Cato’s Remote Browser Isolation (RBI) protects users from falling victim to web and browser-based threats like ransomware, malware, phishing, malicious ads or cross-site scripting (XSS) by letting them access websites in an isolated and safe environment. RBI also provides control and visibility that meets compliance and regulatory requirements. Uncategorized or unknown destinations, as well as destinations included in Custom Categories, are accessed in an RBI session without allowing direct browser connection or filesystem access.
Cato offers enterprise-grade security with multi-layered protection. Cato already offers IPS, anti-malware, next-gen antimalware, CASB and DLP that are designed to protect against a wider range of threats, including network-based attacks, malware, insider threats, external threats, and other types of malicious activity. RBI adds another security layer to ensure robust enterprise-grade security. RBI is specifically designed to protect against web-based and browser-based threats, such as phishing, cookie stealing and drive-by downloads.
RBI streams the visual output of the web pages from a remote server to the user's device, any code is executed remotely and doesn’t reach the actual device. IPS and Anti-malware use different methods (such as signature-based detection, behavioral analysis, and heuristics) to identify and then block malicious traffic.
Cato offers robust multi-layered protection, unlike other vendors, who must route all traffic via RBI. Other RBI vendors don’t offer other protections, such as IPS, Anti-malware, Next-Gen Anti-malware, CASB, and DLP. They therefore are forced to route all traffic via RBI. Since Cato offers many layers of security, we selectively route by category. Today, traffic for Uncategorized and Undefined URL categories, and Custom Categories, are selectively routed via RBI.Today, uncategorized and undefined URL categories are selectively routed via RBI. Other traffic is already secured by other Cato security layers and is less prone to the type of attacks that RBI protects against. Cato provides you complete flexibility from allows you to completely block URL’s or perform deeper content inspection using CASB or DLP.
A website is categorized as undefined or uncategorized when the website is new and wasn't signed by the Cato URL categorization engine.
Remote browser isolation (RBI) fits into an overall threat prevention service by providing an additional layer of protection against web-based and browser-based threats, such as phishing and drive-by downloads from undefined and uncategorized categories. When used in conjunction with other Cato security solutions, it can help create a multi-layered security strategy that provides comprehensive protection against a wide range of threats.
Here's an overview of how the RBI process works:
Step |
Description |
---|---|
1 |
The user accesses a website through a local browser on their device. |
2 |
This request is transparently forwarded to the Remote Browser Isolation (RBI) service in the cloud. |
3 |
The remote browser in the RBI service initiates a session with the remote destination. |
4 |
The response from the remote destination is then executed on the remote browser. The response includes HTML, JavaScript, CSS, and any other web components. |
5 |
A safe visual stream of pixels is then streamed to the user’s local browser, with full browsing experience, but none of the active website code. The user interacts with the web pages through their device, but their device is not directly interacting with the web pages themselves. |
Sarah Lee is browsing the internet and visits a website that is categorized as undefined by Cato. The Cato admin configured undefined sites to be delivered by RBI. As she browses the website, exploit kits are silently downloaded onto the remote browser. The kit scans the remote browser and device for vulnerabilities and after finding a vulnerability, delivers ransomware by exploiting the vulnerability.
The website is rendered in the RBI service via the remote browser and remote device, and only pixels are streamed from the RBI service to Sarah Lee’s local browser and device. The ransomware is isolated and contained in the remote browser and device and doesn’t reach Sarah Lee’s device and her network. She continues to safely interact with the website, as all the website code is executed on the isolated remote browser and device.
John Smith is the CFO and accessing his email that contains a link to a website that looks legitimate, and he clicks the link. He doesn’t realize, but he is the target of a spear-phishing attack.
This link directs him to a website that is defined as uncategorized by Cato. The Cato administrator has configured uncategorized sites to be delivered by RBI. This compromised website redirects his browser session to another malicious website that attempts to steal cookies to impersonate him. Cato’s RBI runs the website’s active code, including HTML, CSS and JavaScript, in a remote isolated browser and device, while streaming website content to the local browser and device. The attacker has no access to the CFO’s local device or browser or the local network and cannot steal cookies that can be used to impersonate the CFO.
Cato RBI is supported for browsers only.
Cato RBI supports all modern browser releases of any major desktop browsers (e.g. Chrome, Edge, Firefox, IE, Safari, etc.). Mobile browsers are not supported.
Some old browsers may not comply with the minimum set of requirements for RBI to work properly.
0 comments
Article is closed for comments.