RBI, VDI, WAF or VPN: Comparison of secure remote access solutions

Back

November 13, 2023

min read

RBI, VDI, WAF or VPN: Comparison of secure remote access solutions

Julien Rozeaux

Product Owner

VDI, RBI, WAF, and VPN: the differences

Using a VPN (Virtual Private Network), while effective, can be costly both in terms of acquisition and deployment. This is without offering complete protection against the risks associated with the remote user's workstation. On the other hand, the VDI (Virtual Desktop Isolation), while it reduces concerns about remote desktop security, requires significant server power. This need comes from the provision of a complete work environment to allow the user to have an Internet browser in his session. As a result, VDI has a considerable attack surface. The WAF (Web Application Firewall), on the other hand, based on the detection of signatures and behaviors, cannot but intercept certain zero-day attacks or unknown threats, unlike the RBI (Remote Browser Isolation) that isolates potentially malicious content.

Comparison table

Technology	VPN	VDI	Dedicated PC	WAF	RBI
Safety level	++ protects against external interception	++	+++	+	++++
Attack surface	Important. The IS network is open to the outside world. Malicious exploitation of APIs	Possible exploitation of a software vulnerability present on the VM + API	Local attack on workstation + rebound through VPN Malicious use of APIs	APIs directly exposed but under WAF control. If the WAF is not aware of a vulnerability, it cannot protect the API.	Restricted to the server. No direct interaction with the server APIs, only the application frontend can interact with it.
Features	++ access to the entire network (printer, file, heavy application, etc.)	++	+++	+ 100% on all WEB applications	+ 100% on all WEB applications
Acquisition cost	€€	€€€	€€€€	€	€
Maintenance complexity	Medium	Important	High	Important (rules need to be adjusted as the application to be protected evolves)	Minime
Deployment complexity	Important	Important	High	Important	Minime
Checking station conformity	Yes otherwise the post could become an attack vector	No Requires dedicated application (VDI client)	No	No	No No application to install
User experience	+ Potential impact on PC operation (applications KO when VPN is active). Not authorized in all countries	++	++ Can be complicated if user has 2 workstations	++++ Direct access to the web server from any browser	+++ Transparent, requires only an HTML5 browser

‍

RBI, the future of cybersecurity

With the RBI, access to your applications is via an isolated virtual browser, setting up a protocol break between the remote station and the resource accessed, thus considerably increasing the level of security. This process also reduces the need to authorize numerous incoming flows, thus simplifying network authorization management:

Granular control : Businesses have complete control over user interactions, such as copy/paste, downloads, screen prints, and access to external devices.
API protection : Potential attacks related to the exposure of your APIs are no longer possible, as calls can only be made via the isolated browser.

One of the main advantages of RBI is that it almost entirely eliminates the need to worry about the security level of the remote user's workstation.

While each solution has its own benefits, RBI combines the best of all worlds: solid security, a smooth user experience, a minimal attack surface, and unprecedented ease of deployment. For businesses that care about cybersecurity, it's time to seriously consider the potential of RBI to meet the needs of today and tomorrow.

‍

RBI

VDI

VPN

Julien Rozeaux

Find me on