September 8, 2023

Browse and Download Safely with Zero Trust Web Access

Two revolutionary technologies (RBI and CDR) eliminate threats and maintain productivity

When we hear about Zero Trust principles and technologies, it tends to be in reference to accessing cloud-based and private applications. But these days, web access today is equally in need of security solutions that employ a Zero Trust approach.

Protect Users and Data on the Web

Category-based web filtering is no match for increasingly sophisticated threats that hide within apparently harmless web pages. Even if your organization is using a Secure Web Gateway (SWG) solution to detect known malware and guard against suspicious data transfers, you are still bound to a problematic security strategy that judges whether web content is fundamentally “good” or “bad.”

This approach fails to meet the needs of employees, who frequently have reason to visit “gray” websites to perform their job functions. For instance, a worker may have a legitimate need to access resources found on a gambling or gaming website. Or a web filtering solution may block access to Reddit, even though employees depend on the site as a research resource and avoid its more questionable content. By making subjective decisions about what sites users are and aren’t allowed to access, we risk hampering productivity and simultaneously missing threats hidden in “good” content.


SWG + RBI + CDR = Zero Trust Web Access

The way out of this dilemma is to let employees browse freely while vetting every website they access, and there are two key technologies that make this Zero Trust Web Access approach possible. The first is Remote Browser Isolation (RBI), which opens a website within a virtual container and streams video of the interaction to the user. This provides a normal user experience, but any malware hidden on the website can be quarantined inside the virtual container where it doesn’t reach the user’s endpoint.

Content Disarm and Reconstruction (CDR) takes the risk out of downloading documents from insecure websites. When the user chooses to download a file, the CDR solution analyzes it and rebuilds it on the spot. All the essential content is passed along to the user, but any hidden threats in the file don’t make it into the new file and thus never touch the endpoint.


Forcepoint ONE Secure Web Gateway brings ZTWA to your workforce

Making Zero Trust Web Access a reality is as simple as adopting Forcepoint ONE Secure Web Gateway with available RBI and CDR capabilities. But you can also go further by integrating the Forcepoint Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA) solutions as part of this unified Data-first SASE platform. Embracing a Zero Trust approach via a single-vendor platform will help to streamline security, cutting costs and safeguarding productivity.


Forcepoint ONE Secure Web Gateway offers advantages such as:

  • Powered by an AWS hyperscaler platform with a 99.99% verified uptime since 2015
  • Distributed enforcement for optimized performance and security (up to 2X performance improvement)
  • Best-in-class security against sensitive data breaches, known and unknown malware, zero-day threats and malicious code
  • Inline CASB inspection for an unlimited number of cloud apps and a complimentary ZTNA license
  • Flexible deployments with unique agent-based SWG and cloud SWG enforcement


To learn more about Zero Trust Web Access and how your organization can achieve it, download the new eBook.


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.