Security stakeholders have come to realize that the prominent role of the browser in the modern enterprise environment requires a reassessment of how it is managed and protected. Although not long ago cyber risks were still addressed by a patchwork of endpoint, network and cloud solutions, it is now clear that the partial protection provided by these solutions is no longer sufficient. Therefore, more and more security teams are now turning to the new category of custom-built Browser Security Platform as the answer to browser security challenges.
However, since this security solution category is still relatively new, there is not yet an established set of browser security best practices or common evaluation criteria. LayerX, the User-First Browser Security Platform, addresses the needs of security teams with the downloadable browser security checklist, that guides its readers through the essentials of choosing the best solution and provides them with an actionable checklist to use during the evaluation process.
The browser is the most important work interface and the most targeted attack surface
The browser has become the core workspace of the modern enterprise. In addition to being the gateway to sanctioned SaaS apps and other non-enterprise web destinations, the browser is the intersection between cloud\web environments and physical or virtual endpoints. This makes the browser both a target for several types of attacks, as well as a potential source of accidental data leakage.
Some of these attacks have been around for more than a decade, for example exploiting browser vulnerabilities or drive-by downloading malicious files. Others have recently picked up steam along with the steep rise in SaaS adoption, such as social engineering users with phishing websites. Still others take advantage of developments in web page technology to launch sophisticated and hard-to-detect changes and abuse browser features to capture and exfiltrate sensitive data.
Browser Security 101 – What do we need to protect?
Browser security can be divided into two different groups: prevention of accidental data exposure and protection against various types of malicious activity.
From the data protection aspectsuch platform enforces policies that ensure that sensitive corporate data is not shared or downloaded insecurely from sanctioned apps or uploaded from managed devices to non-corporate web destinations.
From the threat protection aspectsuch a platform detects and prevents three types of attacks:
- Attacks that target the browser itself with the aim of compromising the host device or the data contained in the browser application itself, such as cookies, passwords and others.
- Attacks that use the browser via compromised credentials to access corporate data residing in both sanctioned and unsanctioned SaaS applications.
- Attacks that exploit the modern web page as an attack vector to target user passwords, via a wide variety of phishing methods or through maliciously changing browser functionality.
How to choose the right solution
What should you focus on when choosing the browser security solution for your environment? What are the practical consequences of the differences between the various offers? How should implementation methods, the architecture of the solution or the privacy of the users be weighed in the overall consideration? How should threats and risks be prioritized?
As we’ve said before – unlike other security solutions, you can’t just ping one of your peers and ask what he or she is doing. Browser security is new and the wisdom of the crowd has yet to be formed. In fact, there’s an excellent chance that your peers are now struggling with the same questions you are.
The definitive browser security platform checklist – what it is and how to use it
The checklist (download it here) breaks down the high-level ‘browser security’ heading into small and digestible chunks of the specific needs to be addressed. These are brought to the reader in five columns – implementation, user experience, security features and users’ privacy. For each column there is a brief description of its browser context and a more detailed explanation of its capabilities.
The most significant pillar in terms of scope is obviously the security functionality one, which is divided into five subsections. Since in most cases this pillar would be the first driver to pursue the browser security platform in the first place, it is worth reviewing them in more detail:
Browser Security Deep Dive
The need for browser security platform typically arises from one of the following:
— Attack Surface Management: Proactively reducing the browser’s exposure to various types of threats, eliminating the ability of adversaries to execute them.
— Zero trust access: Tightening authentication requirements to ensure that the username and password were actually provided by the legitimate user and were not compromised.
— SaaS monitoring and protection: 360° visibility into all users’ activity and data usage within sanctioned and unsanctioned apps, as well as other non-corporate web destinations, while protecting corporate data from compromise or loss.
— Protection against malicious web pages: Real-time detection and prevention of all the malicious tactical adversaries embedded in the modern web, including credential phishing, malicious file downloads, and data theft.
— Secure third-party access and BYOD: Enabling secure access to corporate web resources from unmanaged devices from both the internal workforce as well as external contractors and service providers.
This list enables anyone to easily identify the goal of their browser security platform search and figure out the options needed to meet it.
The checklist – a straightforward evaluation shortcut
The most important and useful part of the guide is the final checklist, which for the first time provides a concise overview of all the essential features a browser security platform should provide. This checklist makes the evaluation process easier than ever. All you have to do now is test the solutions you’ve chosen from the list and see which one scores the highest. Once you have them all, you can make an informed decision based on the needs of your environment as you understand them.
Download the checklist here.