There are many ways to counteract these cyber-threats by deploying services such as secure web gateways, endpoint protection, content filtering and proxies, but these can significantly increase costs and management complexity.

Rohde & Schwarz Cybersecurity (R&S) takes an innovative approach to this perennial problem. Its R&S Browser in the Box (BitBox) solution encapsulates the browser in a virtual machine (VM) and separates it entirely from the user's operating system (OS), local data, hardware and corporate intranet. It establishes a proactive network separation throughout the network.

At the same time, access to the internet remains unrestricted for users and their familiar workflows. However, all applications and the operating system itself no longer have unrestricted access to the Internet or servers located there. This makes it impossible to load malicious code. The proactive separation also protects against unknown telemetry data or data leakage from new types of malware.

Running the browser in an isolated environment has undeniable benefits, as threats using active content such as JavaScript, ActiveX or HTML5, browser hijacking and malicious email links and harmful attachments are all effectively nullified. Key advantages are any files downloaded are always contained in the VM and cannot cross over to the host platform; all data is destroyed when the browser is closed and when opened again; it is a completely fresh browser.

A new feature that adds even more appeal is support for web conferencing. BitBox is the only solution that allows users to safely participate in conferences in a virtualised environment, and it also secures access to microphones and webcams.

BitBox implements three distinct isolation layers, with the first being a hardened and minimalised Linux OS that is designed to only run the browser and no other application. This is augmented by AppArmor, which provides MAC (mandatory access control) security to limit the actions processes can take and is particularly useful for restricting applications that can be exploited - such as web browsers.

Next is the virtualisation layer, which is handled by the open source VirtualBox. The third and final layer is a separate, non-interactive and limited Windows user context.

It's important to understand that BitBox is not a sandbox. Unlike these technologies, it is truly isolated, as it doesn't share host system memory resources or kernels with the host OS and separates intranet and internet traffic at the network layer.

There's more, as the 'Docs in the Box' product feature allows users to open unsecured documents and preview them safely in the virtualised environment. It works with all popular file formats.

BitBox is simple to deploy with the R&S Trusted Objects Manager (TOM) central management appliance. Internet access security is assured, as the virtualised browser only communicates via a VPN connection handled by the R&S Trusted VPN gateway appliance, so, even if the browser is compromised with malware, it cannot get on to the corporate LAN.

In cases where businesses need to download files using BitBox, the Information Flow Control function allows security administrators to strictly control what file types may be accessed by placing them in a staging area for malware scans and approval.

Rohde & Schwarz Cybersecurity shows that sometimes it's easier to think inside the box for the best protection against cyber-threats. R&S Browser in the Box is a remarkably elegant solution for protecting organisations from threats that target browsers. It's simple to deploy and has impeccable credentials, as it was developed in cooperation with the German Federal Office for Information Security (BSI).

Product: R&S Browser in the Box
Supplier: Rohde & Schwarz Cybersecurity
Website: www.rohde-schwarz.com /cybersecurity
Sales: +44 (0)1252 818 835
Email: cybersecurity@rohde-schwarz.com