Acquisition Activity In The Browser Isolation Cybersecurity Space

It has been a busy few years in browser isolation cybersecurity space, as most large technology vendors with a stake in the information security began to look into acquiring a browser isolation capability. In this article, we break down the acquisitions to date and discuss some of the reasons why the browser isolation space is so strategically attractive to large technology vendors right now.

Recent Browser Isolation Acquisitions

There have been no less than six different acquisitions in the browser isolation space over the last few years, with acquisition prices ranging from USD $39 million for early-stage startups all the way up to USD $250 million for more mature browser isolation vendors, let’s dive in and take a closer look at each acquisition.

Symantec Acquires Fireglass - Security giant Symantec acquired browser isolation startup FireGlass in July 2017 for an estimated USD $250 million in order to integrate their capability into Symantec's existing security suite.

Proofpoint Acquires Weblife - Cybersecurity vendor Proofpoint acquired browser isolation startup WebLife in November 2017 for USD $60m in order to "extend Proofpoint's security and advanced threat detection capabilities".

Zscaler Acquires Appsulate - Cloud security provider Zscaler acquired web isolation startup Appsulate in May 2019  in order to enhance their cloud security suite and provide their uses with "secure access to their web based applications".

HP Acquires Bromium - Multinational information technology giant HP acquired client-side browser isolation vendor Bromium in September 2019 to "combine with HP's Sure Sense, Sure View and Sure Start security applications".

Cloudflare Acquires S2 Systems - Web infrastructure giant Cloudflare acquired early-stage browser isolation startup S2 Systems in Janurary 2020 for an estimated USD $39m, in order to "to add S2’s technology to Cloudflare Gateway".

McAfee Acquires Lightpoint Security - Cybersecurity vendor McAfee acquired isolation vendor Lightpoint in Feb 2020 for an undisclosed amount in order to "integrate their capabilities to their Unified Cloud Edge (UCE) solution".

What Is Driving The Acquisitions?

Judging from the recent acquisitions by players like Symantec, Zscaler, and McAfee, the biggest driver by far for acquiring a browser isolation capability seems to be the need to enhance existing web gateways with a zero-trust browser isolation capability. I have written about upgrading your web gateway with browser isolation before, so do go ahead and read that article if you are a newcomer to this concept.

There are lots of different web gateways out there from lots of different vendors and they are mostly deployed in enterprise IT environments. Web gateways all have the same problem in that they are unable to correctly categorize all web traffic all of the time. When you cannot properly categorize your web traffic as risky or safe, then you have two choices, you can let the user access the website (and keep them happy while taking a risk), or automatically block the website (and annoy the user who will then complain). So what should you do with that URL? Lets physically isolate it!

This is where browser isolation cybersecurity shines, you can simply take all of your uncategorized website URLs and isolate them onto remote browsers for the users to consume. This is what is driving some technology vendors to acquire the capability, they all need an answer for the websites that they cannot categorize and browser isolation technology is the answer that vendors have settled on.

The Future of Endpoint Security

The endpoint is now considered to be the new perimeter and security-conscious organizations are physically isolating their user’s browsers and the associated cyber risk away from their internal networks using the browser isolation cybersecurity model. Security vendors, cloud service providers and managed security service providers who see browser isolation as the future of endpoint security are scrambling to offer a remote browser service to their own customers as a way of generating recurring revenues, further fueling acquisitive activity within the browser isolation space.

When you consider that there are 100 million internet users in the US workplace alone, you begin to grasp the size of the market. Almost any business you can think of could really benefit from the protection that browser isolation brings and for a service provider this represents an attractive recurring revenue stream opportunity. Globally the potential user base for browser isolation and remote browser solutions runs into hundreds of millions of users, a vast market for cybersecurity providers and vendors.

Different Approaches To Browser Isolation

What is interesting about these acquisitions is that, despite them all being about browser isolation, they represent radically different approaches to the problem of isolating the browser. A notable standout is Bromium whose client-side solution was acquired by HP and contrasts against the server-side solutions of every other vendor. A client-side solution makes sense when you are a global computer manufacturer like HP though, they lead PC and hardware sales with security as a selling point.

Generally speaking, the market has chosen to adopt the server-based approach to browser isolation, preferring to physically isolate risks away from internal networks rather than virtually isolate them on the endpoint. In general, we trust the security through physical isolation model (also known as air-gap networking).

But even among server-side solutions we can see different approaches to the problem of browser isolation, with different underlying architectures and approaches to display presentation depending on the vendor. Startups like FireGlass, Weblife and Lightpoint all seemed to be leveraging virtualization in their underlying infrastructure, which could limit their ability to scale cost-effectively up past the million simultaneous user mark.

I have written about the problem with virtualization-based architectures before, some virtualizations VDI based architectures are dependent on legacy remote display protocols limiting their ability to integrate with the local browser in a meaningful way.

Notable acquisition standout S2 Systems took the DOM-based approach to display presentation which enables tight local browser integration and use of browser plugins, delivering a native user experience. This DOM based approach is in demand because of the richer user experience it delivers. Another acquisition standout is Appsulate who were originally focused on SaaS app isolation, but if you think about it there isn't really that much difference between isolating a web application or a website.

I personally find the different approaches to browser isolation deeply interesting, but prefer containerization based architectures which take a DOM based approach to browser isolation, I find them to be much more efficient, scalable and capable of delivering the user experience required to satisfy real-world users and use cases.

For transparency purposes I am the founder of Secjuice and co-founder of browser isolation startup WEBGAP, I like to track my space and write about it. Check out more of my writing here and follow me on Twitter here for my latest updates!