contact us
POV

Digital Trends: Browser Isolation, the Latest Tool in the Cyber Security Toolbox

Chris-Pflum-sq
by Christopher Pflum

As the IT industry continues to reel from the WannaCry ransomware attack that affected some 230,000 computers in more than 150 countries – including FedEx in the U.S. and the U.K.’s National Health Service – enterprises around the world are looking for ways to prevent future attacks. Adding insult to injury, just a month after the WannaCry debacle a similar ransomware attack called Petya was reported in Ukraine. We all agree that we should expect ransomware-type attacks to continue well into the future, but how do companies prepare?

What is Browser Isolation?

Browser isolation leverages remote containers, often in the cloud, to run a browser instance rendering only the image and flat text to an end user's device. If an attack occurs, the impact is isolated to the container, preventing any adverse effect from spreading across the enterprise network. At the end of each session, the container is "collapsed" and rebuilt rendering a fresh, default container.

According to a major multinational cybersecurity and anti-virus provider, upwards of 58 percent of cyber-attacks on enterprise users occur though the web browser. As a response, a relatively new technology called browser isolation has begun to garner significant attention from the investment community.

The market for browser isolation technology has seen some recent activity:

  • July 2017: Symantec acquired FireGlass, a leading browser isolation software company, with terms that were undisclosed.
  • September 2016: Spikes Security closed a deal to be acquired by India-based Aurionpro to create Cyberinc, a security-focused joint venture valued at $100 million. Over the previous three years, Spikes Security received between $13.4 million and $20 million in venture funding.
  • February 2016: Menlo Security closed an undisclosed Series B financing round led by JP Morgan Chase after closing a previous Series B worth $35 million in June of 2015 and $10.5 million Series A funding round led by General Catalyst in November 2014, totalling more than $45 million in funding.
  • February 2014: Digital Guardian acquired Armor5 for an undisclosed amount after securing a seed round of $2 million in February 2013.

Of course, the question remains. Does this increased interest in browser isolation technology constitute a truly budding market or is it a short-term financial play by venture capitalists to invest while hype is mounting. Are they simply driving prices so they can quickly dump their investments for a quick buck?

The design simplicity of current browser isolation products makes it more well-suited to be a feature rather than a full-fledged business and market opportunity, which may be why strategic acquisitions abound without a single breakout success. While some are predicting significant growth in remote browser adoption and internet isolation technologies in the years to come, we are markedly more skeptical. However, it must be noted that virtual computing, a similar technology and once considered only a feature, has built major brands like LogMeIn and VMWare.

The market for browser isolation has yet to fully bare out (or crash, for that matter) and the deals to date are nothing close to blockbusters, but the winds of change might just be blowing in the right direction. It remains to be seen whether this technology will fuel the rise of the next IT security mega-star or peter out after a flurry of acquisitions with the majority of value captured by investors rather than delivered to end users.

In the meantime, we expect to see some early adoption at the enterprise level, mostly at firms with mature service integration and management processes for security in risk-averse industries such as banking. No doubt adoption will be bolstered by the ever-increasing threat of malware attacks and the relatively high licensing costs of virtual computing, which is more capable but more computationally intensive than browser isolation.

In the short term, we expect more buzz about investments and acquisitions of browser isolation than actual value delivery to the end user – lest we confuse market activity for a harbinger of enterprise adoption. If the trends continue in lightweight computing – i.e. microservices and containers – we just might see the emergence of a leader that can offer an appreciable value proposition and gain significant market share. It’s still early days, but we’re watching.

ISG helps companies navigate the changing technology landscape. Contact me to discuss how we can help you.

About the author

Chris is an analytical technologist and corporate strategy professional with experience leading and managing fast-paced network operations teams. Chris brings five years of Internet of Things (IoT) experience in the clean technology sector and managerial expertise in networked services in a Network Operations Center. He has successfully supported both domestic and international clients with globally reaching operations. He works with state and local governments and companies in the manufacturing, commercial goods, consumer electronics, agriculture, utilities and food and beverage industries.