Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built enterprise browsers as the answer to the browser’s security challenges.
However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria.
LayerX, the User-First Enterprise Browser Extension, is addressing security teams’ need with the downable Enterprise Browser Buyer’s Guide, which guides its readers through the essentials of choosing the best solution and provides them with an actionable checklist to use during the evaluation process.
The browser has become the core workspace in the modern enterprise. On top of being the gateway to sanctioned SaaS apps and other non-corporate web destinations, the browser is the intersection point between cloud\web environments and physical or virtual endpoints. This makes the browser both a target for multiple types of attacks, as well as a potential source of unintentional data leakage.
Some of these attacks have been around for more than a decade, exploitation of browser vulnerabilities or drive-by download of malicious files, for example. Others have gained recent momentum alongside the steep rise in SaaS adoption, like social engineering users with phishing webpages. Yet others leverage the evolution in web page technology to launch sophisticated and hard-to-detect modifications and abuse of browser features to capture and exfiltrate sensitive data.
Browser security can be divided into two different groups: preventing unintended data exposure and protection against various types of malicious activity.
From the data protection aspect, an enterprise browser enforces policies that ensure sensitive corporate data is not shared or downloaded in an insecure manner from sanctioned apps, nor uploaded from managed devices to non-corporate web destinations.
From the threat protection aspect, an enterprise browser detects and prevents three types of attacks:
What should you focus on when choosing an enterprise browser solution for your environment? What are the practical implications of the differences between the various offerings? How should deployment methods, the solution’s architecture, or user privacy be weighed in the overall consideration? How should threats and risks be prioritized?
As we’ve said before – unlike with other security solutions, you can’t just ping one of your peers and ask what he or she is doing. Enterprise browsers are new, and the wisdom of the crowd is yet to be formed. In fact, there’s an excellent chance that your peers are now struggling with the very same questions you are.
The buyer’s guide (download it here) breaks down the high-level ‘browser security’ headline to small and digestible chunks of the concrete needs that need to be solved. These are brought to the reader in five pillars – deployment, user experience, security functionalities and user privacy. For each pillar there is a short description of its browser context and a more detailed explanation of its capabilities.
The most significant pillar, in terms of scope, is of course, the security functionalities one, which is divided into five sub-sections. Since, in most cases, this pillar would be the initial driver to pursuing browser security platform in the first place it’s worth going over them in more detail:
The need for an enterprise browser typically arises from one of the following:
This list enables anyone to easily identify the objective for their enterprise browser search and find out the required capabilities for fulfilling it.
The most important and actionable part in the guide is the concluding checklist, which provides, for the first time, a concise summary of all the essential capabilities an enterprise browser should provide. This checklist makes the evaluation process easier than ever. All you have to do now is test the solutions you’ve shortlisted against it and see which one scores the highest. Once you have all of them lined up, you can make an informed decision based on the needs of your environment, as you understand them.
Download the Buyer’s Guide here.
