Browser isolation addresses entrenched web threats
Little office and Mobile apps are as widely used as web browsers, but browsers also introduce a great number of potential security exposures, no matter how carefully they are locked. Large organizations have relied on so-called “browser isolation” services to address this risk for years, but these tools are often slow and clunky. As a result, many companies only need it for the most delicate jobs; otherwise, employees would look for workarounds. On Tuesday, internet infrastructure company Cloudflare is launching its own version – a service aptly named Browser Isolation – which the company says is just as fast, and sometimes faster, than browsing without protection.
Browsers, by definition, are an open door. Their job is to receive data from web servers and send information back. This does mean, however, that in addition to legitimate and benign web data, users can end up downloading malware or malicious attachments through a browser. And hackers can also find vulnerabilities in browser code and exploit them to attack targets.
“The browser is the stuff of nightmares for information security managers,” said Matthew Prince, CEO of Cloudflare. “By nature, every time it runs, the browser downloads a completely foreign code and executes it on the device. Browsers do a good job of sandboxing and controlling risk, but almost every week you’re going to see some kind of vulnerability in one of the major browsers that allows people to break out of that sandbox. “
Browser isolation services like this one from Cloudflare, which has been beta tested since October, protect computers by running the browser in a controlled container away from your other services and data. This way, any questionable code that your browser tries to run unintentionally does not actually run on your computer and can be flagged. However, this process takes time: it’s time to load pages remotely, somehow transmit them to your computer, and then deal with all the interactions involved in web browsing, such as typing. login information for a site or even simple user input such as click and scroll. . All of this introduces lag opportunities, which is why many browser isolation services are so slow and buggy.
The Cloudflare service is part of a new generation of cloud services that aim to be more usable by making it all easier both ways. In January 2020, the company acquired a small business, S2 Systems, which Prince said had a different approach to most of the tools available. Many services have addressed the problem by loading a page in the isolated environment and then sending information about the components of the site, or even each individual pixel color, to a user’s computer for display. But S2’s approach instead uses drawing commands that a browser sends to a computer’s GPU in a normal browsing situation. It captures them as a page loads into its cloud container, then passes them to the user’s computer so that the processor can essentially draw a record of what the web page looks like.
The idea is to watch a projection of your navigation in real time. With web security stakes so high, competitors also felt the urgency to improve browser isolation in the hopes of making the tools more attractive and ultimately more ubiquitous.
“Despite high security spending, many organizations are grappling with security incidents associated with the web browser,” says Matt Ashburn, former CIA officer and director of the National Security Council who now leads the company’s strategic initiatives Authentic8 browser isolation. “As long as a two-way connection is allowed between a computer and the Internet, advanced adversaries and criminals will find a way to be successful.”
As has been the case with others security initiatives, however, Cloudflare has the scale to quickly promote new offers to a massive clientele. Browser Isolation will be a simple complement to the Cloudflare for Teams suite of services for businesses.