paint-brush
Browser isolation is the future of cybersecurity, but how can you cost effectively isolate your…by@guisebule
187 reads

Browser isolation is the future of cybersecurity, but how can you cost effectively isolate your…

by Guise BuleApril 27th, 2017
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The more technically aware amongst you will have known for a long time that your anti-virus and firewall do not really protect you a great deal, they have failed to protect the majority from malware, viruses and the more nefarious cyberattacks like ransomware, where they encrypt all of your stuff and refuse to decrypt it without a bitcoin ransom payment.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Browser isolation is the future of cybersecurity, but how can you cost effectively isolate your…
Guise Bule HackerNoon profile picture

Browser isolation is the future of cybersecurity, but how can you cost effectively isolate your browsers?

The more technically aware amongst you will have known for a long time that your anti-virus and firewall do not really protect you a great deal, they have failed to protect the majority from malware, viruses and the more nefarious cyberattacks like ransomware, where they encrypt all of your stuff and refuse to decrypt it without a bitcoin ransom payment.

The curse of internet based threats like malware, the advanced persistent threat and ransomware are increasingly affecting small businesses and individual internet users, the most vulnerable members of the internet using community, less likely to have the resources to protect themselves.

Larger businesses, the federal government and those with more money to spend on cybersecurity are increasingly leveraging new technologies and protecting their users using a cybersecurity model called browser isolation.

Browser isolation is easily the most effective way of solving the problem of malware attacks, because the browser is where most malware attacks originate, it is the window through which the vast majority of internet users use the internet and is almost always the original source of infection.

Physically isolating your browser and browsing activity away from your machine and all of your data is by far the most sensible way to protect yourself from cyber attacks, you simply insulate yourself from the internet when you touch it, making sure that the internet can not touch you back.

Browser isolation is the hottest new way of protecting your users from malware and cyberattack according to Gartner, but how do you isolate your users browser and more importantly, in a cost effective way?

It can be as easy as running open source VirtualBox on your desktop and using a VM to browse the internet, a solution used by many that is an effective way of containing malware, even if it is crude and clumsy.

There are a number of ways to accomplish browser isolation and a number of companies approaching the problem from different angles, all of them trying to achieve more or less the same goal. Some browser isolation solutions stream a browser to you over the internet, others let you connect to a browser hosted on a third party server and there are others which force you to install hypervisors onto your local machine, client side solutions.

I maintain a living list of browser isolation cybersecurity technologies here and I have an issue with most of them because they are virtualization based, only last week I declared virtualization based cybersecurity dead, mainly because its too expensive for small business and fails to protect the many.

My own company tuCloud was one of the first to develop the browser isolation model in collaboration with the National Nuclear Security Administration at Lawrence Livermore National Laboratory, except that we called it Safeweb and this was back in 2010 when the best technology we had to isolate was VDI technology.

Back then virtualization was the most effective way to isolate the internet facing activity of your internet user and it was an absolute godsend at a time when daily cyberattacks were rapidly becoming the norm. Instead of letting your users browse the internet on their local machines, we simply gave them a virtual browser or virtual desktop that was hosted on a third party server and it was a wonderfully effective way of protecting large amounts of users.

This browser isolation model has since evolved and spread, but today thousands of federal government employees call this model Safeweb.

Thankfully we have come a long way since the early Safeweb projects at Lawrence Livermore National Laboratory, my team and I have been working hard over the last few years with Sandia National Laboratories building a next generation Safeweb platform that we call the Safeweb Engine.

We realized early on that in order to be successful, the Safeweb browser isolation model had to protect lots of users in a cost effective way and the problem with using virtualization for browser isolation is that its overkill.

Using virtualization to isolate browsing activity compute loads requires you to pay for a lot more server infrastructure than you really want to have to pay for, it gets eyewateringly expensive at scale. The way around this is not to install the hypervisor on the client as some have done, this breaks the core physical isolation model protecting users which is just bad practice.

The way to lower the cost of browser isolation for the many is to move to away from virtualization and towards a technology architecture that is better suited to the workload, we chose containerization and now instead of virtualising browser isolation workloads, we containerize them.

If you really want to protect a huge amount of users (or a small amount of users) by isolating their browsers in a cost effective way, then container based platforms are much more cost effective in terms of the server infrastructure required to run them. I am quite proud of the fact that my own company tuCloud launched the worlds first container based browser isolation platform this month, nobody else does what we do in this way.

We call it the Safeweb Engine and it allows you to quickly and cost effectively throw up hosted Safeweb clouds for you users to connect to, allowing them to physically isolate all of their browser activity onto the Safeweb cloud, an evolution of the Safeweb browser isolation model.

The container edition of the Safeweb Engine requires approximately ten times less server infrastructure than any other virtualization based browser isolation solution on the market, enabling you to protect the many instead of the few and physically isolate browsers in a cost effective way.

When it comes to isolating thousands of individual browsing compute workloads simultaneously, containerization is an infinitely more efficient way of dealing with these workloads than virtualization is and we recognize that now, but its only recently that we have turned towards containerization as a way of handling browser isolation and it is still a very young space.

Malware, ransomware, advanced persistent threats and other kinds of cyber attack are are problem for everyone, not just large businesses and the government, but the browser isolation model is still too expensive for the many, something my colleagues and I set out to change with Safeweb.

Browser isolation is the future of cybersecurity, but only if it becomes cost effective enough for the many, a problem we at tuCloud have solved.

If you have any questions, criticisms or comments about anything I have written here, please do feel free to comment below!