What is RBI?
Remote Browser Isolation
A technology that executes web content in a remote, disposable environment and streams only safe rendered output to the user's browser, preventing web-borne threats from reaching the endpoint.
RBI works by running a headless browser instance in a cloud container or virtual machine. The user's browser receives a sanitized representation of the web page, either as a pixel stream (pixel pushing), a reconstructed DOM with active content stripped, or a combination. All JavaScript execution, plugin rendering, and file downloads happen in the isolated environment. When the session ends, the container is destroyed along with any malware that may have executed.
In a SASE/SSE context, RBI is typically integrated with the SWG. The SWG applies risk-based policies: known-safe sites load normally, known-malicious sites are blocked, and uncategorized or risky sites are rendered through RBI. This eliminates the false choice between blocking a site entirely and allowing unrestricted access to potentially dangerous content.
The main trade-offs are user experience and cost. Pixel-pushing introduces perceptible latency and can break copy-paste, printing, and form interactions. DOM reconstruction is lighter but less secure. RBI also consumes significant compute resources in the provider's cloud, so it is priced as a premium add-on by most SASE vendors. Target RBI at the highest-risk use cases: uncategorized URLs, high-risk URL categories, and untrusted email links.
A cloud or on-premises proxy that inspects all web-bound traffic for malware, enforces URL filtering policies, and prevents data exfiltration over HTTP/HTTPS.
The security half of SASE, delivering SWG, CASB, ZTNA, and DLP as cloud-delivered services without the SD-WAN networking component.
The process of decrypting TLS-encrypted traffic at a proxy, inspecting the plaintext content for threats and policy violations, and re-encrypting it before forwarding to the destination.
One email per publish. Unsubscribe anytime.