Visibility and Monitoring
Providing visibility into each browsing activity performed by enterprise users across all web destinations, sessions and data exchange and high-resolution monitoring of these activities.
Browser security is a category that encompasses the technologies, tools, platforms and practices that transform browsers into secure environments that enable web access while protecting systems and data. There are three types of browser security solutions: browser-agnostic platform, enterprise browsers and local browser isolation products.
With a browser security solution, enterprises can detect and block web-borne threats and risks like malware, data theft, social engineering, data exfiltration, and other attack techniques, which target browsers and browser applications from websites, SaaS apps and unsanctioned apps. Browser security platforms protect without negatively impacting user productivity.
In modern enterprises, the browser is the key workspace. The browser is also the single intersection point between all other enterprise workspaces: Websites, Enterprise sanctioned SaaS apps, Unsanctioned applications beyond the control of security and IT teams, Managed devices and Unmanaged devices.
As the core workspace and the single access point to anything on the web, the browser is one of the main drivers and enablers of business activity.
Malware
Screen capture, download or sharing to gain malicious access to sensitive data that resides in SaaS and web applications
Deployment of malicious extensions
Exploits and malicious file dropping as an initial access method to the users’ devices
Browser data theft, e.g, cookies and password files
Human-error data exposure that malicious insiders can use as an extremely easy data exfiltration vector
Social engineering techniques, e.g, phishing
Unintentional data loss by data upload to unsanctioned SaaS apps or data download to unmanaged devices.
Browser security is the set of technologies and platforms that detect and block such web-borne threats and risks to secure enterprise users and data. A browser security solution enforces secure web browsing and browser usage across the workforce. As a result, the browser becomes a fundamentally secure environment that protects the enterprise and secures business activities without compromising productivity. Browser security platforms provide comprehensive protection because they support both inbound data security and outbound data security.
Data processed by the browser from sanctioned SaaS apps to untrusted or unmanaged devices.
Data processed by the browser from trusted devices to unmanaged SaaS apps and websites.
Enhancing the browser’s security posture provides high ROI in terms of threat and risk reduction. Implementing browser security controls is also the only way to ensure comprehensive security of unmanaged devices and unsanctioned apps in the enterprise.
Browser security solutions identify and block web-based threats and risks. To achieve this, a browser security solution provides the following three capabilities:
Providing visibility into each browsing activity performed by enterprise users across all web destinations, sessions and data exchange and high-resolution monitoring of these activities.
Ongoing detection and analysis of every user activity and web session. Anomalies that can indicate risk in the browser session are immediately flagged.
Automated policy enforcement to prevent risky user activities in the browser that can expose apps, devices and data to compromise or data loss. Certain predetermined event types are alerted about in real-time.
Protecting the enterprise from a wide scope of relevant web-borne threats, browsing risks and insider threats.
By enforcing principles and policies for authentication, identity mapping, and more.
Enforcing secure browsing for supply chain players.
Both managed and unmanaged.
The ability to monitor every browser activity across all web destinations, sessions and data exchange. All blind spots are eliminated.
Detailed data that enables advanced analysis to detect risks and threats.
How can enterprise security teams determine which browser security solution is the right one for them? We recommend looking through the lens of the following parameters
A browser security solution is intended to protect your business. Therefore, it needs to be able to address your business needs. Ask yourself: what are the company’s main growth factors and needs? If your company plans to leverage M&A for growth, for example, you will need a solution that can quickly extend security to many new users at once. If you work in a heavily-regulated industry, user privacy may be your number one priority. If your teams are dispersed around the world, eliminating IT overhead and security governance could be a high prerequisite for a solution. And so on and so one.
Security teams require users to take action and participate in security activities - through training, getting security approval for systems, implementing best practices, etc. This is often perceived by users as annoying and a blocker for productivity. In addition, security controls can often impact the user experience. For example, VPNs slow down connectivity speed. But today’s modern security solutions are designed differently and many of them do not negatively impact the user experience. Instead, they have little impact on performance and daily usage. Choose a solution that minimizes the impact on user experience as much as possible.
Any vendor can claim to protect from security threats and risks, but how comprehensive is that protection in reality? Make sure your chosen solution A) provides security coverage of all relevant threats and risks and B) provides quality identification and mitigation capabilities, i.e is also able to protect the enterprise from them.
A security solution is only as good as the extent that it is used and implemented in the organization. To encourage deployment and management, choose a solution that provides IT and IS with friendly and simplified capabilities for deploying and managing the use of the solution.
The growing awareness of the importance of privacy has raised many questions among users about the extent of which the enterprise protects them. Show your employees you care about them and choose a solution that protects them and the privacy of their non-work related actions
LayerX user-first browser-agnostic security platform provides real-time monitoring and governance over users’ interaction on the web, to protect enterprise applications, data, and devices from web-borne threats and browsing risks, while assuring the best possible user experience.
LayerX turns any browser into the most protected & manageable workspace
A browser-agnostic platform is a solution that enables employees to keep using any browser they are already using, by deploying a lightweight extension to them. This agent secures their browsing activities to enable safe browsing, threat prevention, SaaS visibility, authentication and identities and applications mapping.
Browser-agnostic Platform Pros | Browser-agnostic Platform Cons |
---|---|
|
|
Browser-agnostic Platform Pros |
---|
|
Browser-agnostic Platform Cons |
|
A dedicated organizational browser that is entirely controlled and managed by the enterprise, isn’t generally available and is used by employees for work-related browsing activities. Just like a browser-agnostic extension, the enterprise browser supports safe browsing, threat prevention, SaaS visibility, authentication and identities and applications mapping.
Enterprise Browser Pros | Enterprise Browser Cons |
---|---|
|
|
Enterprise Browser Pros |
---|
|
Enterprise Browser Cons |
|
Browser isolation platforms are solutions that either isolate a user’s browsing processes in virtual environments, like a code sandbox, or manipulate the browser’s performance in real-time. The isolation protects the organizational systems and devices by containing attacks and preventing exploits, remote code execution and downloaded malware from interacting with the actual OS and file systems.
Local Browser Isolation Pros | Local Browser Isolation Cons |
---|---|
|
|
Local Browser Isolation Pros |
---|
|
Local Browser Isolation Cons |
|
High, can be complemented with EPP/EDR
High
High
Frictionless
High
None
High
Medium-High
Medium
Long
Medium - due to visibility into the device
High
Medium - only at the code-level
Very Low
Low
Long
Medium
High
High, can be complemented with EPP/EDR
High
High
Frictionless
High
None
High
Medium-High
Medium
Long
Medium - due to visibility into the device
High
Medium - only at the code-level
Very Low
Low
Long
Medium
High
CASBs (Cloud Access Security Brokers) are software or hardware components that are situated between users and the cloud, where they monitor traffic and enforce policies between users and cloud service providers. However, CASBs provide solutions only for sanctioned applications and they depend on each application’s API. In addition, this CASB limitation applies equally on activity policies that are meant to detect attacker tampering with a compromised SaaS account, as well as on their DLP capabilities that are blind to session context and browser data activities such as form filling, drag & drop, and others. Browser security, on the other hand, secures the device across all and any applications and infrastructure: sanctioned apps, unsanctioned apps, website, on-premises infrastructure and in the cloud.
SWGs (Secure Web Gateways) are network security solutions for applying security policies on network and web usage. Users connect to websites through the SWG, rather than directly, and they are provided access only after the SWG performs security measures like URL filtering, content inspection, and more. However, SWGs rely on hostnames and URLs as indicators of a site’s content . They lack the capability to dynamically detect malicious pages in real time and based on behavior alone. This significantly reduces their protection coverage. In addition, SWGs don’t have visibility into the browsing session context and they are missing the required granularity when it comes to discerning between legitimate web destinations and malicious ones, as well as between sanctioned SaaS apps and unsanctioned ones. This forces severe disruption in user experience and even lack of protection altogether. Browser security solutions, on the other hand, perform real-time scans and leverage threat prevention engines to catch 99% of all malicious web pages in zero-hour. In addition, browser security solutions provide visibility into the browsing session user journey while providing context, to ensure a seamless user experience and without compromising security.
EDR (Endpoint Detection and Response) tools and EPPs (Endpoint Protection Platforms) are solutions for detecting suspicious behaviors of files and code on endpoints based on analytics and contextual information. Identified threats are then blocked. However, while these solutions provide a last line of defense against exploits and file dropping, critical risk malware requires adding an additional security layer through an external tool, which creates management overhead and integration complexity. In addition, EDR/EPP tools are blind to browsing events, and therefore can miss 60% of malware downloads arriving from the browser. A browser security solution provides a single and manageable solution for detection and prevention of a broad scope of security threats and risks while protecting the key enterprise endpoint and workspace. It detects malware drop sites before they are downloaded to the hosting device, and brings a much needed visibility into browsing activity.
There are three modern browsing solutions that we have been discussing: browser-agnostic platforms, enterprise browsers and browser isolation. Before these solutions were introduced to the market, legacy solutions attempted to contribute to enterprise browser security. Let’s take a look at each one:
A web browser that is hosted on a virtual environment in a manner that isolates it from the OS and file systems. Browsing activities are monitored and any malicious scripts or malware are executed in the virtual machine in the cloud, instead of on the corporate device. However, virtual browsers are complex to deploy and resource-heavy. They tend to negatively impact the user experience through latency and poor performance.
A solution that manages access to web pages by reviewing and analyzing web-based content and websites. Web filtering can help prevent accessing malicious pages and control the websites users can access. However, web filtering is based on basic rules or already known threats, rather than newly emerging ones. In addition, filtering is very basic and it does not provide solutions for more advanced actions, like writing, sharing and deleting. Finally, web filtering tools do not provide solutions for enterprise SaaS apps and unmanaged devices.