Ransomware, data thefts, and spread of malware articles are hitting the headlines way more often than we want. The majority of these attacks entered the enterprise from ordinary users browsing the web. Vulnerable browsers and browser plugins have become the default attack vehicle for sophisticated malware that successfully bypasses signature-based malware scanning, firewalls and secure web gateways.
The constant treadmill of updates for browsers and browser plugins multiplied by the variation in devices used in enterprises puts IT admins in a never-ending game of catch-up. Recognizing the effort needed to address the known risk associated — let alone the unknown risk — many regulated and security-concerned organisations have bluntly decided to deny all web browsing from within their organisation’s network. However, users are accustomed to surfing the web to take care of small personal tasks during the day (like booking a dentist appointment or dinner table for the evening) and use the internet to find information to help them with their job. Completely cutting off internet access can affect job performance and result in serious dissatisfaction amongst users.
Rather than completely shutting off web browsing or taking a big risk, there is a way to raise the security levels while keeping the services demanded by users intact. Leading industry analysts strongly recommend isolating the internet browsing to a completely separate network, allowing organisations to drastically reduce the attack surface for web-based attacks.
Citrix Cloud Secure Browser Service lets the admins define a secure, remote browser in Microsoft Azure and instantly deploy it to users. Each user is given unique fresh browser session that is created using the browser technology defined by the admin. The screen in the remote browsing session is sent to the user’s device using the secure and high performing HDX technology and rendered in the user’s local browser using Citrix Receiver for HTML5, completely seamless to the user.
Any possible malware or attacks will, at its best, only reach the remote browsing session and ransomware attempts will fall short as the browsing session has no access to the end user’s device and files. At the end of the browsing session, the complete remote browsing environment is disposed, cleaning up any possible contamination as well as the user’s browsing history, cache and cookies. This ensures that personal data and web browsing activities remains personal, unlike how a corporate proxy could be misused to track the habits of its employees.
Available as a Citrix Cloud service, it is completely hosted in Azure and maintained by Citrix and does not add any additional management burden to the administrator, nor does it require any configuration or infrastructure in the corporate network. The user experience is completely transparent since the Citrix Receiver for HTML5 is automatically available and zero configuration is needed on user’s device.