Perception Point has announced the launch of a new managed security service designed to eliminate web browser threats to organizations. According to the firm, Perception Point Advanced Browser Security adds managed, enterprise-grade security to native Chrome and Edge browsers allowing users to browse the web or access SaaS applications without exposing enterprise data to risk. The release is reflective of a growing trend of security products coming to market to provide advanced security for native browsers.

Advanced Browser Security designed to isolate, detect and remediate web threats

In a press release, Perception Point said the new solution fuses patented browser security technology powered by web isolation platform Hysolate, which it acquired earlier this year, and its own multi-layer detection engines. This combination delivers the ability to isolate, detect and remediate threats from the web, including phishing, ransomware, malware and APTs. Advanced Browser Security also secures access to sensitive corporate apps via an isolated, trusted Chrome or Edge browser, the firm added.

Customers can deploy Advanced Browser Security via a browser extension or a light agent on PC or Mac and can manage it from the cloud with no added cloud infrastructure or data center expenses, according to Perception Point. They receive an incident response service that manages incidents and optimizes detection engines.

Commenting, Tal Zamir, CTO of Perception Point and former founder and CTO of Hysolate, said, “Our customers want to be able to leverage the latest standard browsers while significantly upgrading their web security to include better, deeper, and earlier threat detection, built-in data loss prevention, and strong threat isolation, all of which dramatically reduce the attack surface.”

Web browsers prime attack targets for cybercriminals

Yoram Salinger, CEO of Perception Point, stated that digitization, hybrid work models, and the shift to SaaS and web-based applications have made browsers a prime target for attackers who use malicious websites and file downloads to breach organizations. “In parallel, malicious insiders and third parties can easily extract data from web-based enterprise apps, which lack the necessary security controls.”

Rik Turner, senior principal analyst at Omdia, tells CSO that web browser attacks are increasing because the traditional approach for web security has focused on the server side of the equation, deploying things such as web application firewalls (WAFs) for the purpose. “As a result, attackers have spotted that while the front door has been bolted, there’s a window round the back that’s been left open, and so are finding ways of exploiting that weakness.”

A business can have some of the best zero-trust edge solutions to prevent hackers from breaking in at the network level, but a user inside can simply browse a compromised website and get hit with a “drive-by attack” or fall for a phishing site, and those network defenses won’t help one bit, adds Forrester Senior Analyst Paddy Harrington. “This was bad enough pre-2020 and there were secure web gateways that could add protection on the business networks and prevent some of this but send all users home where they’re browsing freely for their personal items right next to accessing business apps, and it all becomes rather hirsute. If businesses don’t focus on protecting the browser, they’re leaving the door wide open to growing threats,” he tells CSO.

Growing need to address web browser security as solutions come to market

Turner envisages a continued (and likely growing) need to address browser security, triggering more solutions providers to move into the web browser security space. “There will continue to be the problem of whether enterprises keep their browsers up to date, whether they maintain the right malware protection, and of course, attackers will continue to find inventive new ways to exploit any inherent browser vulnerabilities.”

For Harrington, emerging browser security solutions are adding granularity to the process and really start to show value when they are tied into the increase in desktop BYOD usage. “Newer solutions are adding security controls not resident in the market browsers and equally as important, collecting more information about the user’s web activity and being able to incorporate that into your SIEM/SOAR.” He cites granular upload/download control to and from individual sites, the scanning of documents for threats or adding encryption so files can’t be viewed outside of browser sessions, granular clipboard control per tab/site, and screen capture and keystroke logging protection as examples of the benefits some web browser security solutions provide to businesses. “Most solutions are also adding web-based threat protection that’s offloaded from the local device, so preventing risky behavior, phishing sites, or site-based browser exploits before they even touch the endpoint,” he says.

 

This article first appeared in CSO, written by Michael Hill on July 20, 2022.