Web browsers pose an inherent security risk, no matter how tightly they are locked down. Cloudflare’s Browser Isolation service aims to help businesses combat the problem.
People use web browsers every day. On our phones, our laptops, desktops, tablets and other devices, we use a web browser throughout the day. Browsers are essentially an open port to your machine, though, even if they are locked down tightly. For this reason, businesses turn to so-called “browser isolation” services. However, these services are typically used in large corporations, and only for incredibly sensitive information because they can be slow and clunky. Still, cybersecurity remains a hot topic for businesses as threat actors continue to push boundaries and cause problems. So, Cloudflare created its own service, aptly named “Browser Isolation,” which doesn’t slow down internet speeds.
Think about how a web browser works. It exists to transfer data from servers to your machine. You can set up protections, businesses can set up protections, around how the returned data is filtered for potential threats, but if an employee becomes a victim of a phishing scheme, now there’s malware on your systems. Or threat actors will find and exploit vulnerabilities, known or not, and get in that way.
“The browser is the stuff of nightmares for chief information security officers,” says Cloudflare CEO Matthew Prince. “Inherently, every time it runs, the browser is downloading completely foreign code and running it on the device. Browsers do a good job of sandboxing and controlling the risk that’s there, but on an almost weekly basis you’re going to see some sort of vulnerability in one of the major browsers that’s allowing people to potentially break out of that sandbox.”
Enter Cloudflare’s Browser Isolation service, which has been in beta testing since October. Unlike previous browser isolation services, which load pages in isolated environments and then send information about site components to the user’s computer, Browser Isolation uses a different approach. The cloud services provider acquired S2 systems in January 2020, and their approach looks at the draw commands a browser sends to a computer’s GPU in a normal browsing system. But it does this in real-time, as the page loads, commands are captured and sent back to the user’s computer. The computer’s processor basically draws a recording of the webpage. The goal of this was to improve browser isolation in an effort to give businesses another resource in cybersecurity.
“Despite high security spending, many organizations struggle with security incidents associated with the web browser,” says Matt Ashburn, a former CIA officer and National Security Council director who now heads strategic initiatives at the browser isolation company Authentic8. “As long as a two-way connection is allowed from a computer to the internet, advanced adversaries and criminals will find a way to remain successful.”
He’s not wrong. As long as there’s a connection to the internet, threat actors will punch their way through your defenses and get into your systems. Even if you have top-notch security, someone will inadvertently click a bad link in an email and some form of malware will make its way into your network. No company is off-limits, no sector of business is off-limits and no location is off-limits. If you are a business that stores data, as the vast majority of businesses do, you are a potential target.
Cloudflare’s Browser Isolation service may or may not be an option for your business. If it is, it has the ability to add a layer of protection within your current cybersecurity defenses that are already in place. If it isn’t, keep looking and consult an expert to help ensure your business and its information remain safe and secure.