How does Isolated Browsing work?
When we implement Isolated Browsing, we move all web browsing activity into a secure container in the cloud. All web content is executed in that container and only a benign visual representation of the browsing session is returned to the local device. No cookies or code ever enters the network. By ensuring that no web content is ever returned to the local device, the threat from web-borne malware is eliminated entirely. Additionally, all sessions are private and anonymous and cannot be attributed back to the business or the individual.
Do we have to install any hardware or software to implement Isolated Browsing?
There is no hardware to install. System administrators will use a full client application to configure and manage the system. Users may choose to use the same full client application for browsing but can also access the system using their existing browser.
On Windows, Microsoft Edge should be used in preference to Internet Explorer.
Can Isolated Browsing integrate with our existing Single Sign-on system?
Yes, Isolated Browsing can integrate to any SAML based SSO system.
Can Isolated Browsing work with our existing Secure Web Gateway?
Yes, Isolated Browsing can work with your existing SWG configuration. In this way, business applications can run locally and all personal browsing can be routed into the Isolated Browsing environment.
As an administrator, can I implement web access policies?
Yes, web access policies can be applied at the company, business unit and individual user levels. It is possible to filter websites by pre-defined groups (such as ‘Questionable and Offensive’ and ‘Job Search’) and by black and white lists. There is a comprehensive set of policies beyond web filtering that is used to tailor policy configuration at the company, business unit and individual user levels.
Can web access be audited?
Yes, web access can be audited. All user web activity is stored in an encrypted log using a public key. The logs can only be decrypted by administrators using the private key.
Where is the data centre?
There are multiple data centres around the world located in Europe, North America and Asia (Singapore, Japan and Australia).
Is isolated browsing the same as using a VPN?
Implementing a VPN is good for privacy but it does nothing to enhance security. Users of a VPN are still vulnerable to malware attacks when using a locally installed browser.
Isolated Browsing includes VPN-like geo-location spoofing functionality. By default, all users share a geo-location with their Isolated Browsing data centre. Analysts and others that need more control over their apparent location can pick from over 100 configurable egress points around the world. As well as location, other technical elements of the browser session can be spoofed such as the user’s operating system, time zone and browser variant.
I have an anti-virus installed. Isn’t that good enough?
Unfortunately, not. Because of the way it works, anti-virus software cannot provide a 100% guarantee that we won’t become infected when using a browser. We can only get this guarantee by changing to isolated browsing.
Can I open a shell on a remote server?
Yes, it is possible to launch a secure shell (ssh) from the Isolated Browsing environment. This is a cost-plus option.
Can documents be stored in the Isolated Browsing environment?
Yes, the Isolated Browsing environment includes both temporary and permanent storage options. Shared storage can also be configured for teams. This is a cost-plus option.
What password management functions are supported?
Isolated Browsing includes full support for secure password management. Administrators or users can set up application shortcuts that have login credentials securely stored within. Applications can be shared, which is useful when multiple members of the team need access to the same password-protected account (e.g. when the marketing team needs access to the same Twitter account).
How does isolated browsing enhance employee privacy?
Isolated browsing enhances employee privacy in several ways:
There is no persistence in isolated browsing. When we end a browsing session, everything is deleted. When we start a new session, a brand new secure browsing environment is created. No data (such as browsing history, cookies or other spyware) is retained between sessions. This means that it is impossible for websites to track employees over time or build a profile of their interests.
When we use isolated browsing, our browser session is fully encrypted. No aspect of that session is visible to the internet service provider (ISP). Also, our true geographic location is masked (see VPN above).
All Isolated Browsing sessions are completely anonymous. There is no way to attribute a visit to the business or the individual. Researchers and analysts can further spoof their identity by configuring geo-location, browser fingerprint, operating system and time zone.
Does isolated browsing block ads?
Yes, isolated browsing may be configured to block ads automatically. This has multiple benefits:
Online ads are being used to track our every move on the web. The networks that serve these ads are constantly monitoring us and building a profile of our interests and intent based on the content that we consume. By blocking these ads, we put a complete stop to this practice.
Protection against malicious advertising (malvertising)
Scammers have found ways to deliver malware using conventional online ads. In the past, sites such as the BBC, the New York Times, AOL and MSN have been made to deliver malware to their users through malicious ads. Even if we limit our browsing to credible and legitimate websites, we can still become infected by the ads that are displayed. The good news is that isolated browsing stops all ads (both good and bad) from ever running and so protects us from this particularly sneaky type of attack.
Does isolated browsing help defend against phishing scams?
Yes. Isolated browsing helps to defend against phishing scams in multiple ways:
All documents are scanned for malware before opening.
All documents can be opened, viewed and safety-checked in the isolated browser environment before download to the local device.
Administrators can disable document downloads on a company, business unit or individual user level.
The one-click login feature within isolated browsing prevents us from accidentally sharing sensitive data (such as login credentials) with scammer and their phoney websites.
How much does it cost to license Isolated Browsing?
Isolated Browsing starts at $180 (USD) per seat for business users. Researchers and analysts may require additional features which are cost-plus options.
How long does it take to deploy?
There is no hardware to install, and depending on the business requirements, there may not be any software to roll-out. The deployment will be handled by your existing IT function. The main steps of the implementation are as follows:
Configure Single Sign-on (SAML)
Integration with Secure Web Gateway
Configure Company/Business Unit structure
Define access and usage policies
Configure log encryption
Define Group Policy for software roll-out