Remote Browser Isolation (RBI)
Open the unknown web. Safely.
Remote Browser Isolation balances security and user productivity by allowing access to unknown websites in a safe, isolated environment.
Isolate the risk. Not the user.
RBI renders risky sites in a containerized environment that is destroyed at the end of the session.
Instant-on. Zero hardware.
Enable RBI in just a few clicks for all locations and users.
Risky sites reach the endpoint.


Uncategorized sites are dangerous
Undefined and uncategorized sites are frequently used for phishing campaigns and ransomware delivery.
Code executes on the endpoint
Web browsing runs code locally on the user's device, opening the door to malware, credential theft, and other malicious activity.
The block-or-allow dilemma
Outright blocking uncategorized sites floods IT with access tickets; allowing them exposes the endpoint to risk.
No visibility into risky access
Admins lack insight into which risky sites are loaded — and which users access them most frequently.
Render the risk away.
Keep people working.
Risky websites and unmanaged content shouldn't have to touch your endpoints. Cato RBI executes web sessions in an isolated cloud container and streams only safe rendering to the user, neutralizing browser-borne threats while people keep working normally.
Zero Trust Security (SSE) Solution BriefIsolate uncategorized sites
Automatically launch undefined and uncategorized sites in a remote, isolated session.
Render, don't execute
Stream a graphical representation of web content to the user's browser — site code never touches the endpoint.
Destroy and monitor
Tear down the containerized session at the end, and track RBI events by destination, user, and volume.
Stop Trusting Your AI Browser
Remote Browser Isolation (RBI) Capabilities
Instant deployment, no hardware
Cato RBI can be enabled in just a few clicks for all locations and users, with no additional hardware or software to deploy.
- Enable in a few clicks for all users and locations
- No additional hardware or software
- Uncategorized sites auto-isolated in a remote session

Reduce the risk of web-based attacks
RBI isolates website code from the endpoint by rendering the site in a containerized environment that is destroyed completely at the end of the session.
- Render sites in a containerized environment
- Session destroyed completely when it ends
- A safe alternative to outright blocking sites

Manage and control risky web access patterns
Cato lets admins filter the unified event log and track RBI events by destination, user identity, volume, and more.
- Track RBI events by destination, user, and volume
- Fine-tune RBI policies to enterprise needs
- URL simulator loads any site for investigation

Watch how Cato does it
Customers love Cato
Remote Browser Isolation provided a niche capability for reducing our attack surface by isolating access to uncategorized sites that fall outside Cato’s existing categories. For those unknown sites, we needed a way to protect ourselves, so we started the RBI journey.
Get a live demo
Secure every interaction across the enterprise, cloud, and AI with the only purpose-built SASE platform.
15–30 minute session with a SASE product expert
Discuss your use cases and how we can help
Live product demonstration where applicable
See Cato in Action
Request received
Thanks, there. A Cato specialist will reach out at to schedule your session.