Restrict file types for downloads and uploads in isolation profiles to enforce
granular data loss prevention policies and control which file types users can transfer in
isolation.
You can now use isolation profiles in Remote Browser Isolation (RBI) to
specify the types of files users can upload or
download, enabling more granular control over data transfers during
isolated browsing sessions. Previously, you can only allow or block all downloads or
all uploads during isolation, regardless of file type. The new capability helps to
enhance the security posture by reducing the attack surface and preventing various
types of cybersecurity threats. It also helps in data exfiltration by controlling
which categories of file types a user is able to upload.
You can configure allowed file types in isolation profiles using predefined
categories like Documents, Multimedia,
Archives,
Executables/Applications, and Source
Code. You can also specify up to five custom file extensions. When a
user attempts to download or upload a file during isolation, the RBI service checks
if the file type is allowed based on the configured profile. This prevents users
from transferring unauthorized file types, reducing the risk of data exfiltration or
malware introduction.
Key use cases include permitting users to download only document files, blocking
downloads of executable files, or permitting transfers of only specific approved
file types. The granular controls enable you to balance security and usability by
tailoring allowed file types to your organization's needs. Configuring file type
filtering enhances your data loss prevention capabilities and provides an additional
layer of protection against potential threats introduced through file transfers.