Web browsers are one of—if the most—common applications in the world. It’s a required tool for a wide variety of personal and professional activities. As online threats continue to increase—precisely because of the dependence on and dual-use nature of browsers—there is an increased awareness of the need for safe browsing from both consumers and organizations. But what is it, really?
Consumer vs. enterprise safe browsing
Google Chrome, the most popular web browser by far, offers a feature set called Safe Browsing but it is primarily intended to protect its large consumer population from well-known malware and phishing sites. Google Safe Browsing provides an important layer of protection against classes of threats that can create significant risk. While that protection also extends to enterprises (should they choose to enable it), it is not sufficient to defend against the full range of threats organizations face (e.g., browser exploits, web-based attacks, 0-hour/ golden hour and spear phishing attacks, etc.), because it is based on lagging indicators like site classification, threat feeds, and signatures. Nor does it address broader security requirements (e.g., more general content filtering or telemetry/ logging for auditing and incident response). There are also additional capabilities in Chrome and other commercial browsers labeled as security features, but they are primarily for end user privacy.
Existing enterprise safe browsing tools
To improve browser security, enterprises augment stock safe browsing capabilities with other tools like Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Secure Web Gateways (SWG). EPP and EDR have been staples in the prevention and detection of exploitation and malware at the OS level, but both lack visibility into the execution environment of the browser, making them ill-suited to identifying modern attacks that target web browsers.
Similarly, SWGs either lack the necessary visibility (due to encrypted traffic) or suffer from the same limitations as consumer safe browsing: dependence on lagging indicators like site classification, threat feeds, and signatures. They also require traffic-steering (either via VPN or other client) to process traffic from remote users which can negatively impact user experience.
Embedding additional capabilities in the browser
Seraphic Security creates a safer browsing experience for browsers with a unique solution that protects against 0-day and unpatched N-day exploits, web-based attacks (e.g., cross-site scripting and HTML smuggling) that may deliver malicious code, and 0-hour/ golden hour phishing attacks that employ UI redressing attacks (e.g., browser-in-the-browser and clickjacking) to harvest user credentials. Seraphic also provides content filtering for Acceptable Use Policy (AUP) enforcement, as well as logging and telemetry that can be consumed by security operations teams and their tools.
For additional information about how Seraphic Security enables safe enterprise browsing, visit our Use-cases page. If you’d like to see Seraphic Security in action, you can schedule a demo.