Skip to main content
McAfee Enterprise MVISION Cloud

About Remote Browser Isolation for Secure Web Access

You can use browser isolation, which is also known as Remote Browser Isolation (RBI), to ensure web access is secure for users of your organization.

When a user sends a request to access a website with browser isolation enabled, the original content of that website is not sent in response to the user's browser, but to a browser on a remote server.

From there, a real-time, interactive image of this content is transferred to the user's browser. This ensures the user's browser and system are protected against threats arising from the original content, for example, against infections by viruses and other malware inhering in this content.

Using browser isolation, you can allow users access to websites that would otherwise be blocked under your web policy because accessing them was considered an unacceptable risk.

The user is notified when browser isolation is applied. For this purpose, the representation of the original web content is marked by a green border around any page that is displayed in the user's browser.

The browser isolation process is controlled by the rules of your web policy. These rules filter web traffic relying for their execution on the web proxy functions that are implemented under Skyhigh Security Service Edge.

There are two rule sets offering different modes of browser isolation:

  1. Risky WebBrowser isolation is used when access to a website is considered a risk.

    Whether access to a website is considered a risk, is determined by the web security functions that are implemented under Skyhigh Security Service Edge.

    You can specify exceptions and other settings.
     
  2. Full Isolation Browser isolation is used for access to a website according to criteria that you select.

NOTE: You must obtain an additional license from Skyhigh Security to use the Full Isolation mode of browser isolation.
 

Modifying browser isolation for risky websites

Under the Risky Web mode of browser isolation, the web security functions of Skyhigh Security Service Edge determine whether access to a website is a risk. You can modify its use as follows:

  • Exempting websites — While using this mode, you can exempt websites from having it applied if you think your users can access them without risk.

    You can exempt websites based on domains, IP addresses, and URL categories.
     
  • Blocking and allowing activities — While using this mode, you can block or allow:
    • File uploads and downloads
    • Copying and pasting data
    • Storing cookies
       
  • Behavior when browser isolation cannot be enabled — If access to a website is considered a risk, but this mode cannot be enabled for some reason, you can block access to this website.

    This ensures that while using this mode, risky websites are either accessed by your users under it or not at all.

Modifying full browser isolation

Under the Full Isolation mode of browser isolation, you determine when to apply it. You can modify its use as follows:

  • Exempting websites — While using this mode, you can exempt websites from having it applied if you think your users can access them without risk.

    You can exempt websites based on domains, IP addresses, and URL categories.
     
  • Restricting browser isolation to websites — While using this mode, which applies to all websites by default, you can select websites and restrict use of this mode to them.

    You can base your selection on domain, IP addresses, and URL categories.
     
  • Blocking and allowing activities — While using this mode, you can block or allow:
    • File uploads and downloads
    • Copying and pasting clipboard data
    • You can also set a limit to the amount of cliipboard data that is copied or pasted.
    • Storing cookies
       
  • Behavior when the licensing limit for browser isolation is reached — You need to obtain an additional license from McAfee to apply this mode of browser isolation. This license allows a limited number of users to access websites from their browsers with this mode enabled.

    When this number is exceeded, you cannot apply this mode to other users anymore. Then you can still block access to all websites where you would otherwise have applied it.

    This ensures that while using this mode, websites are either accessed by your users under it or not at all.
  • Was this article helpful?