Online Seminar: Safeguarding the Modern Work Environment: Essential Insights Enterprises Should be Aware of Regarding Corporate Browser Security

AndyC 26 July 2024

July 25, 2024The Hacker NewsBrowser Security / Corporate Security

The browser acts as the central hub of the contemporary workspace.

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

July 25, 2024The Hacker NewsBrowser Security / Corporate Security

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

The browser acts as the central hub of the contemporary workspace. Surprisingly, though, the browser represents one of the least fortified vulnerability fronts within the contemporary corporation. Conventional security tools afford scant defense against threats originating from the browser, leading organizations susceptible. Current cybersecurity mandates a fresh strategy emphasizing the safeguarding of the browser itself, providing both security and effortless implementation.

In a forthcoming live webinar (Enroll here), Or Eshed, Chief Executive Officer of LayerX – a browser security entity, alongside Christopher Smedberg, Cybersecurity Director at Advance Publishing, will deliberate on the adversities confronting modern corporations in the emerging hybrid-work realm, the deficiencies in current security mechanisms, and a groundbreaking approach to securing the contemporary corporate workspace, spotlighting the browser.

Where Operational Activities Transpire: The Browser

The browser stands as the gateway to the organizational vital assets, interlinking all devices, identities, and SaaS and web applications. According to Forrester’s Workforce Study 2023, 83% of employees can accomplish their full or major portion of work within the browser. Concurrently, Gartner foresees that by 2030, corporate browsers will constitute the central platform for dispensing workforce productivity and security.

Primary Menaces Confronting Corporations Today

The browser also holds access to users’ online activities, stored credentials, and sensitive information, rendering it an enticing target for malefactors. However, paradoxically, the browser also presents as one of the least fortified threat facades within the contemporary corporation. Today, organizations grapple with an array of security threats originating or manifesting within the browser. These comprise:

  • Identity protection and confidence: Assaults aimed at illicitly gaining entry to a user’s account and credentials, exploiting them to execute malevolent operations. These assaults could be enabled through phishing, account hijacking, credential thievery, and more.
  • GenAI information leakage: Personnel unwittingly entering or transferring sensitive corporate data to GenAI chatbots, applications, or extensions. This data might encompass source code, client information, financial facts, or proprietary business insights.
  • Unsanctioned SaaS dependencies: Employees employing SaaS applications unbeknownst to IT due to individual convenience or annoyance with operational processes. Alternatively, employees deploying personal credentials to access corporate applications. In either circumstance, such usage exposes the organization to information breaches, credential pilferages, and misemployment.
  • Outsourced workers and third parties: The human and business supply chain entities organizations depend on to prop up productivity and gain access to global talent. These entities hold entry to corporate data, necessitating it for executing their tasks. Nevertheless, they normally utilize unmanaged devices beyond the organization’s jurisdiction, which do not align with the organization’s security protocols. This starkly amplifies the threat of data loss or system infiltration.

Lack of Adequacy in Existing Security Resolutions

The CISO’s security toolbox is filled with security utilities. Nevertheless, despite affirmation to the contrary, these solutions fail to competently shield against web-inflicted and browser-sourced threats. Consequently, they leave CISOs grappling with critical crevices that place the organization at risk of data breaches and hijackings.

For instance:

  • Secured Web Gateways (SWG): Guard against malevolent websites, primarily utilizing inventories/feeds of known malevolent sites, at the URL/domain echelon.

The obstacle: SWGs stumble with ‘zero-hour’ assaults/domains not registered in their database, alongside assaults employing embedded elements (i.e., the URL appears ‘clean’ but harbors an embedded element eluding the gateway’s scan). They are also incapable of safeguarding against threats exploiting web page timeouts.

  • CASB: Employed for securing SaaS applications and managing identities.

The Challenge: CASBs offer partial defense against unsanctioned SaaS (e.g., unendorsed SaaS applications) and are incapable of monitoring user actions within the application (e.g., uploading sensitive files they shouldn’t). They are also at odds with some sites’ encryption (e.g., in-app encryption like WhatsApp, certificate pinning, and so forth).

  • Endpoint agents (anti-virus, endpoint DLP, EDR/XDR, etc.): Safeguard files by scrutinizing and labeling them.
  • The Challenge: These solutions are predominantly file-oriented, resulting in challenges in tracking data in motion (e.g., transferring sensitive data to a GenAI application in the browser). Furthermore, they lack insight into activities within the browser.

Prudence in Transitioning Security to the Browser

Adopting a browser-centric method is imperative in minimizing the daily risks employees encounter. The chief merits of a browser security strategy encompass:

  • Majority of user activities transpire within the browser. For instance, accessing cloud applications, partaking in online collaborations, or utilizing various web-based utilities. Integrating security directly into this sphere bestows defense at the source of risk itself, heightening security stance, trimming costs, and reducing disruption to user operations.
  • Organizations can more adeptly monitor and oversee user activities using browser security. This encompasses tracking which SaaS applications users access, the credentials they deploy, and supervising actions like transferring sensitive data or engaging with Generative AI chatbots. Such capacities allow for real-time, contextually aligned security interventions thwarting data exfiltration and misappropriation within the platform where these hazardous interactions transpire.
  • Browser-rooted security operates effectively regardless of the encryption modalities deployed in data transmission. Since this approach centers on occurrences at the user’s endpoint—directly within their browser—it proffers transparency into user actions and data management sans necessitating decryption of the traffic. This capability conserves resources, respects privacy, upholds encryption standards, while still bolstering a robust security stance.
  • Established security measures lack technological innovation. They commonly hinge on URL standings to block potentially hazardous sites. Despite this, this method can be circumvented or miss newly compromised sites. Browser-centered security enhances protection through evaluating each element of a web page distinctively. This meticulous approach facilitates spotting malicious scripts, iframes, or other embedded threats that might remain undetectable via URL scrutiny alone. It ensures an in-depth and precise scrutiny of web content, requisite for combating modern web-linked assaults.

Categories of Browser Security Implementations

There exist three principal types of browser security solutions:

  • Browser add-ons – These are security overlays ‘atop’ any extant browser. This approach smoothly introduces necessary security measures to the browser without mandating users to alter their practices. This allows employees to persist with their browser utilization with minimal disruption. Coupled with effortless deployment, browser add-ons foster productivity and contentment.
  • Remote browser isolation (RBI) – The conventional browser security modus operandi. RBI executes web page code within a compartmentalized environment and ‘streams’ output to users. However, it incurs substantial resource consumption and cost, introduces elevated latency, and glitches contemporary web apps (e.g., those with numerous dynamic attributes, etc.) due to compatibility concerns.
  • Enterprise-grade browsers – These tools have earned significant attention. Nonetheless, necessitating users to embrace a distinct standalone application instead of prevailing browsers remains a fundamental obstacle. This compels users to adapt their practices, impacting productivity and fostering discontent. Moreover, they are unwieldy and intricate to deploy, generating user resistance, thereby instigating IT and leadership strains.

Enroll for this seminar to glean exclusive insights and pearls of wisdom enabling you to fortify your modern workplace.

Encountered captivating content? This article is a contribution from one of our esteemed associates. Keep up with our updates on Twitter and LinkedIn for more exclusive posts.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025
North Korea-Linked Hackers Steal .02 Billion in 2025, Leading Global Crypto Theft

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

AndyC 19 December 2025
The Case for Dynamic AI-SaaS Security as Copilots Scale

The Case for Dynamic AI-SaaS Security as Copilots Scale

AndyC 19 December 2025
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

AndyC 19 December 2025

You may have missed

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Risk Management in Banking: Leveraging AI and Advanced Analytics

AndyC 19 December 2025
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

AndyC 19 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.