Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9th. Hear from executives at Service Now, Credit Karma, StitchFix, Appen, and more. learn more.

If you haven’t heard of the enterprise browser category yet, you might want to check your pulse. These newcomers to the cybersecurity space have done so recently. A fire broke out In the media and with investors, CISOs are on the radars of CISOs, reinforcing their notion of a “secure enterprise browser” (SEB) that has fallen far short of their organizations’ security perimeters.

Earlier this year, Island, creator of Enterprise Browserbecame one of the fastest companies ever to reach unicorn status after securing. $115 million in venture capital (at a $1.3 billion valuation) just weeks after emerging from stealth. during this, Talon Cyber ​​SecurityThe creators of the TalonWork browser announced the closure of a $100 million Series A earlier last month (they did not disclose their price). Both are a lot of money, especially for two young startups operating in an entirely new category. At the same time, this headline-grabbing investment isn’t entirely surprising, given the breadth and severity of the challenges CISOs face in the new world of hybrid work.

Hybrid work, browserization provides fertile soil for SEBs.

gave The addition of hybrid workCombined with the prevalence of Enterprise SaaS applications, has fundamentally reshaped both the way we work and the IT architecture to enable this work. Under this new paradigm, web browsing has become the primary access point through which the average employee performs nearly all of their daily tasks—from checking email and creating spreadsheets to sharing files and developing processes. to manage.

While this growing trend of “browserization” has certainly been a boon for workplace productivity, it’s also forced enterprise security teams to strengthen their defenses amid a deluge of unreliable, unmanaged web connections. Has created a commotion. According to one Recent report According to Menlo Security, nearly two-thirds of organizations have had a device affected by a browser-based att*ck in the past 12 months alone. And there’s no sign that this trend is slowing down anytime soon.

The ceremony

Low Code/No Code Summit

Join today’s top executives at the Virtually Low-Code/No-Code Summit on November 9th. Register today for your free pass.

Register here

In March of this year, Google published a Blog post Confirming the dramatic increase in high-severity threats affecting Chrome and other Chromium-based browsers (ie Microsoft Edge, Brave) and warned that this trend will continue for the foreseeable future. While they point to a number of contributing factors to explain the recent surge in Chromium-based exploits — including increased vendor transparency — they also rightly point to the fact that browsers (and especially (on Chromium-based browsers) are becoming increasingly attractive targets for malware. actors, thanks both to their increasing ubiquity and complexity.

“Browsers increasingly reflect the complexity of operating systems — providing access to your peripherals, file systems, 3D rendering, GPUs — and more complexity means more bugs,” the author writes.

With web browsers increasingly resembling operating systems in both form and function, malicious actors are increasing their efforts to undermine them in increasingly sophisticated ways. Not surprisingly, these conditions have been fertile ground for cybersecurity startups of all stripes. Venture capital funding for cybersec startups to reach nearly $30 billion in 2021 – more than double the amount raised just a year ago, with some of the headline-grabbing funds raised by this new cohort of SEBs. Lending context.

Minimizing friction, maximizing flexibility in the secure browsing space becomes mission critical.

Given the recent emergence of web browsing as the modern employee’s primary gateway to work, it’s time for security solutions targeted at the end user to reduce friction as much as humanly possible. has become an important mission.

For players in the secure enterprise browser space, that has translated into near-universal acceptance of Google’s open-source Chromium project — the codebase on which Google’s Chrome and Microsoft’s Edge browsers are based. With a combined market share of over 67%Chrome and Edge represent the closest thing to market dominance one can reasonably expect in the browser space, making SEBs’ decision to build their solutions on Chromium a wise one.

Going with Chromium allows SEBs to minimize friction for more end-users – allowing Chrome and Edge users to import preferences, plugins, and other bits of personalization to make adoption easier. Minimize friction at the pick-up point. Given the tenacity with which most enterprise employees defend their preferred workplace devices, this will be a key differentiator for SEBs moving forward.

However, while SEB category decision-makers have certainly improved their odds of gaining acceptance from rank-and-file users by building on Chromium, they will still need employees to adopt the new browser. And administrators accept the installation and management of another endpoint agent.

what’s next? Go beyond the browser…

While SEB is a welcome improvement over today’s status quo of secure web gateways and remote browser isolation, one cannot help but note some inherent limitations of the underlying principles. And as web browsing takes an increasingly central role in the workplace, you can be sure that the wave of secure browsing won’t stop at SEBs.

The first and most important thing that next-generation solutions must address is the growing gap between web browsers and the web browsing process. The English language has been no help to anyone on this front, but the bottom line is: not all web browsing actually happens In web browsers, and by a large margin.

As of 2019, the average enterprise SaaS portfolio is 44.2% increase Year after year, while many widely used enterprise SaaS applications—such as Slack, Outlook, and Dropbox— can do Just because they’re accessed through a browser, doesn’t necessarily mean they are. Many users still choose the native desktop versions of these applications for reasons ranging from superior user interface and extended functionality to plain old access.

Whatever the motivation, the moment a user clicks on a link or accesses a remote file in one of these applications, it effectively moves the web browsing process outside the scope of the web browser. Is. This often overlooked segment of the browsing att*ck surface continues to be a concern not only for SEBs but also for today’s existing secure browsing solutions in practice.

Currently, policies mandating the use of web applications in a secure browser environment (as opposed to desktop versions of said applications) can serve as a useful stopgap. But, one can’t help but feel that there is still a need for a more comprehensive solution to this particular problem – especially the friction notoriety for inspiring non-compliance and shadow IT.

If we hope to save the whole Browsing Attack Surfaces Moving forward, the next generation of secure browsing solutions will have to find an effective, low-friction means of securing this growing portion of the browsing att*ck surface.

Reframing the Safe Browsing Experience

In a world where web browsing plays such a fundamental role in employees’ work lives, the next generation of secure browsing solutions must make user experience a top priority. In a ___ Recent surveys35% of respondents said they already are. the need To work around their company’s security policy just to get their job done. In such a scenario, forcing or imposing barriers to the adoption of new tools is a risky proposition, especially when those tools are as fundamental to employees’ day-to-day responsibilities as a web browser.

Going forward, secure browsing solutions must work toward an agentless, agnostic architecture—capable of securing the entire web browsing vector, regardless of browser, application, or device—in hopes of widespread adoption. And finally do so without unnecessarily disrupting the user experience. And in an era of app proliferation and overwhelmed IT departments, easy deployment and management by admins will be key for next-generation solutions looking to claim this emerging category.

An important first step in the battle for safer browsing

The launch of the Enterprise Browser is an important first step in the right direction for the cybersecurity field, which has been rocked by the new work-from-anywhere world. While there have been attempts to create a secure browser in the past, it seems now is the right place and the right time for the concept to finally take off – and not a moment too soon.

But if history has taught us anything, it’s to force yourself to adapt. anyone Technology in the workplace is no easy feat. The best security tools, which stand the test of time, inevitably work behind the scenes, protecting users without making them aware of their presence. While a secure enterprise browser is certainly a welcome development in today’s rapidly evolving threat landscape, we’re sure to see much more innovation in the coming months and years.

Dor is co-founder and CEO of Zvi. Red Access.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is a place where experts, including technical people working with data, can share data insights and innovation.

If you want to read about cutting-edge ideas and the latest information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider submitting an article of your own!

Read more from DataDecisionMakers

#Rise #Enterprise #Browser #Whats #Secure #Browsing

Source link