Isolation in an End User’s Browser

Isolation in an End User’s Browser

Whenever there is a match for a given web page with a policy with the action “isolate” the web page is sent to RBI for isolation and the user gets the isolated (pixel rendered) version of the requested web page. The end user will have a seamless experience, similar to browsing the original web page.

There will be some minor differences in the isolated browsing experience, such as:

  • Initially, while the page is being prepared for isolation, users will see a Netskope Logo and the Tab title “Remote Browser Isolation”.
  • Once rendered, they will see a star [ * ] prefix in their browser’s tab title.
    RBI_browser.jpg
  • User actions are disabled to limit the interaction between the user and the isolated web page for enhanced malware protection and data exfiltration.

    The list of disabled and limited actions:

    • Colored frame – isolation indicator
    • Pop-up message – isolation indicator
    • File downloads – user action control (Controlled GA)
    • File uploads – user action control (Controlled GA)
    • Clipboard – user action control (limited to copy and paste in isolated web pages)

Tip

You can find a list of all available options with descriptions when creating RBI Templates. To learn more: RBI Templates

Warning Messages

Whenever a user tries to perform any of the limited functions they will see a warning messages similar to the following:

For downloads:

RBI_Warning_Final.jpg

For the clipboard:

rbi_clipboard_disabled.jpg

RBI Language Configuration

RBI supports different languages for all standard messages shown to users by RBI: Warning Messages, Pop-up isolation indicators, Error Messages, and Templates.

RBI language for standard messages is configured according to the user’s browser language configuration:

  • German (de, de-*)
  • Spanish (es, es-*)
  • English (default, all other language configurations)

e.g. RBI users that have their browser configured in German /(de-*) will automatically see all RBI standard messages in German:

Read-Only User Action Control

Read-Only prevents the phishing threats by blocking any text input into the isolated page (i.e. typing or pasting from the clipboard) while browsing in isolation. Admins enable Read-Only leveraging RBI templates, and apply them to isolation policies.

End users are notified they are browsing a Read-Only page in isolation and they will see the read-only indicators. In addition, end users will see a warning message if they try to enter any text.

rbi_read_only_message.jpg
rbi_read_only_warning_full.jpg

Users can drag-and-drop to move elements inside the same isolated web page (isolated tab).

RBI_User_Action_Control.jpg

Read-Only Isolation Indicator Control

Netskope enables all isolation indicators by default in an RBI template when the Read-Only user action control is enabled, reflecting the expected behavior for end users. These Isolation indicators are not editable (greyed out) if Read-Only is enabled: Asterisk prefix, Colored Frame, and Toast (Warning Message).

Therefore, if you select Read-Only as a User Action, all Isolation Indicators are enabled and grayed out (not editable).

Isolation_Indicator_Read_Only.jpg

Admins can uncheck the Read-Only control and the Isolation Indicators remain enabled and admins can disable or enable without restrictions.

Isolation_Indicator_Editable.jpg

Default Limits for Browser Tabs

This feature enhances the user experience when users hit any of the predefined limits that prevent them from opening a webpage in isolation in a new tab.

RBI will show an error page warning the user about the problem and allowing user actions to open an isolated webpage in a new tab, such as closing existing individual isolated tabs or groups of isolated tabs.

RBI has 3 different default limits. Error page appearance and behavior depends on the limit reached:

  • Resource Consumption Limit
  • Sessions Limit
  • Tabs Limit

Resource Consumption Limit

When the RBI container assigned to the user is using more than 80% of its resources, it will prevent opening an isolated webpage in a new tab. Instead, it will show an error page presenting all the tabs the user is currently browsing in isolation, grouped by the user’s browser.

To free resources and allow opening a new tab, the user can:

  • Close individual isolated tabs
  • Close all isolated tabs from the same user’s browser

Sessions Limit

A user can browse up to three different sessions simultaneously. A session groups all tabs corresponding to the same user’s browser engine. If a user wants to isolate a webpage in a 4th distinct browser, a warning page displays to close active sessions before opening a new one.

If the user tries to open a new one, a page similar to the following displays:

Tabs Limit

Currently, RBI limits to 10 the number of isolated tabs for the same user’s browser (i.e. 10 tabs per session).

If a user tries to open an isolated webpage in a new (11th) tab, it shows a warning page listing the current isolated tabs in the present session, so the user can close one of then to open a new one.

If the user tries to open an 11th tab, the system shows the tabs open in the present session, so the user can close one of then and so, making space to open a new one.

Share this Doc

Isolation in an End User’s Browser

Or copy link

In this topic ...