There is a high level of security breach through browsers today. According to Statista, browsers have accounted for 23.47 percent of exploit attacks in 2018 as of Q1. This has a serious impact on enterprise security, as attackers leverage unsecured browsers and web applications to create lasting business repercussions. “Recent example is the WannaCry attack, which was an OS level threat, which looked for vulnerability in the OS and used the malware to encrypt the hard disk and take control of critical data,” said Mathivanan Venkatachalam, Vice President of ManageEngine.
Here Mathivanan shares key tips on why it is important for organisations with a strong focus on cloud architecture to add browser security plan to their overall network security strategy.
On how cloud usage is leading to browser vulnerability
There’s been a surge in cloud adoption among organizations. The enterprise networks today are highly flexible running various kinds of apps – cloud apps, business apps. Browsers have evolved to be silent entry points for accessing corporate data. With cloud applications pivoting the way business is done, browsers have become endpoints in and of themselves, capable of achieving functionalities of a number of native applications put together.
While the organisations are thinking of security as whole, very few CIOs or IT managers think of browser security. Also modern web, portable computing devices, and other technologies have enabled employees to work from anywhere, which means that browsers are the point of access for all. However, most employees are also unaware of the security breach that can happen through a browser.
On how browser creates the security vulnerability
For the longest time, browsers have been considered just another application, but with today’s cloud-centric set up, security breach can happen to an enterprise network through vulnerable browser set up. There is a high level of security breach through the popular browsers today. More than 30 percent of the exploits happen through Chrome, IE, Firefox. Through the browser the cyber attacker is able to take control of the employee id and then cause severe damage.
On the need for browser security and management
Enterprise of today need to focus on managing the browsers being used by the employees. The key is to plan for browser security and management even as the CISO works on the infrastructure security strategy. Till now browser security is the last thing on the CISO’s mind, and it’s mostly done ad hoc. If the browsers and apps are not updated on a regular basis new vulnerabilities become tough to be managed or fixed. That is why it is important for the organisation’s security policy to have browser security as an aspect to be taken care of like other security pain points.
On what is browser security management.
Browser security management enables an organisation to secure their browser set up and protect their networks from cyberattacks. By managing browsers the same way they manage endpoints like desktops and mobile devices, CISOs can seal their network at its most used threshold – the browser.
For effective browser security, the CISO has to ensure that all browser add-ons are managed and updated on a regular basis. A good browser security management should be such that breach detection, patching of the browser vulnerabilities, attack prevention and fixing of the breach are done on a regular basis.
On the need for ManageEngine Browser Security Plus
ManageEngine launched its browser management solution Browser Security Plus to help the organisations secure their corporate data in the cloud. It protects their networks from web-based cyberattacks. It is a comprehensive browser management solution that can secure multiple browsers — such as Google Chrome, Mozilla Firefox, and Microsoft’s Internet Explorer and Edge — used in Windows environment. This is because as 88.18 percent of desktops worldwide run on Windows as per Net Market Share. This new browser security manages the add-ons for all browsers. Currently, this solution is available to all clients worldwide across various enterprise levels.
On the capabilities of Browser Security Plus
This solution offers a solid cyber hygiene practice for the CISO. It helps in easy policy deployment since browser configurations are intelligently grouped into policies that address specific requirements such as threat defence and data leakage prevention. With Browser Security Plus in place trusted websites and business applications can be segregated from their untrusted counterparts. Untrusted sites can be rendered in a virtual browser to ensure enterprise data remains secure. With this solution, the IT manager can control access to browser extensions and plug-ins, and help in managing mission critical extensions necessary for proper functioning of various business applications. Through compliance CISO can set rules required by the organization. Monitor for compliance with Security Technical Implementation Guidelines (STIG) and industry security standards predefined by the Center for Internet Security (CIS).