Remote Browser Isolation Use Cases
The use of remote browsers has increased exponentially over the last few years, but why are individuals and organizations using a remote browser? What is driving the adoption of the remote browser isolation model and what its different use cases?
Most remote browser early adopters I speak to tell me the same thing at first, they tell me that they want to physically isolate themselves from web-based malware when surfing the internet. While this may seem like the obvious use case for remote browsers, it's a generalized reason and almost everyone has a much more granular motivation for wanting to physically isolate their web browsing activity. The following use cases are all real-world examples that I have taken from conversations with our customers––real WEBGAP users! I will not be naming names for obvious reasons, but I can share with you some of their stories and, hopefully, shed a little light on why individuals and organizations are adopting the remote browser isolation model, and discuss its different use cases.
Physical isolation from malware is not the only reason driving remote browser adoption. Users are also worried about their privacy, their anonymity, and being able to access the geographically restricted websites.
The remote browser use cases that I see are varied. Some privacy-focused users are concerned about being profiled and having their data sold when they surf the internet. Larger organizations want to supplement the efforts of their web gateways by isolating the websites that cannot be categorized by their threat analysis tools. Then, there are users completely focused on anonymous and obfuscated web browsing; they want to browse to websites and not be identified, and these users are typically fraud teams or investigators.
Remote browsers also make an excellent replacement for a VPN that would normally be used to access geographically restricted websites. In this use case, think about Chinese users who leverage remote browsing as a way of browsing through the Great Firewall of China. Unlike VPN services which can easily be detected and blocked, remote browsers traffic looks just like generic traffic and easily slips through the censors' filters.
If I had to categorize remote browser isolation use cases into five groups, I would label them as follows:
Read on to find out the characteristics of these colorfully named groups and learn about the granular motivations of these user groups which make them perfect remote browser isolation use cases.
This group typically has one primary use case, to outsource as much cyber risk out of their internal IT infrastructure as they can. They typically want to supplement their web gateways and SASE strategy with an isolation capability and want to shift the risks of their users browsing away from their networks. For this group, frequent browser-based cyber attacks on their organizations are a reality and they understand that by leveraging browser isolation they can shut down the most common infiltration point on their networks. This group is mostly large businesses.
The more privacy-minded amongst us value the privacy aspects of the remote browser model, they understand that by using a cloud-hosted remote browser, they can surf the internet without being tracked and being profiled by advertisers, or anyone else gathering data on them. You can expect this group to be regular VPN users who see remote browsers as the next logical step to secure, private browsing where they can not be tracked as they browse. This group has nothing to hide, they just do not want to be watched, who amongst us dows like being watched?
I mentioned this use case earlier: Chinese citizens use remote browsers to bypass the censorship restrictions that they face, and they use them because VPNs in China can easily be identified, and are frequently disconnected as they use them. They are not the only group looking to get around filters though. Other groups work for corporations where social media websites are blocked, including expatriates outside of their home countries. To confront these challenges, they use remote browsers to access the locally and geographically restricted content.
Fraud investigators, journalists, and detectives who investigate organized crime groups are a notoriously paranoid bunch. They like to surf the internet in a completely anonymous fashion, ideally using various technical obfuscation methods like multiple egress points, customizable browser headers, and residential IP addresses. When investigating fraudulent websites, suspicious characters, dangerous organizations, or cybercriminals, it is wise to conceal your location and identity as much as you possibly can during open source intelligence (OSINT) operations.
The information security space is both large and varied. Its participants come from a wide range of different backgrounds, but what they have in common is a deep distrust of strange links and a natural suspicion of odd-looking websites. Most information security professionals that I know practice isolation in some way, usually in multiple ways, and they are increasingly using remote browsers as a way of quickly isolating websites or links that they do not trust. They also like to use them when gathering open-source intelligence (OSINT).
This is by no means an all-encompassing categorization of all remote browser isolation use cases. These are just the five most obvious user groups that come to mind whenever I am asked the question, "Why do people use remote browsers?" I wanted to give you a general overview of the primary reasons why individuals and organizations adopt remote browser isolation. There are lots of remote browser users out there who just want to supplement their existing endpoint protection (usually anti-virus software and a firewall) with something that can properly isolate them from the risks they face when they browse the public internet.
The remote browser market is so large and expanding so rapidly that you hear different use cases every day. That being said and despite the apparent differences between the different use case groups who want to adopt a browser isolation model, their motivations are almost always the same on the surface. It doesn't matter if they are a solo entrepreneur, a consumer, the owner of a small business, or the CISO of a large enterprise––they all have the same problem that they are trying to solve.
They do not trust their existing security tools to keep them safe and are working towards physically isolating themselves, their devices, and their networks from the public internet.
If you would like a fact finding conversation click here to schedule a video or phone call with us.