomware installation triggered simply by loading a compromised webpage.
  • Malvertising: Malicious code embedded within legitimate advertising networks to distribute risky content or downloads.

Conclusion

Remote browser isolation (RBI) is an essential tool to have when it comes to a user’s browsing session. They help provide the user with secure web gateways, which have the ability to keep users safe from any type of browser-related attack conducted on an individual user or an organization.

Frequently asked questions

What does remote browser isolation do?

It creates a safety barrier between you and the internet. The isolation server loads each webpage, checks it for threats, and sends you only a safe view. If the site tries to run malware or phishing code, that code stays trapped in the server and never reaches your computer.

Will remote browser isolation slow down my browsing?

Most users notice little or no delay. Cloud-based RBI adds roughly the same latency as a short VPN hop (often under 100 ms). Pixel-streaming can feel slower on video-heavy sites, while DOM reconstruction is close to real-time. Choosing a provider with regional data centers keeps the experience smooth.

Author
Gavin Garbutt
Co-Founder & Chairman of Augmentt

FAQ

Using our GDAP tool & Magic Link, setting up is easy! You can integrate with your CSP partner portal in minutes
Augmentt uses a combination of Microsoft Secure Score best practices as well as industry standards such as NIST & CIS. You can use the out of box templates to get started right away and even build your own custom templates to match your client requirements.
Out of box, Augmentt comes pre-configured to not be noisy. Very few Microsoft alerts are critical in nature so you will be receiving tickets for account breaches and not minor user log related events. That said, everything is customizable and you can turn alerts on & off to match your clients’ needs.
No. You can choose to schedule alerts to any stakeholder you want and at the frequency you want or manually download reports when you need them.
Regardless of how MFA is managed across your tenants, we have you covered. Augmentt supports Conditional Access Policies, Security Defaults, Entra ID per user (Legacy) MFA as well as 3rd party MFA services like DUO.
No. You can use Augmentt to monitor and manage all clients regardless of their licensing. For environments with no premium licensing you can still provide alerts and monitoring for account breaches and configure security best practices. For environments with premium licensing, you can leverage Microsoft’s premium alerts and premium security configurations such as Conditional Access Policies.
Augmentt is one of the few vendors SOC 2 Type II, and GDPR compliant.
Site licenses to make sure you can deliver standardized service across all clients very affordably.

SUBSCRIBE for more resources

Related Content

Policy Sprawl Is Killing MSP Efficiency
Policy sprawl is quietly draining your margins, creating security gaps, and eroding client trust. The good news? Standardization is the cure.
Read More
Does Microsoft Secure Score Tell the Whole Story?
Do you have a complete understanding of your security? See why MSPs need to understand the role licensing plays in Secure Score results.
Read More
Top 10 M365 Security Best Practices for MSPs
Here are the top M365 security best practices to help you enhance protection, ensure compliance, and stay ahead of emerging threats.
Read More