Web-Gap hero

Is Browser Isolation Affordable?

Guise Bule


According to Gartner, browser isolation is the hottest and most effective new way of protecting your users from malware and web based cyber attacks, but how can you deliver a remote browser solution without seriously denting your budget?

The more technically-aware amongst you will have known for a long time that your antivirus and firewall do not really protect you from modern cyber threats in a meaningful way. They have failed to protect the majority of internet users from malware, adware, or even ransomware attacks, with criminals extorting ransom payments.

Larger businesses, the federal government, and those with more money to spend on cybersecurity are increasingly leveraging a new cybersecurity model called browser isolation, or remote browsing if you look at it from a user perspective. Remote browser isolation is a highly-effective solution to the problem because the browser is where most web-based attacks begin and browsers are almost always the source of infiltration on our local machines.

A big problems with remote browser isolation solutions is the cost. A remote rowser isolation technology has to be affordable enough for millions of small to medium sized businesses in order to meet the market requirements.

There are different ways to accomplish browser isolation and a number of companies approaching the problem from different angles, all of them trying to achieve more or less the same goal. Some remote browser isolation solutions stream a remote browser to you over the internet. Others let you connect to a remote browser hosted on a local appliance. There are even others which force you to install client-side hypervisors onto your local machine. Most of these solutions are quite costly to deploy at any sort of scale.

Our team was the first to develop a commercial browser isolation model in collaboration with the National Nuclear Security Administration at Lawrence Livermore National Laboratory back in 2010. Back then, virtualization was the most effective way to isolate the internet facing activity of an internet user and it was an absolute godsend at a time when cyberattacks were rapidly becoming the norm. Instead of browsing the internet from a browser on local machines, we simply gave users a remote browser on a virtual desktop and it was a wonderfully effective way of protecting large amounts of users, if horrifically expensive at scale.

This browser isolation model has since evolved and spread, but we realized early on that in order for the model to become adopted by the mainstream browser isolation platforms had to become cost effective. The problem with using virtualization for remote browser isolation is that it's an expensive way to handle the browser compute-load.

Using virtualization to isolate browser compute loads requires you to pay for a lot more server infrastructure than you really need to in order to handle this risk load, it gets incredibly expensive at scale, especially if you have embraced some kind of appliance, or SAN centralized model. Some see a way around this server cost by using a client side hypervisor, because this just breaks the trusted security through a physical isolation model.

If you really want to protect a huge amount of internet users by providing them with remote browsers in a cost effective way, then containerization-based infrastructures which leverage distributed infrastructures are the way forward and this is something we at WEBGAP do incredibly well. I am quite proud of the fact that nobody else does what we do, in quite the way we do it, but I do lament the fact that few fail to grasp the nuance around our architecture and model until they try to deploy browser isolation solutions at scale.

When it comes to isolating thousands of individual remote browsing compute workloads simultaneously, containerization is an infinitely more efficient way of dealing with these workloads than virtualization. However, it's only recently that we have adopted containerization and most of our space is still stuck on virtualization.

Malware, ransomware and other kinds of browser-based cyber attacks are a huge problem for everyone, not just large businesses and the government, but also very small businesses too. The browser isolation model is still too expensive for the many, something my co-founders and I set out to change with WEBGAP.

If you would like a fact finding conversation click here to schedule a video or phone call with us.