MPA Best Practice Guidelines Name RBI as Implementation Guidance Infrastructure for Web Filtering and Usage Control
News | 12.08.2021
In a recent important addition to the Motion Picture Association (MPA) Content Security Program, MPA Best Practices Guidelines were updated to recommend Remote Browser Isolation (RBI) as an implementation guidance option for Data Security Best Practices.
According to Dr. Chase Cunningham, a leading Zero Trust security advocate at Forrester Research who recently joined Ericom Software, the time has arrived for broad adoption of RBI as a security control.
According to the most recent Verizon DBIR, almost 40% of breaches involved phishing, 25% involved credential theft, and malware was a factor in over 20%. 58% of CISOs identify human error as their organizations’ greatest cyber vulnerability. These threat actions, which directly impact pre-release content security, are precisely the ones that RBI effectively blocks.
RBI blocks all website content from user devices and networks by isolating the content in a remote location yet enables users to fully use and interact with the sites in compliance with granular policy-based controls.
When a user opens a website, the RBI solution...:
- Generates a virtual browser in an isolated container in the cloud or on a remote server.
- Executes the website in the virtual browser.
- Sends only safe rendering information to the user’s device.
- Enables users to interact with the websites as usual, using their device browsers.
Critically, when the user stops browsing, the isolated container is destroyed, along with the virtual browser and all website content within—including any malware or ransomware that may have been on the site. Because websites do not execute on the endpoint, no content is left in the browser cache. So, if a device is stolen, lost or breached, content that has been uploaded to or downloaded from the web can’t be retrieved from the device browser cache.
Why use Ericom RBI:
- A wide range of policy controls.Ericom RBI enables granular, policy-based controls that simplify strict compliance with DS-2.0 and DS-2.2 Implementation Guidance. For instance, access can be fully blocked to prohibited sites such as web-based email sites, peer-to-peer, digital lockers, and known malicious sites to prevent content exfiltration and theft. In addition, browser capabilities such as printing, downloading and copy/pasting content from websites that may be exploited by malicious (or simply careless) insiders may also be restricted via policy-based controls, in keeping with DS-2.0 Implementation Guidance to block “local drives, USB mass storage, mapping of printers, copy and paste functions, and download/upload to the Internet gateway system from the production network."
- Reporting and auditing. The centralized Ericom RBI administration console provides full audit trail and reporting capabilities, including historical web access data, upload and download activities, user activity reports, risk analysis, security events, and more. Security admins can drill down into report data to reveal patterns and define custom reports to get maximum insight from historical organizational data. Data can also be automatically exported to an external SIEM for archiving and further analysis.
- End user experience. Unlike remote desktop alternatives, which involve numerous steps to first launch a remote desktop, and only then open a protected browser, Ericom RBI works with standard browsers on users’ regular device or desktop. While other RBI solutions may limit which browsers are used by requiring browser-specific configuration, or utilize cludgy, confusing and often imprecise browser-in-browser technology, Ericom RBI fully protects users, on any browser they choose, at any time. It provides an excellent end user browsing experience–even HD video plays smoothly and on-page navigation is extremely precise.
- Integrates easily with current (and planned) security stacks. Leading security solution providers, including Palo Alto Networks, Netskope, and many others partner with Ericom for RBI. In addition to integrating simply with a wide range of the firewalls and secure web gateways in use today, Ericom RBI is compatible with new generation SASE platforms and security solutions as well. So even clients who are considering updates to their security stacks can adopt RBI now, without locking themselves in to any specific security vendor.
- Protection from phishing emails and sites, and infected attachments. Ericom RBI protects against phishing by opening URLs in emails in isolated containers in the cloud, away from endpoints. Moreover, as required by DS-2.1 but by no means standard in most browser isolation solutions, it opens new, uncategorized sites in read-only mode to protect users who might be lured into entering credentials on a phishing site. Ericom RBI also integrates content disarm and reconstruction (CDR) capabilities which examine attachments and remove any malware embedded within before downloading to endpoints. Of course, policies may be set to restrict downloads based on user, site or type of attachment – or block all attachments.
- Virtual Meeting Isolation. Like all other websites, web portals of virtual meeting solutions are vulnerable to infection with malware, which can then be passed to meeting participants via their browsers. In addition, malware has been identified which can take control of user cameras and expose private chats via virtual meeting solutions. Ericom RBI is the sole browser isolation solution in the market that secures virtual meetings conducted via Zoom, Microsoft Teams, Google Meet, Webex and similar browser portals. Patent-pending proprietary Ericom technology supports key collaboration elements, like screen sharing, microphone use, and video-camera.
Receive a personal consultation on Ericom solutions from certified Softprom specialists.
Softprom - Value Added Distributor by Ericom Software.