Cloud-Based Internet Isolation Technology

The Cybersecurity battle has in the last several years has migrated to the “back door entry point” – employees’ browsers! Your employees surf on work, home, and public networks, and will inadvertently bring outside trackers and targeted zero-day malware into your network. Anti-Virus, VPN, Firewalls and Phishing Site protection protects against known phishing sites and viruses – not browser content. The browser has become the new gateway to phishing and malware. And the malware can spread from employee device to your network.

 

Our enterprise solution to isolate internet browsing has drawn praise from IT security and CIOs from DISA.

Cloud-Based Internet Isolation Technology  (CBIIT) by PrivatizeMe is a system to isolate and protect client endpoints from internet attacks while browsing.  The active browsing agent is not on user’s PC or smartphone but is located at a secure remote server.  Browsing interactions and code execution is performed entirely at the remote server.  The client at the user’s desktop or smartphone is essentially a “glass pane” presenting a window of the remote browser.  To interact with the browser on the remote server, Keyboard Video Mouse (KVM) and audio capabilities are used at the user’s desktop or smartphone, effectively preventing any remote code from executing on the local device.  The end user experience is essentially the same as using a local browser.

 

Each browsing session is spawned into an isolated container on the CBIIT that will execute the browser code.  Browsing sessions are separated and cannot interact with each other.  When a browsing session is terminated, the browser and its container are destroyed.  Depending on the provisioned policies, download files may be scanned for threats and these files may be destroyed or stored on the CBIIT along with browsing data and logs for each user.

 

The CBIIT platform, which can scale depending on usage, will reside in FedRamp level II certified data centers.  The data centers will be located at multiple geographic sites.  The geographically disperse sites will serve multiple functions including, increased reliability, catastrophic event survivability, reduced user latency, reduced user inconvenience from maintenance actions and server to server load balancing.

The system can be used for either business and work-related browsing with protection or sandboxed browsing from unknown and known malicious websites.  Access to various websites and content can be limited by several administrator settable parameters including, user, geolocation, URL, bandwidth quota, file type, and whitelist/blacklist status.

For more information and discussions >>