The Secure Enterprise Browser Extension

LayerX protects your entire browser ecosystem as is, without requiring your users to shift, wholly or partially, to a new browser. At LayerX we understand that the browser choice of an enterprise is driven by many factors, and that both CISOs and users don’t want to migrate from their favorite browser to a customized one. LayerX’s platform mitigates the same browser security risks as Talon and Island, while being more focused on the browsing process itself and maintaining all the security and productivity advantages commercial browsers provide. Moreover, the enterprise browser introduces inevitable blind spots, stemming from the side-by-side deployment of the enterprise browser and the commercial one. With LayerX these gaps don’t exist in the first place since there is only one browser to monitor and control, providing hermetic security coverage to any browsing activity users perform.

There is a wide range of risks and threats that is either only partially covered by other solutions or not at all. Among the second group, two prominent examples are monitoring and protection of user activity on unsanctioned apps and other non-corporate web destinations, as well as prevention of installing malicious extensions on the browser which is a leading credential theft vector. These capabilities are absent from any other security product today. A browser security platform provides secure solutions to these vulnerabilities.

Browser isolation solutions are focused on preventing exploitation execution and malware download by creating a secure environment where they can run without interacting with the ‘real machine’. At LayerX we believe that this approach is subject to three main flaws. First, exploits and malware are already soundly addressed by today’s commercial browsers and Endpoint Protection solutions. Second, browsing isolation is infamous for resource consuming and degrading the endpoint’s performance. And third, and probably the most important flaw, browser isolation lacks the ability to address the wider perspective of the browser risk landscape in which phishing, data leakage, and SaaS risks have prominent presence. Browser isolation doesn’t address these risks since it only targets activities that take place within a live web session. LayerX’s browser extension approach, on the other hand, provides comprehensive coverage to the web-borne risk landscape, by monitoring these web sessions in real-time to detect suspicious activity, while conducting contextual cloud-based isolation and assuring that the user experience is at the best possible level.

With LayerX you don’t have to allocate 3rd party contractors a managed device. Instead, deploy (by installation or sign in) a managed browser profile, which is protected with the LayerX extension, on their own devices. This enables them to connect to your SaaS apps via the LayerX protected browser profile. You can then craft dedicated access and activity policies and provide them with seamless access only to the data they need within these apps, while keeping all other data secure.

Not at all! Continuous monitoring refers to the action that takes place locally within LayerX’s in-browser ML engine and not to the data sent to LayerX’s management console. This engine has granular visibility into every browsing event to ensure it can detect indications of malicious activity effectively and in a timely manner. However, the vast majority of this data, including Personal Identifiable Information (PII) and private content, never leaves the browser at all. The only data that is sent to the LayerX cloud is alerts on risky activities for the security team to investigate and respond to.

Your main applications (Office, Box, etc.) are covered in terms of visibility, as long as they are centrally installed and managed. However, CASB is only as good as the API of the apps it protects, which introduces inconsistencies in the levels of visibility between different apps. CASB isn’t effective with unmanaged applications and shadow SaaS. Additionally, CASB is not strong in actually preventing malicious activity. LayerX provides a consistent level of monitoring and control to all applications, with no API dependency, and can prevent any malicious activity upon detection of risk.

For managed devices, LayerX is easily installed in a few clicks with device management tools (such as Group Policy). For unmanaged devices, we provide identity-centric deployment that allows users to load a managed browser profile into their unmanaged device with a lightweight installer or a simple sign in. The LayerX unmanaged deployment allows users to access and interact with corporate cloud apps using a managed browser profile, without it ever monitoring any other device or personal browsing activity.

The LayerX extension’s user profile can be used as an additional authentication factor on top of the user account. This can be implemented either as a standalone factor or by integrating LayerX with the cloud identity provider.

Near zero. LayerX was built and designed to transparently steer users to secure browsing. I only interferes with the browsing activity when the activity introduces a risk to data, devices, or applications.

Certainly. LayerX can protect any application that is accessed through a browser with access policies that act as authentication factor and activity policies that act as an authorization mechanism.

LayerX can prevent web-based attempts to steal user credentials. It scans for phishing sites, prevents credential leakage to suspicious apps, and blocks risky browser extensions that may harvest user credentials. In addition, LayerX can modify, restrict, or block the storage of credentials on the hosting device in order to address device threats, such as malware attempting to steal the browser password data.

A browser security platform is a new cyber security product category that acknowledges the critical role browsers have in today’s IT environments. These products address all the risks and threats to the browser’s data, the device it runs on, or SaaS apps that access through it, in a centralized manner. Continuous monitoring, risk analysis, and policy enforcement on user activities focus on the browser itself, where the activity actually takes place, rather than applying it to mere network traffic, which is inherently limited in the data and context it can provide.

A firewall flags malicious web destinations based on their hostname/URL and is blind to the content of each web page itself. This approach lags behind the rapid and dynamic nature of modern web phishing. As a result many malicious pages can evade it. Attackers nowadays abuse cloud services and SaaS applications in order to distribute phishing and malware. A firewall simply doesn’t have the required visibility into the various components that indicate if a website is malicious or not. LayerX scans the webpage’s content and applies AI analysis to detect malicious attributes, yielding a far higher success rate.

LayerX is a browser-agnostic security platform, delivered as a lightweight extension that aggregates all activity data for monitoring and risk analysis purposes to enforce secure access and browsing. With LayerX, security teams configure activity policies to prevent risky user activities in the browser that can expose apps, devices, and data to risk of compromise or data loss. Once an activity policy is activated, the LayerX cloud service pushes it to the extension that performs the actual enforcement on the browser. The extension has three functionalities: processing activity data and reporting to the cloud service, receiving policies from the cloud service and enforcing it, and analyzing risk together with the cloud service. Layer X integrates with identity management tools and zero trust access systems to ensure minimal overhead for security teams and efficient use of their time.