Changes in Cyber Threat Landscape Underscore the Need for Browser Isolation
Overnight transition to a resilient distributed organizational infrastructure has widened the attack surface that attackers are looking to exploit. A dramatic increase in ransomware attacks, phishing attacks, and targeted attacks on C-suite employees has changed the cyber threat landscape.
In addition to creating new websites with the sole purpose of hosting malicious content, attackers also find ways to compromise legitimate websites and use them to host malicious content via techniques like embedding malware in ads served up on sites.
Today, cybercriminals can deliver malicious content via compromised websites using zero-day exploits and drive-by downloads. Besides web browsers, hackers continue to use email as an attack vector. Cybercriminals use phishing attacks to not only harvest login credentials, but to deploy malware and other advanced persistent threats.
Remote Browser Isolation (RBI) technology applies the zero-trust security approach to offer organizations one of the most effective ways to defend themselves against these threats. Forcepoint RBI powered by Ericom—a seamless solution that integrates with Forcepoint Web & Email Security, Forcepoint NGFW, and Forcepoint DLP- delivers a true zero trust browsing without impacting user experience.
How does Forcepoint RBI solution work?
The core concept behind browser isolation is to create a ‘gap’ between the end-user device and unknown websites or email links resulting protection from attacks and exploits. Forcepoint RBI isolates web traffic and renders it in virtual containers to keep users safe while enabling IT control.
Forcepoint RBI stops 100% of malware on isolated sites. The strength of the approach is one of the reasons why Gartner has highlighted the role of RBI in their Secure Access Service Edge (SASE) framework. Forcepoint has chosen to integrate with Ericom’s award-winning Shield RBI product across our cloud, email, next-gen firewall, and data loss prevention products to bring the integrated capability across the portfolio .
Here’s an example of how Forcepoint Cloud Security Gateway and Ericom Shield RBI work together:
- Forcepoint Cloud Security Gateway uses our Advanced Classification Engine (ACE) to allow access to known good sites and blocking known bad ones.
- Configurable isolation policies can be set in Forcepoint Cloud Security Gateway based on website categorization, user, groups, locations, behavioral forensics, and more.
- All isolated traffic is routed through Ericom Shield RBI.
- Shield RBI renders risky sites in a remote virtual container, preventing any malware or ransomware on the site from infecting endpoints.
- Only safe rendering information is sent to the browser on the endpoint, providing fully interactive user experience.
- For additional protection against phishing attacks, sites can be rendered in read-only mode to prevent users from entering credentials.
- If a user downloads a web file or email attachment, included Content Disarm and Reconstruction (CDR) technology removes any malicious code from files that have been weaponized.
- When the browser is closed, all isolated content is discarded.
We use Forcepoint’s Advanced Classification Engine in our cloud and email security solutions to determine which traffic gets routed through the remote browser. As a result, users get full web access while IT security teams mitigate web security risks. And for organizations looking to provide C-level executives and IT admins safe from cybercriminals, we make it easy to isolate all their web traffic to provide the highest degree of web security.
Additional data protection with isolation
The rapid adoption of cloud infrastructure and applications has increased focus on data security with different users accessing the data through a variety of devices, both managed and unmanaged.
By setting policies that require corporate web and cloud applications to be accessed using a mode of Forcepoint RBI called pixel mode, data security teams can ensure that content is never downloaded to the local browser cache of devices. Additionally, policies can be set to restrict data sharing actions, like copying from a clipboard to a local device’s storage. Data sharing websites like LinkedIn and Twitter can be placed in read-only mode, protect data exfiltration of sensitive corporate data and intellectual
property. And if an organization does permit data sharing on sites that are being isolated, customers using Forcepoint DLP will be able to ensure that their standard DLP policies will be enforced.
Why Forcepoint RBI is the right choice for enterprises
Forcepoint RBI excels on both the security and user experience fronts. There’s no agent or plugin to install on devices. Instead, we make it simple to set policies in Forcepoint Cloud Security, Email Security, or NGFW that routes risky website traffic to the Forcepoint RBI cloud service. The service isolates potential malware, zero-day exploits, or phishing threats by rendering it in remote virtual containers so users experience a safe, fully interactive browsing experience.
Learn more from Ericom’s Chief Product Officer, John Peterson about RBI:
Stay ahead of the curve
Ponemon Institute estimated that 80% of successful breaches came from zero-day exploits in 2019. Gartner predicts that through 2022, organizations that isolate high-risk internet browsing and access to URLs in the email will experience a 70% reduction in attacks that compromise end-user systems. Our goal is simple: keep you ahead of that curve.
Forcepoint RBI can be purchased as a value-added capability for Forcepoint cloud security, email security, NGFW, and DLP customers. Click the link to take a more detailed look into how Forcepoint RBI works or click the Watch the Webcast button on the right.