A New Security Category Addresses Web-borne Threats

Mar 17, 2023The Hacker NewsBrowser Security / Endpoint Protection

In the modern corporate IT environment, which relies on cloud
connectivity, global connections and large volumes of data, the
browser is now the most important work interface. The browser
connects employees to managed resources, devices to the web, and
the on-prem environment to the cloud one.

Yet, and probably unsurprisingly, this browser prominence has
significantly increased the number of threats that adversaries
target the browser with. Attackers are now leveraging the browser’s
core functionality – rendering and executing web pages for users to
access – to perform attacks. The browser is now an attack surface,
as well as an attack vector for malicious access to corporate SaaS
and web applications through account takeover and the use of
compromised credentials.

To address this issue, a new guide was recently published
(Download Here^[1]). It analyzes what a
solution to these threats would look like. The guide, “Protection
from web-borne threats starts with Browser Security Platform,”
details the characteristics and the capabilities of a potential
solution, and explains how it compares to other security solutions
and why it is needed.

You Can’t Protect From Web-borne Risks From Outside the
Browser

Commonly used security solutions were not natively built for
protecting web sessions. For example:

• A network solution that analyzes web traffic to prevent access
  to malicious websites can’t detect over 40% of today’s
  adversaries-controlled web pages.
• CASB doesn’t have any monitoring and threat detection
  capabilities for unsanctioned applications and other non-corporate
  web destinations.
• Endpoint Protection Platform (EPP) doesn’t have visibility into
  the installment of browser extensions

Instead, protection to web-borne risk has to come from within
the browser itself.

The Solution: Browser Security Platform

The guide calls for the recognition of an emerging security
solution category, Browser Security Platform, which provides
visibility into the browser’s application layer. This visibility is
provided by continuously monitoring, analyzing, and applying
real-time security controls on browser sessions from the browser
itself.

Main characteristics of Browser Security Platform include:

• Browser-agnostic – the ability to equally
  support any browser it might encounter.
• Converged – the ability to analyze the
  post-decrypted web session, detect and prevent web-borne attacks in
  real time, prevent unintentional data loss, and enable IT
  governance.
• Comprehensive – addresses all aspects of the
  browser security: the browser itself, user activities and
  preventing attacker-controlled web pages.
• Deep web session inspection -real-time
  monitoring, risk analysis and proactive protection on the actual,
  post-decryption web session itself.
• User-centric – the maintenance of a seamless
  user experience and preservation of user privacy.

Browser Security Platform Core Capabilities

Following the detailed characteristics, the guide then lists the
core capabilities of browser Security Platform. The main ones
are:

• Secure browser configuration and attack surface reduction
• Zero trust in the browser
• 360° SaaS and web security
• Protection from browser-borne attacks, phishing webpages and
  malicious websites
• Protect unmanaged devices and BYOD

Adapting and responding to any future web-based risks.

The guide itself provides more granular details about each
capability and how businesses can leverage them.

The Benefits of Browser Security Platform

Why should businesses look into a Browser Security Platform? The
guide doesn’t shy away from tackling the hard questions. The
writers know that CISOs have to justify budgets to the board and
evangelize internally. Therefore, they list the main benefits
Browser Security Platform provides for businesses.

The main ones are work flexibility for employees, consolidation
of browser security controls, regained control of unmanaged
resources, consistency of protection across all web and SaaS
applications and support for a cloud-first strategy.

What is Not Browser Security Platform?

Finally, the guide provides insights into how to detect a
Browser Security Platform. As an evolving category, the concept of
Browser Security Platform is not always well understood by both
security stakeholders and solution vendors alike.

Some examples of common mistakes regarding the nature of this
new product category are perceiving it as a virtual machine for
web-pages emulation, as an enhancer of endpoint protection
solutions, or a solution that replaces commercial browsers. That is
not the case, and the guide details why.

Main Takeaways from the Browser Security Platform Guide

The journey to protecting from web-borne risks and threats has
started long ago. The question to explore today is where the most
urgent gaps are. They might be the partial visibility across
unsanctioned applications or the failure from preventing employees
from accessing malicious web pages. There are a multitude of
protection challenges for the browser.

The Browser Security Platform guide provides a directive for
identifying how security stakeholders can address these gaps. The
unique guide provides granular detail into how a solution would
work and what stakeholders would stand to benefit.

Read the complete guide here^[2].