Browser Isolation Evasion and Exploits: How to Fill the Gap in Browser Isolation

July 13, 2020

Security incidents can cause enterprises severe reputational and financial damage. Many of these originate due to users downloading malicious files, clicking on risky links, and engaging with online advertisements containing malware, also known as malvertising campaigns. 

Unfortunately, preventative measures, such as limiting employee web browsing come at a cost, as these measures can have negative effects on employee productivity. Unfortunately, browser isolation is only able to remotely render web-based files. As a result, users are only able to access these files within the bounds of the virtual environment. 

Now more than ever, as malware evolves and security exploit risks increase, organizations must recognize the importance of adopting a browser isolation strategy. In recent years, Gartner has identified browser isolation as a key emerging technology that companies should consider as a part of their overall security strategy. Browser isolation technology segregates an internet user’s browsing activity from their local network and endpoint device, ultimately decreasing a user’s attack service and dramatically reducing the impact of ransomware, phishing, and other web-based attacks. 

Where browser isolation falls short  

Browser isolation enables users to bypass nefarious links, files, and other web-based attacks by navigating the internet – and viewing and accessing files securely – within a virtual environment. Browser isolation works by keeping a user’s browsing activity – when they visit a website, or use an app – separate from endpoint hardware, with the effect of reducing the device’s attack surface for breaches caused by items such as rogue links and files.

While the browser isolation approach provides a secure method to conduct web-browsing sessions, its drawback is the inability to maintain the same level of protection when a user physically downloads a file from the web. Downloading a file ‘punctures’ the virtual environment, allowing security exploits and web-borne threats to infiltrate and infect the users’ endpoint devices. These threats have the potential to compromise their organization’s mission-critical data stored within the network. 

Once malware has infected a system, threat actors then have the power to take control of networks and harvest credentials that allow them to access, steal, and change data. Once the system is hijacked, the data can be exported and transferred to third-parties for illegal purposes or exposed to the public. Businesses need to be able to rely on their employees’ ability to securely interact with files downloaded from the web – without sacrificing their security posture, or compromising sensitive data. 

Where Positive Selection technology fills in the gaps 

Positive Selection technology, as seen with the Votiro Secure File Gateway, empowers users to interact safely with internet files. With this technology, Votiro understands the need for users to be able to download attachments from the web without worry of the associated cyber risks or network contamination. Votiro’s solutions go beyond browser isolation capabilities by providing an added layer of security that ensures secure browsing and sanitizes files before they are downloaded. 
Learn more about how Votiro Secure File Gateway allows you to adopt a seamless and secure browsing experience.