SBN

Bromium vs. Remote Browsers: Downloads Make the Difference

  • Remote browsers stop web exploits but do little to solve the much larger problem of malicious file downloads
  • Users expect to download the actual documents they’ve selected, not remote renderings or hollow substitutes
  • Bromium isolates web downloads so users can work safely with them fully-functional in their native file formats

I don’t’ know about you, but I like my web downloads to be safe, intact, and fully-functional in their native file formats. I don’t relish view-only remote renderings of my Office documents. I don’t enjoy sterile PDF downloads representing mere shadows of their original files with rich content removed. And I certainly don’t want malware in my downloads due to failed detections. So, what’s a web downloader to do?

Remote Browsing? Yes. Safe, usable downloads? Not so much.

Remote browsers are useful for stopping browser exploits, but they don’t do anything to protect web file downloads. Instead, their approach to web-based files is all over the map, often restricting, sanitizing, or web-rendering document substitutes instead of allowing usable downloads.

Remote browsing solutions tend to take three approaches to malicious download protection, often pairing with web proxy servers to enforce different paths for different site categories, including:

  1. Preventing downloads entirely, annoying users and restricting their ability to do their work
  2. Converting file content into sterile formats (PDF), limiting usefulness and precluding collaboration
  3. Sending files through a detection stack, delaying delivery and exposing the organization to malware

Remote Browsing Approach #1: Risky Detection

  • File downloads are binary on/off policy set per-user
  • Can forward the files for inspection by a third-party solution (i.e. sandbox)
  • Downloads can either be delayed until the sandbox has declared it malicious or benign, or can be concurrently transferred to the end user while the sandbox inspects the file (possibly allowing for patient-zero infection)

Remote Browsing Approach #2: Sterile Downloads

  • Remote document rendering with minimal user interaction ability
  • Sanitized PDF downloads (not the original Word, Excel, or PowerPoint documents)
  • True file downloads run through a malware detection stack, optionally held for malicious verdict prior to delivery

Remote Browsing Approach #3: Remote Rendering

  • View-only access via remote execution in a browser with all rich content removed
  • Can “flatten” rich documents into sterile PDFs for download
  • Can send true file downloads to an optional detection process like cloud AV, cloud sandbox

Each of these remote browsing proxies shares the following limitations, which should be deal-breakers for downloaders who actually want to work with safe, fully-functional files:

  • There is no way to safely save or share documents downloaded from the web
  • Document workflow and collaboration efforts are severely limited
  • No isolation is provided for downloaded documents, neither on first use nor on subsequent accesses
  • Web file downloads rely on flawed detection tools which could block legitimate files or allow malicious ones
  • Unprotected downloads may cause system compromises or may even lead to enterprise data breaches

And don’t get me started on how they handle email attachments … they don’t, but that’s a column for another day.

Zero-breach in a secure native application experience is within reach, as users must be permitted to safely download file and executable content to do their jobs without restrictions or IT intervention. Today’s security perimeter has shrunk down to the application level, with vulnerability to known and zero-day file-based malware that can exploit the host and gain a foothold into the organization.

Bromium’s secure native application isolation delivers clear benefits over remote browsing proxies as the last line of defense, allowing organizations to:

  • Save time and resources by empowering employees to safely download and open documents and executable files from known or uncategorized sites without additional verification steps by IT Security
  • Defend against malicious downloads with verified native application performance and usability
  • Stop unknown threats from malicious downloads that bypass existing layered defenses

Let Bromium secure and validate your downloads so users can do their work, safely download any web content, and click with confidence!

The post Bromium vs. Remote Browsers: Downloads Make the Difference appeared first on Bromium.

*** This is a Security Bloggers Network syndicated blog from Bromium authored by Michael Rosen. Read the original post at: http://blogs.bromium.com/bromium-vs-remote-browsers/