Browsers are no longer just for surfing the web; they’ve become a cloud app delivery platform, and even extended to function as the primary interface for enterprise apps in the cloud. Since they’ve been leveraged to support massively more powerful functions, they, conversely, now can function as massively more powerful attack platforms using some of the same techniques.

For our part, we wonder how secure they really are, and are testing just that. First, some background.

Where companies were historically primarily focused on securing the underlying operating systems, now they focus squarely on the browser as a critical property to be protected. This need gives rise to the enterprise browser market, one with a more critical and more nuanced ability to protect enterprises with a new level of security paranoia.

Here are some of the enhanced features:

1. Security Enforcement – From zero-trust access control to Data Loss Prevention (DLP), to anti-malware and anti-phishing, keeping nasty bits and nasty people from accessing your data either inside or outside the perimeter.
2. Identity & Access Management (IAM) – Forming a Single Sign On (SSO) function that can carry an individual’s access and resources across multiple networks and platforms seamlessly, and keep bad actors out, through a combination of policy controls and Multi-Factor Authentication (MFA).
3. Visibility and Monitoring – Logging and centralized management of user activity, and correlating spurious and potentially adverse actions aimed at attacking and exfiltrating data and exploiting systems. This gives an organization the ability to replay attacks and reconstruct the steps of bad actors trying to steal things.
4. Enterprise Integrations – Integration with EDR/XDR, SIEM and other enterprise security system fabric like CASB and VPN-ish connectivity features across the enterprise.
5. Manageability and Central Control – Large enterprises need the ability to manage policies by group, function, and location, and push security updates granularly based on role and context, and push out custom plugins and extensions as well.

If you haven’t really explored them, you’re not alone. Here are some examples (non-exhaustive, in no particular order), in case you’re interested in diving in.

1. Island Enterprise Browser
2. Chrome Enterprise Premium
3. Netskope One
4. Talon Enterprise Browser
5. LayerX Enterprise Browser Extension
6. Cisco Secure Access
7. Lookout Secure Browser
8. Microsoft Edge for Business

This burgeoning list does beg the question about non-enterprise browsers, you know, the one you’re probably reading this on – is their security particularly terrible? Should we be concerned? 

The browser market is such that garnering the attention and inclusion of aftermarket plugins, themes, and doo-dads is a good way to scale a brand. So while the core browser might not be full of security holes, the less-controlled aftermarket ecosystem most certainly could be. 

As a browser creator, if your browser ecosystem doesn’t scale, it also affects your ability to continue making browsers, so it’s perhaps unwise to go meddling with the core offerings if they tend toward your own product’s extinction. 

Enter the enterprise browser split. While it may share a significant codebase with the browser you’re using right now, it’s certainly locked down to a degree that might frustrate some casual users, but make corporate security people very much less concerned about getting breached.

It remains to be seen which of the vendors in this specific segment will survive. But if you’re considering enterprise browsers for your organization, you may want to drop us a line and get our take on it, since our reports are aimed squarely at you, the customer, and hope to shed some light along the way on which might be best for you, from a security perspective.

The post Enterprise browsers – when your regular browser’s security just isn’t good enough appeared first on SecureIQ Lab.

*** This is a Security Bloggers Network syndicated blog from SecureIQ Lab authored by Cameron Camp. Read the original post at: https://secureiqlab.com/enterprise-browsers-when-your-regular-browsers-security-just-isnt-good-enough/