by Simon Moran
Posted on November 27, 2022
Gartner Research’s “Magic Quadrant for Cloud Access Security Brokers” report assesses vendors based on the completeness of their vision and their ability to execute.
As intermediaries between users and cloud service providers, Cloud Access Security Brokers (CASBs) enable enterprises to extend their security protocols to cloud-based applications and allow companies to create cloud-specific policies. CASBs are primarily implemented as a cloud service, but some offer an option to deploy as on-premises software.
In this post, we’ll focus on Gartner’s view of Remote Browser Isolation (RBI) as a technology that is complementary to CASB and which, in some cases, enables CASBs to be more effective in their primary mission – keeping use of cloud applications safe and secure..
In the report, Gartner notes that Ericom Shield Remote Browser Isolation is integrated with both Forcepoint and Netskope’s CASB solutions. With RBI, web and cloud application traffic is run in a disposable cloud-based isolated container. Only safe rendering information is sent to a user, so if any malware is present on the pages or apps accessed by a user’s local browser, it is blocked from getting onto the user’s device. We call this approach “Protect vs. Detect”.
In this case, RBI serves as an “airgap” between the user and the website or cloud application. While RBI is most often used to isolate endpoints from potentially malicious content from websites, there are two other use cases that Gartner highlights. The first is the role the technology can play in isolating web and cloud apps from malicious content that might be streamed from user devices (either a hacker or a compromised corporate endpoint). The other is how RBI can help CASB vendors enforce cloud security policies in a particularly challenging area – employees accessing cloud applications like Salesforce or ServiceNow using BYOD or unmanaged devices.
Let’s take a quick look at each of these:
The Magic Quadrant also highlights that CASB is an important part of a larger security construct called the Secure Access Service Edge (SASE). And while CASB is an important security control, it needs to be surrounded by a broader integrated stack or platform, with capabilities such as Secure Web Gateways (SWGs), Remote Browser Isolation (RBI), Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), and more.
SASE is positioned as the future of securing all corporate resources, regardless of where they are located. SASE takes as a starting point that most organizations are increasingly operating in a complex environment where users may be physically located on the company’s premises or in remote locations, and computing resources may be hosted on a company’s own servers or in public or private clouds. SASE provides a unified approach to securing access to resources regardless of where they or the users are located.
Our Global Cloud provides services that are key parts of many organizations’ SASE architectures. The high-availability multitenant global cloud service is built using the latest cloud technologies, and hosts Ericom’s security services, including the Ericom Remote Browser Isolation service, and the Ericom Connect Service, our remote application and desktop access service. Hosted on tier-1 IaaS providers around the world, the Ericom Global Cloud supports our customers’ anywhere-anytime-any-device access as they push forward with ambitious digital transformation initiatives.
“Operation Duck Hunt” Shuts Down QakBot Botnet
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
How GenAI is Supercharging Zero-Day Cyberattacks
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.
Cybercriminals Disdain the Law, But Find Law Firms Attractive
Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.