As our world becomes increasingly digitized, protecting ourselves and our organizations from cyber threats is of paramount importance. One effective cybersecurity approach is remote browser isolation (RBI), a method of separating internet browsing activity from the process of loading and displaying webpages locally. In this article, we’ll delve into the nuts and bolts of RBI, how it works, its benefits, and why it’s a crucial component of a Zero Trust security model[^1^].

What is Remote Browser Isolation?

RBI technology, also known as cloud-hosted browser isolation, loads and executes any associated code on a cloud server, far removed from users’ local devices and organizations’ internal networks[^1^]. This ensures that the browsing session is clean and safe, and it eliminates any potential threats once the session ends.

How RBI Works

RBI technology keeps untrusted browser activity far away from user devices and corporate networks. It does this by conducting a user’s web browsing activities on a cloud server controlled by an RBI vendor[^1^]. The RBI service then transmits the resulting output to the user’s device, providing an interactive experience without actually loading full webpages on their local browser and device[^1^].

There are three main methods that RBI can send web content to a user’s device:

  1. Stream the browser from the cloud: Also known as “pixel pushing,” this method renders and processes web content on a remote server, then sends a visual representation of the webpage to the user’s device as an interactive image or video stream[^1^].
  2. Rewrite each webpage in the cloud to remove malicious content, then send to the local user browser: In this method, referred to as Document Object Model (DOM) reconstruction, webpages are loaded in an isolated environment and rewritten to remove potential attacks[^1^].
  3. Stream “draw” commands instead of actual website code: In an RBI technique called network vector rendering (NVR), Skia “draw” commands are intercepted, encrypted, and “streamed” to the web browser running locally on the user’s device[^1^].

The Importance of RBI in the Zero Trust Model

In a world where work is no longer confined within the walls of a physical office, employees are often accessing websites and cloud-based applications to perform their work from various locations. Browser isolation, therefore, helps stop attacks originating from the browser and is an essential component of the Zero Trust security model[^1^].

In a Zero Trust model, no connection request is inherently trusted by default. This means that no website code should be trusted to run on devices by default[^1^]. This can effectively prevent local downloads or execution of malware, ransomware, and other malicious scripts, block malicious web content without having to block entire websites, and minimize the risk of zero-day browser vulnerabilities[^1^].

The Threats RBI Can Defend Against

Several different types of browser-based attacks are possible, and RBI technology can defend against most, if not all, of them. Some of the most common include drive-by downloads, malvertising, click-jacking, redirect attacks, on-path browser attacks, and cross-site scripting[^1^].

By isolating browser sessions in a controlled environment, malicious content and code are kept off user devices and away from the organization’s network[^1^]. This means that a drive-by download attack would have no effect on a user within an organization that uses RBI technology[^1^].

RBI also has other emerging use cases, such as insulating users from malware, stopping multi-channel phishing attacks, and managing third-party permissions[^1^].


With the increase in remote work and the growing sophistication of cyber threats, implementing RBI as part of a Zero Trust security model is becoming more and more important. Not only can it protect organizations and individuals from a myriad of browser-based attacks, but it also offers a level of protection that is difficult to achieve with other security measures[^1^].