A security pattern that runs web browsing in a separate remote environment instead of on the endpoint. The user sees the page through streamed output or a filtered session, which lowers the chance that malicious code reaches the device directly.
Expanded Definition
Remote Browser Isolation, or RBI, is a containment pattern that executes web content in a separate environment so the endpoint receives only rendered output or a heavily filtered session. The practical goal is to keep active content, drive-by downloads, browser exploits, and session payloads away from the user device while preserving access to the web. In NHI and agentic environments, RBI is often used to reduce exposure when operators, service desks, or automation consoles must reach untrusted sites, vendor portals, or internet-facing admin pages.
Definitions vary across vendors on how much of the browser stack must be remote for a solution to qualify as RBI. Some products isolate full rendering, while others proxy only risky objects or rewrite page content. NHI Management Group treats the term as a control pattern, not a single product category, and aligns it with broader zero trust and endpoint containment strategies described in the NIST Cybersecurity Framework 2.0. The most common misapplication is assuming RBI blocks all web-borne risk, which occurs when teams ignore file downloads, clipboard transfers, and authenticated session abuse.
Examples and Use Cases
Implementing RBI rigorously often introduces latency and compatibility constraints, requiring organisations to weigh stronger containment against a less native browsing experience.
- Security teams isolate access to unknown vendor portals so analysts can inspect content without exposing managed laptops to malicious scripts.
- Help desk staff browse external support sites through RBI when they must retrieve patches, documentation, or customer artifacts from untrusted domains.
- Administrators use RBI for privileged access workflows that touch internet-hosted consoles, reducing the chance that a browser exploit reaches a high-value endpoint.
- Incident responders open suspicious links inside isolation to observe landing pages and preserve evidence without risking local compromise.
- Enterprises combine RBI with download controls and session policy enforcement after incidents similar to the Schneider Electric credentials breach to reduce browser-mediated exposure paths.
Where the term intersects with identity assurance and session control, practitioners should also consider NIST Cybersecurity Framework 2.0 and browser policy integration so the isolation layer does not become a blind spot for authentication tokens, cookies, or clipboard data.
Why It Matters in NHI Security
RBI matters because browser sessions increasingly carry the credentials, tokens, and admin interfaces used by NHIs and by humans acting on behalf of NHIs. If the browser is compromised, attackers can pivot into service dashboards, cloud consoles, CI/CD portals, and password or token vaults without needing a direct endpoint exploit. This is especially important in environments where service accounts and automation operators interact with web applications that were never designed for strong containment.
NHI Management Group research shows that 79% of organisations have experienced secrets leaks, with 77% of those incidents causing tangible damage, and that 96% still store secrets outside secrets managers in vulnerable locations. RBI does not replace secret hygiene, but it can reduce one route by which malware harvests credentials during web use. It also supports zero trust programs by shrinking the trust placed in the local endpoint during web access. Organisations typically encounter the need for RBI only after a phishing event, token theft, or browser-based lateral movement, at which point browser isolation becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-3 | RBI supports controlled, least-privilege access to web resources through isolation. |
| NIST Zero Trust (SP 800-207) | SA-3 | Isolation aligns with zero trust by reducing endpoint trust during web sessions. |
| OWASP Agentic AI Top 10 | Agentic workflows using browsers need containment against prompt and session abuse. |
Use RBI to restrict browser trust and limit interactive access to untrusted web content.
