Future-proof Browser Security Against Zero-day: Puffin Cloud Isolation

CloudMosa, Inc.
Published in
4 min readFeb 1, 2021


Since the web browser’s invention 30 years ago, it has become the most critical application on our computers. Many of our daily tasks, from work to entertainment, rely on web browsers. That makes browser attacks one of the most popular ways for cybercriminals to inflict damage. In 2020, the estimated monetary loss from global cyber crime was $945 billion. Whenever a web browser announces a security fix, hackers might already use that vulnerability for some time. Modern web browsers and operating systems are so sophisticated that the existence of zero-day vulnerabilities is inevitable.

Traditional secure web gateway vs. Puffin Cloud Isolation

Traditional secure web gateway uses technologies like URL filtering or content inspection to block malicious web pages and protect endpoints. But these pattern matching-based algorithms can only stop known exploits and might block harmless web pages on a false alarm. It cannot detect sophisticated attacks hiding their signature in dynamic contents or exploits targeting zero-day vulnerabilities. Hence, web browsers are still under threat.

Unlike previous technologies, Puffin Cloud Isolation uses a different method to stop all web threats eternally. Instead of blocking web threats, we developed the Puffin Secure Browser technology to isolate and nullify them. Puffin Cloud Isolation uses Puffin Secure Browser to fetch, render, and execute unsafe web pages in a cloud sandbox on remote servers. All dynamic contents from external sources will not contact internal endpoints. Therefore, none of the malicious content will exploit users’ web browsers. This isolation technology will not obstruct an innocent web page nor miss malicious content.

Puffin Cloud Isolation has a higher isolation level.

Puffin Secure Browser isolates and disarms insecure web pages and converts them into a display-only remote browser graphics language format. And then, Puffin Cloud Isolation constructs new clean web pages out of the graphics data from Puffin Secure Browser so that web browsers on endpoints can present identical web content visuals without the questionable content. The proprietary remote browser graphics language between Puffin Secure Browser and Puffin Cloud Isolation plays as the air gap dividing external hazardous Internet and internal secured web environments.

Puffin Cloud Isolation and Puffin Secure Browser work together to deliver a seamless web isolation experience that can protect endpoints from current and future web threats without changing user behavior. Neither additional applications nor browser extensions are needed to use Puffin Cloud Isolation. Its zero-footprint architecture lets users access protected web environments with preferred web browsers straightforward.

Puffin Cloud Isolation provides public cloud service and private deployment

Users can subscribe to CloudMosa’s Puffin 365 service and use the Puffin Cloud Isolation public service on the i.puffin.com from current web browsers. The i.puffin.com also has a special shared-computer mode for users to protect their privacy on a public or shared computer. Puffin Cloud Isolation will not save any user credentials, website cookies, and local storage data on the web browser in the shared-computer mode. It will also automatically log out user sessions after a specific idle time and wipe out all user data.

Puffin Cloud Isolation also comes with an optional browser extension, Puffin Cloud Isolation Assistant. Users can enable or disable the current tab’s web isolation function with a single click on this extension. The extension also can enforce browsers to open new tabs in web isolation automatically. Puffin Cloud Isolation can be installed in a private cloud or on-premises, too. Enterprises or organizations can deploy a complete Puffin Cloud Isolation and Puffin Secure Browser solution inside their network and integrate its web isolation function with other network security components.

Puffin Cloud Isolation as a web proxy or web server is easy to integrate with other network security components in enterprises. A recommended architecture for Puffin Cloud Isolation with other Secure Web Gateway is to deploy Puffin Cloud Isolation between Internet and SWG. Puffin Cloud Isolation is the first tier defender for the external network to maximize the web environment protected by web isolation and keep other network security features like malware/anti-phishing URL filtering, content inspection, virus scanning, etc.

The high availability and load balanced architecture of Puffin Cloud Isolation make it reliable and easy to expand. Enterprise can dynamically create Puffin Cloud Isolation server nodes and adjust Puffin Cloud Isolation cluster size as necessary.

We hope this brief article can give you a basic understanding of how Puffin Cloud Isolation work, enjoy safe surfing on the Internet with Puffin Cloud Isolation! See you next time.

Sign Up for Free: https://www.puffin.com/cloud-isolation/beta/

For more information about Puffin Secure Browser: https://cloudmosa.medium.com/puffin-secure-browser-a-browser-that-protect-endpoints-from-current-and-future-web-threats-aaa50e40682d



CloudMosa, Inc.

A pioneer in providing remote browser solutions for users worldwide.