Skip to main content

Skyhigh Security is launching standalone documentation portals to support Japanese, German, and French languages. We are not supporting auto-translation. Stay tuned for further updates. Thanks for your support.

Skyhigh Security

Risky Web — Use Browser Isolation for Websites Considered a Risk

You can use Remote Browser Isolation (RBI) when allowing a user's request to access a website is considered a risk. You can also configure exceptions and other settings.

The web security functions that are implemented under Secure Web Gateway determine whether access to a website is considered a risk.

If a website is considered a risk at a given point in time, it does not mean that this evaluation is to remain forever. On the other hand, a website that is not considered a risk now might be considered one later.

This is because websites can change over time regarding their maliciousness. Also, the risk algorithm used to rate websites is continually getting better.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
  2. From the policy tree in the navigation panel, select Browser Isolation > Risky Web.

    The selected rule set appears in the configuration area on the right. 

  3. Configure when this rule set should apply.

    • Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.

    • Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.

      clipboard_e48fc4519348852793f81364d73525593.png
  4. To let some requests skip the remainder of this rule set, which means the browser isolation rules are not processed for these requests, configure lists for the skipping rules that are preset here. They are shown under Preset Rules.

    You can configure entries for domains, IP addresses, URL categories, and reputation risk levels in these lists.

    clipboard_e6fd2ae9f5dcac9c531798259594c6572.png

    Click the three dots at the end of the row for a rule and work with the options for list handling that are provided. Or click the name of the list for a rule, for example, Domains (Smart Match), to work with these options.

    For the reputation risk levels, click the rule name and select a level, for example, Medium.

     clipboard_eca633cac58494b3b9f05c6a9aac29041.png

  5. Under Session Handling, configure what to do when browser isolation cannot be applied.

    Leave the preset Block all sites that would otherwise have been isolated rule enabled or disable it. If you disable it, users can access these websites without browser isolation.

    clipboard_e68e34a7786e5c1f6f355dc9dff87f8a1.png 
  6. Under Browser Control, configure how to handle file uploads and downloads as well as cookie storage on a user's system when browser isolation is applied.

    • Block or allow file uploads.

    • Block or allow file downloads.

    • Block or allow storing cookies on a user's system.

      clipboard_e4992dd3b6e82a194cbf8a76818ab79e8.png
  7. Under Clipboard Control, configure how to handle copying and pasting clipboard data when browser isolation is applied.

    • Configure copying: Impose no restrictions on it, allow it only within the same browser isolation session, or block it completely.

    • Configure pasting: Impose no restrictions on it, allow it only within the same browser isolation session, or block it completely.

      clipboard_ebfaa57ba651018fa5871c5e9f2a0f9d8.png

You have now configured browser isolation for websites that are considered a risk, including exceptions and other settings.

  • Was this article helpful?