Keeper Security expands privileged access management with browser isolation

Keeper Security, the Zero-Trust and zero-knowledge privileged access management (PAM) platform, has released of remote browser isolation (RBI) capabilities within KeeperPAM, delivering major adoption and usability improvements for modern web workflows within privileged vault sessions. 

These enhancements address a persistent challenge in Zero-Trust environments: enabling secure, policy-driven access to dynamic, multi-tab web applications and file-based workflows directly within privileged sessions. With support for multi-tab browsing, secure file uploads and full JavaScript interaction, Keeper is closing the gap between security and productivity in remote, browser-based access, the company said.

Additionally, Keeper is extending its AI-powered session monitoring capabilities to additional protocols, including RBI. Powered by KeeperAI, these sessions can be continuously analysed, summarised and evaluated in real time to detect anomalous behaviour and ensure activities remain within the scope of assigned privileged tasks.

“Many organisations deploy remote browser isolation selectively because traditional RBI breaks modern web workflows, forcing users to bypass controls when tasks become impractical,” said Craig Lurey, CTO and Co-founder of Keeper Security.

“Keeper’s updates remove the most common challenges to ensure users have a seamless experience while enabling continuous monitoring and intelligent threat detection across every privileged session.”

KeeperPAM’s RBI ensures secure, efficient and virtual private network (VPN)-less access to cloud-based and internal web applications directly from the Keeper Vault. By hosting browsing sessions in a controlled remote environment, RBI isolates web browsing activities from end-user devices, mitigating data exposure risks if a device is compromised. All sessions are fully integrated into Keeper’s privileged access workflows, providing centralised visibility, auditability and AI-driven risk analysis.

Key features of RBI include:

- Secure access without a VPN: Securely access non-hardened websites and tools without the need for a VPN.

- Recorded web sessions: Meet compliance and auditing requirements with fully recorded website interactions, and full session visibility and control.

- Controlled web browsing: Provide access to a pre-approved list of URLs within a secure browser environment.

- Password auto-fill: Automatically fill login and password details into isolated browser sessions without ever transmitting credentials to the user's device.

- AI-powered session monitoring: Leverage KeeperAI to analyse session activity in real time, generate summaries and detect anomalous or out-of-scope behaviour. 

Historically, RBI solutions have imposed significant usability constraints, limiting adoption and driving some users to bypass controls when workflows become too restrictive. The RBI enhancements within KeeperPAM directly addresses these challenges:

- Multi-tab support inside RBI sessions allows users to open and navigate multiple tabs and windows within a single isolated browser session. This enables seamless interaction with modern web applications, including workflows that rely on pop-ups, redirects and single sign-on (SSO), without restarting sessions or breaking isolation boundaries.

- Native JavaScript alerts, prompts and confirmation dialogues are now fully supported within RBI, ensuring web applications behave as expected. Users can also suppress excessive or malicious alert loops, maintaining control when web pages malfunction or behave unexpectedly.

All activity within these sessions is continuously monitored by KeeperAI, enabling security teams to validate that user actions align with intended workflows and detect potential misuse in real time. Together, these enhancements enable organisations to deploy RBI more broadly across business-critical web access scenarios, reducing friction while maintaining strict isolation from endpoint devices. 

KeeperPAM introduces administrator-controlled file uploads through remote browser isolation, addressing another common limitation that has historically forced users to step outside protected environments.

When explicitly enabled by administrators, users can upload files to permitted websites directly within an isolated session, supporting workflows such as document submissions, video uploads and web-based collaboration. File uploads are disabled by default and must be intentionally authorised per connection, reinforcing Keeper’s least-privilege security model.

This capability is particularly valuable for organisations that need to securely access high-risk or externally hosted web platforms while preventing malware exposure, data leakage or credential compromise on local endpoints. 

Remote browser isolation is fully integrated within KeeperPAM, Keeper’s cloud-native privileged access management platform, and can also be deployed as a self-hosted, on-premises solution.

Details

These RBI enhancements will be available within KeeperPAM through Gateway 2.24 and Keeper Vault 17.6 in the coming weeks.