Like domain names that incorporate the URLs of the legitimate sites they imitate, certification is one more way to falsely reassure users that it is safe to enter credentials on a phishing site. In theory, when a user enters the URL of a phishing site, the browser warns him that the site is malicious. Limiting user access to a strictly defined set of sites impairs productivity and is most likely ineffective at preventing attacks, since even legitimate sites can be infected with malware. Zero Trust Browsing: What you can’t authenticate, isolate To protect organizations – and users themselves – from the dangers of websites infected with malware or malicious payloads, the Zero Trust mantra must be taken still further, to “trust no one – full stop.” Since most websites cannot be verified as safe in real time, the sites, including attachments and payloads, and the users who browse them simply shouldn’t be trusted. Instead, it leverages remote browser isolation (RBI) to enable users to access the sites that they need, while keeping all content safely away from endpoints and networks.