Remote Browser Isolation (RBI) provides controlled access to private applications hosted in the Browser Application Portal. RBI controls which users can access private apps while preventing data exposure and blocking risky file uploads, protecting internal resources. By isolating sessions and enforcing strict data-handling controls, such as blocking downloads, copy/paste, and file transfers, RBI reduces the risk of malware propagation, lateral movement, and data leakage.
Cato secures access to private apps by creating an RBI session when accessing the Browser Application Portal which has access to both the Internet and WAN network. This ensures that access to the private app, and any user actions within it, are controlled through the isolated browser.
You can secure access to private apps through RBI by:
- Enabling the Applications Portal and Browser Application Policy
- Create an Internal Application for your private app
- Enabling the RBI service
- Create a custom category for the Applications Portal
- Creating an Internet Firewall rule for the Browser Application Portal with the RBI Action
The Application Portal provides users with secure browser-based access to cloud and private apps. For more information on how to enable the Applications Portal, see Configuring the Browser Access Portal.
The Browser Access policy gives you granular control over which users in your account can access specific browser-based applications.. For more information on how to create your Browser Application Policy, see Defining the Browser Access Policy.
To secure access to a private app, add it as an Internal Application in the Applications Portal. For more information, see Managing Applications for the Browser Access Portal.
Customize RBI session settings to control which actions users can perform in private applications. For more information, see Configuring the RBI Service for Secure Web Browsing.
Categories are global objects that you can use to customize the Networking, WAN, and Internet firewall rules to meet the specific needs of your network. Create a custom category for the Applications Portal, which you can then use in an Internet Firewall rule. For more information, see Working with Categories.
Create an Internet Firewall rule with the Custom Category created in step 4 and an RBI Action. In this rule, you can define the users, devices, or other criteria that you want to be able to access the private app through RBI. For example, a user on a device without an Endpoint protection solution installed can only access an internal HR web portal through RBI. This isolates the session so the user can view data but cannot download, copy, or interact directly with the private network. For more information, see Managing the Internet Firewall Policy.
Traffic from the user’s device is routed through the Cato Cloud, which automatically initiates an RBI session. The RBI service then connects to the Application Portal, which provides secure access to private applications hosted on the WAN.
0 comments
Article is closed for comments.