Umbrella DLP for Isolated Browser Sessions


If you happened to read my recent blogs on both Umbrella Data Loss Prevention as well as Remote Browser Isolation, you’ll be just as excited as I am that cloud DLP for Umbrella RBI was recently released at the end of March!

Refresh my memory on RBI

RBI stands for Remote Browser Isolation - A security solution that isolates users’ devices from potential threats by hosting and running browser activity in a remote cloud hosted container, essentially sandboxing the user’s browsing session.

For example, when a user accesses a website or link, with RBI deployed, the webpage content will be executed in a remote environment or virtual container, render the content as it would appear on the user’s actual session, and allow only a safe representation of both content and downloads to be sent back to the user’s device. This, in turn, will contain any potentially malicious content in the isolated session while leaving the end-user’s device and data un-compromised.

I’m sure you’re thinking to yourself, “wouldn’t it be nice if Umbrella DLP could be utilized to scan the isolated session? Furthermore, wouldn’t it be wonderful if any existing DLP policies could automatically be applied to the isolated content?”

With this latest release, this is indeed possible!

Catch me up on Umbrella Data Loss Prevention

The Umbrella CASB Data Loss Prevention (DLP) solution within the Umbrella Secure Web Gateway (SWG) allows the uncovering of Shadow IT, as well as Application Risk Insight, by enabling enhanced visibility around the applications that are being utilized within the organization, as well as their weighted risk score. 

Umbrella SWG offers two types of DLP:
•    Real time DLP:  Scans, inspects, and blocks user requests in real-time
•    SaaS API DLP: Scans Data-At-Rest in cloud platforms, such as Webex or 0365 for DLP controls, such as Personally Identifiable Information (PII) Data

DLP with RBI

And now, within this session, DLP is now supported for RBI-isolated sessions, undergoing DLP content inspection, ensuring customers can securely browse the internet while also safeguarding their sensitive data.

With this newest release, Data Loss Prevention rules are seamlessly integrated into isolated sessions, requiring no further action or configuration from customers to take effect.

Within the isolated session, DLP inspects files or form data submitted within an isolated session.  

Some examples of form data include IMs, Generative AI prompts, and Online Forms, to name a few.

If, after analysis, Umbrella DLP identifies a violation of a DLP rule with a designated “block” action set, the Remote Browser Isolation will block the transmission of the data to its intended destination.

From the end-user standpoint, the security violation is detected just as it would be in a typical inline DLP event, however, instead of an email informing the end user of a violation, Umbrella will inform the user of the issue via a pop-up message to the end user stating that the organization has detected a potential data security violation.

For this feature to become enabled, Umbrella and Secure Access customers will need to be licensed for both Data Loss Prevention, as well as one of the Remote Browser Isolation packages.


Similar posts