For the majority of web applications, running in the user's browser is fine — the application is public, the data is non-sensitive, and the user is trusted to use whatever device they have. For the smaller class of applications that handle privileged data, regulated content, internal controls or third-party access, that model is the problem. The application's HTML, the JavaScript that drives it, the session cookies that authenticate it and the responses that contain the data all end up on a device the organisation does not fully control. A compromised browser extension, a keylogger, a screen-recording trojan, or simply a user who shouldn't be on that machine — any of these can reach the application surface that's sitting in front of them.
Endpoint hardening helps. Mobile device management helps. VPN with split tunneling helps. None of them eliminate the structural fact that the application is running on the user's machine and the application's content has been delivered to it.
Remote Browser Isolation closes the path at the architecture level. The protected application runs inside a fully isolated session on the TR7 platform — never on the user's device. The user opens a standard browser tab and sees a pixel stream of the running application. Click and keyboard input flow back to the isolated session. The application's actual content — every DOM node, every script, every cookie, every API response — stays on the platform, where the organisation already controls the security boundary.
Each of these matters alone. Taken together, they describe what remote browser isolation looks like when it's built into the same platform that already delivers and protects the application.
The protected application runs inside a fully isolated session on the TR7 engine. The user's browser receives the rendered output as a pixel stream — never the HTML, never the JavaScript, never the cookies. Click and keyboard input travel back to the isolated session, which executes them against the real application. The endpoint becomes a display surface, not an execution environment.
The user opens any modern browser (Chrome, Firefox, Safari, Edge) and connects to a TR7 URL. No native client, no extension, no agent, no VPN tunnel on the device. Works the same on managed laptops, Personal Device (BYOD) phones, unmanaged contractor machines and shared computers — the only requirement is a current browser.
Each isolated session is locked to the domains the operator allows. Navigation requests, in-page link clicks, single-page app routing and new-tab attempts are all evaluated against the allowlist before they execute. The user cannot drift onto an unrelated site mid-session, and an injected redirect cannot pivot the session somewhere it shouldn't be.
Every isolated session records continuously: video of the rendered screen, smart screenshots triggered by meaningful events (clicks, navigation, form submission), word-level keystroke capture, clipboard operations with their content, mouse position and URL changes. Investigation-ready evidence without a separate recording product.
Remote Browser Isolation runs inside the same TR7 engine that delivers your applications, protects them with WAAP and authenticates users through the access gateway. One vService model, one operator console, one audit trail, one bandwidth model. Not a separate product to license and integrate.
Every capability below ships as part of the same TR7 platform. Configure per application, no scripting required.
Each user session runs in its own fully isolated environment on the platform. Sessions don't share memory, don't share cookies, don't share browser state. When the user disconnects, the session is torn down completely — nothing persists between sessions.
The rendered application reaches the user as a real-time pixel stream through any modern browser. The endpoint receives an image; it does not receive the HTML that produced the image, the JavaScript that drives interactivity, or the cookies that hold authentication state.
Define exactly which domains the isolated session may reach. Initial navigation, in-page link clicks, server-side redirects and single-page app route changes are all evaluated against the allowlist. Modern apps with client-side routing are handled correctly — not just the first request.
New tab attempts, pop-up windows and the browser context menu are blocked inside the isolated session. The user cannot escape the controlled surface into an arbitrary browsing environment. Configurable per application if specific use cases need exceptions.
Screenshots are triggered by what the user actually does — a click, a navigation, a form submission, a copy action. Before-and-after navigation pairs capture "what was clicked → what opened." Mouse position is marked on the screenshot. Pages are captured after they finish loading, not mid-render.
Keystrokes are recorded as readable word events, not raw key codes. Auto-repeat is filtered out. Backspace is marked inline. Copy, cut and paste operations are logged with their actual content. Security analysts read a usable transcript of what the user typed, not a stream of low-level events.
Every copy, cut and paste operation inside the isolated session is captured with the content involved. Operators can see exactly what data moved through the clipboard during the session, including the values pasted into form fields and the text copied out of the application.
The complete rendered output of the session is recorded as video for the full duration of the user's connection. Useful for post-incident review, dispute resolution, training, audit and regulator-facing evidence — replay exactly what the user saw and did.
TR7's anti-OCR rendering, forensic watermark and text cipher capabilities all run on top of the isolated session's pixel stream. Once the application surface is on the platform side of the boundary, these display protections become possible — they engineer the pixels themselves before they reach the user.
Operators can watch any active session in real time from the admin console, change protection settings on the fly (watermark text, anti-OCR intensity, allowlist entries) and see the effect immediately. No restart of the session, no disconnection of the user.
Configurable idle timeout ends abandoned sessions automatically — releasing platform resources and ensuring an unlocked screen doesn't stay alive indefinitely. The session shuts down gracefully and notifies the coordinator so the user's slot can be reused.
Most recording products do one thing well — video, or screenshot, or keylog. TR7 records all three together, and engineers each one so the recording is actually useful to a security team afterwards.
Screenshots are taken on meaningful user actions: a click, a navigation, a form submission, a copy or paste operation, a critical admin action. Periodic screenshots produce mostly empty frames; event-driven screenshots produce frames that always show why they were taken. The result is a much shorter, much higher-signal capture set.
When the user clicks something that triggers navigation, two screenshots are captured: one of the page as it was when clicked, one after the destination has fully loaded. The pair tells the story of "what was clicked → what opened." Investigators don't have to guess which click produced which page.
Each screenshot includes a visible marker (a red circle) showing where the mouse was at the moment of capture. The exact element the user clicked or hovered is visible at a glance — no need to correlate separate mouse logs against the screenshot timestamp.
The screenshot is taken after the page has stopped loading — after pending network requests complete and the browser settles. Operators see the page as the user actually saw it, not a half-rendered intermediate frame.
Keys are buffered and flushed at space, enter, tab and short timeouts — so the log reads as words and commands, not as a stream of individual keystrokes. Auto-repeat is filtered. Backspace appears inline as a marker. Clipboard operations log the actual content. The transcript reads like a usable record.
The full session is recorded as video in parallel with the smart screenshots. The video gives temporal context — what was happening before and after the moments that triggered a screenshot. Together they cover both the highlights and the continuous record.
Industrial control interfaces that should never be directly reachable from a corporate workstation, let alone a personal device. Operators reach the SCADA console through the browser; the application itself stays on the TR7 platform, away from the user's endpoint.
Cloud admin consoles, database admin tools, CI/CD panels, internal control planes — high-value targets where a single compromised admin endpoint can hand attackers production access. Isolation puts the console on the platform, not on the admin's laptop.
Legal documents, financial statements, M&A data rooms, board materials, regulator submissions — anything the organization shows but does not want extracted. The isolated session combined with anti-OCR and watermark closes both the document download path and the screenshot path.
External users granted temporary scoped access. They reach the application through any browser, see only what their role permits, and leave behind a full recorded session when they're done. No corporate-issued laptop required, no VPN client to manage on the contractor side.
Employees on personal devices, mobile phones, home computers. The organisation doesn't manage the device, doesn't know what's installed on it, and shouldn't deliver application internals to it. Isolation makes the device an acceptable access path again.
Clinical staff need to read patient records, lab results and imaging on screen, often from shared workstations and mobile devices. The protected viewer runs on the platform; nothing reaches the user's device that could leak the PHI it was supposed to display.
See TR7 Remote Browser Isolation in a live demo. We'll show the same web application running inside a fully isolated session on the platform, the pixel stream reaching the browser, and the session recording the operator sees while it happens.