VSM - Remote Browser Isolation

Written By Marissa Fegan (Super Administrator)

Updated at August 27th, 2024

Table of Contents

EDR - Remote Browser Isolation

Remote Browser Isolation (RBI) allows users to review a potentially malicious link in a safe environment without the risk of exposing the user's computer or network. 

Meet Remote Browser Isolation

RBI works by isolating web content in a sandbox away from the user's local device. When the user browses a website using RBI, any potential threats are executed and contained within the isolated environment, preventing them from reaching the user's computer or network. The user experiences the suspicious website as if they are visiting it with their local browser, but the actual browser is located in a temporary container running in the Cloud.

There are several ways to access RBI, which we'll detail below, but regardless of your path, all of the RBI access points will lead you to the same place. The website you have chosen will open in a new browser tab. Here is a brief demo of what you'll see and experience in the remote browser.

 

 

The first thing you'll notice is the URL in the browser’s address bar indicates it is part of VIPRE’s RBI feature.

Clicking the info icon next to the original URL will give you certain details about the site, including whether the site is secure, whether the certificate is valid, how many cookies it's using, and how many external links exist on the page.

Connection Is the connection to the website secure?
Certificate

Is the certificate valid or invalid?

 

Clicking the arrow will give you details about the certificate, including who it was issued to, who it was issued by, and when it expires.

Cookies

Is this page using cookies?

 

Clicking the arrow will tell you what cookies are being used. Selecting a specific cookie allows you to drill down further and get additional information on it.

External Links

Are there any external links on this page?

 

Clicking the arrow will provide you with a list of external links on this page. You can copy/paste these links into the EDR Investigate > RBI screen to manually open and review these links.

Clicking on Show Log at the top-right side of the screen will open the Event Log at the bottom. The Event Log provides details such as what was loaded along with the webpage being viewed (e.g., cookies, scripts, redirects, etc.), which can be extremely helpful in determining the potential threat level. When the event log is visible, it will say Hide Log. When you are done viewing the Event Log, you can click the x or Hide Log.

Once you’ve finished reviewing the website remotely, you can close the browser tab or window to close the RBI session; otherwise, the RBI session is terminated automatically after 30 seconds of inactivity.

 

Accessing Remote Browser Isolation

There are several ways to access RBI, which we'll detail here: 

  • Investigate > RBI
  • Investigate > Link Analysis
  • Monitor > Reports

Investigate > RBI

Scenario: You have a list of URLs that you obtained outside of VIPRE EDR or Site Manager and would like to review them in the safe environment of a remote browser.

  1. Log in to your EDR or Site Manager admin console and navigate to Investigate > RBI on the left-side menu
  2. Type or paste the desired URL into the form and click the arrow to view it in the remote browser

Scenario: You're already working in the Link Analysis dashboard to submit URLs to VIPRE for analysis. You see one URL you aren't sure about and would like to review it without risking the safety of the computer you're using. Select the specific link analysis to open details and click Launch Remote Browser.

 

Monitor > Reports > Web Activity Summary Report

Scenario: You're already working within the Web Activity Summary Report to review all of the events from your top blocked domains. Select the specific threat to open details and click Launch Remote Browser.

Remote Browser Isolation is part of VIPRE Endpoint Detection & Response (EDR) and VIPRE Site Manager.

If you do not already subscribe to VIPRE EDR or Site Manager, contact your account manager or our Sales team.