Secure Your Organization’s Most Used Application: Enterprise Browsers
Posted August 15, 2024 by Jason Marocchi
What’s the first thing you think of when considering how to defend your organization’s attack surface? Maybe the internet browser your employees use while performing their work isn’t top of mind. But a browser is one of the most susceptible and widely used technologies to be attacked in an organization.
Employees spend 85% or more of their workday in a web browser, according to a recent Palo Alto Networks survey. According to that same research:
95% of respondents reported experiencing browser-based attacks in the past 12 months, including account takeovers and malicious extensions.
Organizations are moving away from thick apps to web/software-as-a-service (SaaS) applications. With thick apps, the application runs on a user’s device and performs most of its processing there, while web/SaaS applications are hosted remotely and accessed via web browsers. According to the Palo Alto Networks research, expect to see a 50% increase in web/SaaS app use over the next 24 months.
Jason Marocchi, Cybersecurity Engineer at Sayers, says:
“Understanding the importance and criticality of securing a piece of technology that is being used so frequently is something organizations need to re-evaluate and have a strategy in place.”
How Are Enterprise Browsers Different From Consumer Browsers?
Standard consumer browsers are limited in providing adequate security and control, especially in the face of increasing web-based attacks. Examples of consumer browsers include Safari, Firefox, and the basic versions of Chrome and Microsoft Edge.
Consumer browsers typically have little to no control over what users can do while interacting with applications and services in the browser. The consumer browser passes data traffic back and forth, prioritizing convenience over security or privacy.
An enterprise browser, purpose-built for the enterprise environment and hybrid workforce, provides a more secure, managed functionality. Enterprise browsers allow full visibility and control over every part of the browser’s interaction with any type of data.
Done effectively, enterprise browsers add another layer of security without inhibiting workflows. Marocchi says:
“Enterprises need to understand attack vectors through a browser and how to mitigate them in a way that doesn’t impact an employee’s workflow. If you’re using consumer browsers in an enterprise, you’re swinging with a sledgehammer as opposed to taking a surgical approach to security.”
That surgical approach allows specific types of browser users to do what they need to do in performing their jobs, while putting guardrails in place. As security shifts as close to the end user as possible, security policies are directly enforced in the browser.
In a bring-your-own-device (BYOD) environment, enterprise browsers can evaluate device posture, determining whether the device meets specified criteria to have access to sensitive applications. They also can manage what extensions users can add to the browser.
Examples of today’s enterprise browsers include Google Chrome Enterprise, Island, Menlo Security, Microsoft Edge for Business, and Talon (acquired by Palo Alto Networks). Depending on your organization’s needs, you can choose between two types:
- An add-on to a pre-existing browser
- A standalone browser application
Use Cases: Why An Enterprise Browser Could Be A Good Fit For Your Organization
An enterprise browser provides efficient management with flexible policy controls and reporting capabilities, combined with enhanced security features that protect users against attacks that target browser vulnerabilities.
Wondering how you would apply enterprise browser capabilities in your organization? Consider these use cases:
Critical SaaS and internal web apps. Enterprise browsers provide seamless access to applications and data within a secure browsing environment, ensuring users only have access to approved websites, apps, and features. Enterprise browsers secure applications, protect data, and make sensitive information available to those who legitimately need it to perform their jobs.
BYOD. While still ensuring security, you can reduce hardware expenses and management by allowing users to use their own devices – desktop, laptop, and/or mobile. With an enterprise browser, you can ensure a device meets the required compliance level to allow access to internal apps and sensitive information.
Contractors and consultants. Providing third-party access to an enterprise browser means you don’t have to ship, manage, and refresh laptops for a seasonal workforce of contractors, for example. Providing an enterprise browser can be a less expensive yet secure alternative. A screen-capture feature allows you to audit what your third-party consultants do in the browser.
Virtual desktop infrastructure (VDI) reduction. For organizations looking for alternatives to VDI, an enterprise browser can handle the vast majority of security capabilities you would get from a VDI deployment.
Last-mile control. Enterprise browsers stand out from some other security solutions by bringing security controls as close to the user as possible. With an enterprise browser you can allow specific users to access sensitive information from an application such as Salesforce, but prevent them from copying and pasting that information outside the app. You also can implement controls to prevent users from printing that information, or from downloading and emailing confidential data using personal email domains.
Disaster recovery. If you have a DR incident that causes employee workstations and laptops to go down, you can provide access to the secure enterprise browser on employees’ personal devices. Users can access critical applications without missing a beat in the wake of a DR incident.
Geo enforcement for roaming users. Get more specific about what your remote and traveling users can do and access. An enterprise browser can apply the appropriate criteria and security controls to different situations instead of using a broad-brush approach.
M&As and joint ventures. Similarly to roaming users, enterprise browsers enable granularity in the level of access provided in M&A and joint venture scenarios. They can provide visibility into user activities, monitoring for unusual or unauthorized access to information through web applications. IT teams can quickly identify and navigate potential security and compliance issues.
Security Features Of Enterprise Browsers
Enterprise browsers offer a variety of features that stand out from other security solutions to address challenges faced by today’s organizations.
Among those features:
- Auditing, logging, and forensics. An enterprise browser can improve your incident response, allowing you to see what happened in a phishing attempt, for example, and ensure appropriate security controls are in place.
- Browser enforcement. Your IT staff can efficiently update, manage, and control enterprise browser configurations, whether on a department-wide or enterprise-wide basis.
- Internet Explorer emulation. This feature provides an extra layer of security while avoiding compatibility issues with legacy apps designed to run with Internet Explorer.
- Malware inspection. If someone in your organization accidentally clicks on or downloads a malware program, the browser can automatically analyze the program’s purpose and determine if it should be allowed to download and/or execute.
- Man-in-the-middle prevention. In a business email compromise (BEC) situation, where a user has unwittingly clicked on a link in a phishing email, the enterprise browser can prevent the user from submitting credentials on a webpage with a questionable domain.
- Secure storage. A user might not be permitted to download or copy information out of the browser, but the enterprise browser can offer temporary, secure storage to view a sensitive document.
Where Enterprise Browsers’ Fit
Enterprise browsers aren’t a substitute for solutions such as Secure Access Service Edge (SASE). While there can be some overlap in terms of security-related use cases, enterprise browsers will not achieve complex networking and infrastructure tasks.
Marocchi says:
“When we’re talking about projects around SASE, SSE, endpoint, and zero trust architecture in general, enterprise browsers can be a great complementary solution to add defense in depth.”
Questions To Ask If You’re Considering An Enterprise Browser
Evaluating whether an enterprise browser would be a good fit for your organization should include asking several questions. To start:
- How do you manage browser configurations and policies across your organization? From patching to applying policies to granting specific access, how are you effectively managing browsers in the enterprise?
- Are there compatibility issues or challenges you encounter with your browsers and enterprise software?
- What does web browser security look like in your organization?
- Malicious extensions are being published, so how are you controlling what users can install in their browser?
- In the face of BEC, how are you preventing spoofed login pages? After a user has clicked a potentially malicious link in a phishing email, how are you preventing any secondary action?
Questions? Contact us at Sayers today to discover extensive technology solutions, services, and expertise to cover all areas of your business