DATA SHEET

Zscaler™ Cloud Browser Isolation

Eliminate the endpoint device attack surface

Zscaler Cloud Browser Isolation reduces web-based threats and protects executives and
users with access to sensitive data from the risks of data exfiltration.
Internet browsing is drastically increasing the attack surface
According to Gartner estimates1, 98 percent of external attacks are carried out over the public internet and, of those attacks, 80
percent are targeted directly at end users through their browsers, making browsers the largest surface area for threats.

Executives, finance teams, and other high-risk functions are prime targets for hackers. They have access to the most sensitive
information in an organization. Browser-based attacks and malicious active content hidden in webpages, vulnerable browsers,
and plugins provide a convenient means to deliver ransomware, phishing attacks, and other advanced threats, as well as to
extract sensitive data. Many organizations struggle to give users access to the webpages they need to successfully run their
business while still protecting them and reducing the potential for data exfiltration and damage to the organization.

But, blocking all potentially risky websites is not a practical approach to protecting users from web-based attacks, as this
approach can impede business productivity and negatively impact the user experience. It isn’t always easy to determine which
sites pose a threat and which do not. A fundamentally different approach to reducing browser risk is needed to give users the
unobstructed ability to browse and give you the confidence that your users are protected.

Stop browser-based attacks and data leakage

Enabling business while still protecting users, networks, and data from risky or malicious web content is critical.

Zscaler Cloud Browser Isolation creates an isolated browsing session that enables users to access any webpage on the internet
without having to download any of the web content served by the webpage onto the local device or the corporate network. With
Zscaler Cloud Browser Isolation, users are not directly accessing active web content; instead, only a safe rendering of pixels is
delivered to the user so malicious code that may be hidden is kept at bay. And since Cloud Browser Isolation is a 100-percent
cloud-delivered service, you have no hardware or endpoint agents to deploy or manage.

Simply route internet-bound traffic for your high-risk employees to Zscaler Cloud Browser Isolation and it immediately enables
safe access to active content for your users—establishing isolated sessions for questionable websites to minimize the browser
attack surface and protect your sensitive data and users from web-based malware and data exfiltration.

Best of all, integration with Zscaler Internet Access™ (ZIA™) elevates security by applying an even higher level of protection
across all traffic, irrespective of whether it originates in the native browser or browser isolation platform. All traffic is inspected
by Zscaler Internet Access and defined corporate policies are applied, including data loss prevention and file-type policies.
Combined, Zscaler Internet Access and Zscaler Cloud Browser Isolation take your security to the highest level.
1
It’s Time to Isolate Your Services From the Internet Cesspool, Gartner, September 2016
 DATA SHEET

Zscaler Cloud Browser Isolation benefits

With Zscaler Cloud Browser Isolation, your users can securely browse the internet without the hassle of managing additional
endpoint agents or plugins on every device. Cloud Browser Isolation delivers a 100-percent cloud-based solution that eliminates
the need to deploy custom hardware or software components within your environment. This approach fundamentally changes
the way enterprises protect users, data, and critical business systems from web-based threats. Zscaler Cloud Browser Isolation:

Stops active content and ransomware from reaching endpoint devices

• Protects executives and users who handle sensitive data from phishing attacks, ransomware, and other advanced threats.

• Provides safe access to uncategorized URLs, newly registered domains, and other active web content without having to
download the actual files.

• Stops zero-day attacks and other web-based threats from ever accessing endpoint devices or the network.

• Limits the ability of an attacker to move laterally and cause damage.

Prevents exfiltration of confidential data from business-critical applications

• Enables viewing in business applications while preventing the downloading and copying-and-pasting of
confidential business data.

• Prevents users from activating targeted data theft attacks hidden in webpages, downloadable web content,
and browser plug-ins.

• Eliminates the threat of data exfiltration from phishing and spear-phishing attacks.

• Prevents outdated and vulnerable browsers, or even questionable and unsafe plug-ins, from being leveraged to compromise
the user’s device or exfiltrate data.

Provides an integrated security platform to secure all traffic

• Integrates with Zscaler Internet Access to deliver the highest level of security, including access controls, Cloud Sandbox,
Cloud Firewall, IPS, and DLP.

• Secures all traffic, whether it originates in the native browser or in a Cloud Browser Isolation session.

• Deploys in minutes, not months—simply by checking a box in configuration.

• Delivers security as a cloud service to eliminate architectural changes and reduce operational cost and complexity.
• Provides a uniform framework for policy definition, enforcement, and authentication.

FEATURES
• Agentless solution—Provide secure access to web • Centralized granular policy management—Define all web security
content without physical hardware or an endpoint agent policies, including isolation policies, on a centralized granular
on every device. policy framework without having to replicate policies
on multiple platforms.
• Integrated with Zscaler Internet Access—All traffic
destined to the isolation environment and traffic from the • Data exfiltration controls—Define the level of interaction the user’s
isolation environment to the internet is governed by the local computer can have in the isolation environment, including
policies (URL, cloud app, DLP, etc.) defined in ZIA. upload/download control and clipboard sharing between isolation
and the local computer.
• Pixel streaming-based technology—Securely stream content
to the end user’s native browser as pixels over an HTML5 • Secure file rendering—Render PDF files, text files, and more in the
canvas to protect users from connecting to active content. isolation environment to protect against weaponized documents.
 DATA SHEET

Cloud Browser Isolation capabilities

Cloud delivery and reduced management burden
Agentless cloud delivery lets you use Zscaler Cloud Browser Isolation without requiring hardware appliances or installing
and maintaining remote browser isolation endpoint agents on every device. Web requests are evaluated according to
defined policies and, when needed, Cloud Browser Isolation establishes a remote browser session.

Protecting users and data

By defining granular policies based on user, group, or department, you can effectively protect endpoint devices
and prevent confidential data exposure from business-critical applications by managing user activity within the
isolation environment.

Heads up, you’ve been redirected to Browser Isolation!

The website you were trying to access is now rendered in a fully isolated environment to protect you from malicious content.
1
http://unknownwebpage.com/

2 3

1 2 3 4

Provide safe access to Keep endpoint devices Stop theft of confidential Stop data leakage by
active content by protected from threats by business data with granular controlling the user's
containing it inside a confining downloaded policies that prevent file ability to copy and paste
Cloud Browser Isolation files to the isolation downloads. data.
session. container.

Increase security with pixel streaming

Maximize your security by enabling safe access to unknown web content without downloading actual files. By using pixel
streaming-based technology, Zscaler Cloud Browser Isolation delivers only secure renderings of web content via an HTML5
canvas, ensuring your users never come in contact with active web content. This technique eliminates the risks associated
with Content Disarm and Reconstruction (CDR) approaches, and improves your security and the ability to support more open
internet access policies.
 DATA SHEET

Web app

3
Active web content How it works
(HTML, CSS, Flash, JS, cookies, etc.)

1 User tries to access a potentially

malicious webpage.

2 Request is evaluated against

2 Isolated browser defined policies and, if there is a
match, an isolated browser
session is created.

3 Zscaler connects to the webpage

ZERO TRUST EXCHANGE and loads the content onto the
isolated browser.
1
Pixels 4 4 Web content is streamed to the
end user’s native browser as pixels
over an HTML5 canvas.

User

Why Zscaler Cloud Browser Isolation

Accessing unknown Preventing internal Protecting Browser

and risky web content theft of IP and data high-value targets sandboxing
Provide safe access to Allow viewing access while Protect executives and Protect against zero-
newly registered domains preventing file downloads others dealing with day threats embedded
and uncategorized and copy-and-paste from confidential information in webpages and
content. business apps. from web-based attacks. scripts.

Raise your internet security to the next level

As part of the integrated Zscaler Zero Trust Exchange™, you can easily activate Request a Demo
Cloud Browser Isolation to eliminate web-based threats and protect sensitive data.

About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust
Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.
Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest inline cloud security platform.

Zscaler, Inc.
120 Holger Way
San Jose, CA 95134
+1 408.533.0288
www.zscaler.com
©2020 Zscaler, Inc. All rights reserved. Zscaler™, Zero Trust Exchange™, Zscaler Internet Access™, ZIA™, Zscaler Private Access™, and ZPA™ are
either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any
other trademarks are the properties of their respective owners. V.102120