Introducing Remote Browser Isolation (RBI)

The Internet is today’s workplace. Online is where teams go to work—collaborating, communicating, producing, and more. The web is also where hackers go to discover their next victim. Web-based attacks, particularly those originating from email, are among the most common and costly for organizations. Email security alone doesn’t guarantee users won’t visit a malicious phishing page or fall victim to a malware download.

In this post, we present RBI and explore its features, benefits, and advantages.

About Remote Browser Isolation

RBI is designed to keep your employees safe from browser-based attacks that originate from email—from credential harvesting, to drive-by downloads, to cross-site scripting, and more.

RBI uses fast pixel technology to instantly launch a secure container when users click a potentially malicious link. Virtualizing the web session via a remote server, the solution enables users to browse unknown websites with little-to-no latency whether on a laptop or mobile device.

RBI protects against all types of malicious attacks—including zero-day phishing, malware, and ransomware—and blocks malicious downloads, compromising uploads, and sensitive data leakage.

RBI automates the initial whitelisting and blacklisting of websites and refreshes them continually and automatically. It also makes it easy to customize these lists as desired.

The new threat landscape: the case for RBI technology

Email is the top vector for cyberattacks, but the real damage of a phishing email often takes place via the browser. The widespread use of mobile devices also makes it harder for users to spot a threat that reaches their mailbox. Consider these statistics, which help explain the prevalence of email-to-web attacks and their efficacy.

Phishing

• While Hornetsecurity detected more than 1.1 billion phishing emails in 2022, we also detected nearly 275,000 unique phishing websites over the same period. A single phishing website can host dozens to even hundreds of unique phishing URLs.
• Hornetsecurity has detected a growing trend of hackers hosting phishing pages on high-reputation domains that traditional email filters view as safe.
• Phishing is the most common cyberthreat and effective source of initial compromise. Phishing campaigns can result in credential harvesting, malware distribution, account takeovers, and more.
• According to Verizon’s Mobile Security Index 2022, 18% of phishing emails clicked come from a mobile device.

Cyberattacks target mobile devices

• A global survey of executives by PwC found that senior leaders expressed more concern over mobile-based threats than any other attack vector.
• Verizon’s Mobile Security Index 2022 survey found that nearly one in every two organizations experienced a mobile device-related compromise. Of those that did, 73% described their compromise as major.
• More than half of Verizon’s survey respondents claimed to sacrifice mobile security for productivity.

Vulnerability exploits via web application

• The Verizon Data Breach Investigations Report 2023 found that exploiting vulnerabilities is the third most common attack vector, with the majority of exploits targeting web applications.
• In 2022, one in 10 vulnerabilities in web applications were deemed High Risk or Critical Risk, according to Edgescan.
• According to IBM, more than one in four vulnerabilities had known exploits in 2022. The company also notes that every year a record number of vulnerabilities are discovered.
• Vulnerabilities often lead to website compromises that can transform a legitimate site into a security risk.

Malware distribution

• Web applications are the third most common vector for malware distribution and ransomware attacks.
• Web attacks accounted for 14% of malware exploits in 2022.
  

RBI allows users to visit unknown and potentially malicious websites safely, securely, and without risk of compromise. It also allows IT teams to utilize layered security best practices without time-consuming intervention or restrictive policies and oversight.

As a technology, RBI is part of the zero-trust security framework, which proactively stops cyberattacks before they happen—an alternative to the reactive approach of traditional security measures. RBI-Technology is designed to stop attacks before they happen, allowing you to save precious time to reinvest into other priorities.

RBI: uncompromising protection for a compromising world

The Internet is the new workplace—the place where your teams go to work and where you create value for your business and clients. Here, mobile device use is widespread, and communication happens on the fly. Yet with this greater flexibility comes heightened risk to user and business data. Vulnerabilities are common. Mobile devices make threats harder to diagnose. Email-to-browser security is essential to protect against the cyberthreats that hunt for your vulnerabilities and bypass standard security measures.

RBI is a must-have for businesses looking to improve security without limiting productivity. As an add-on to Total Protection for M365 it will provide powerful and extended protection from mailbox to browser—regardless of where work gets done and on what device.