Ninety percent of organizations consider web browsers to be critical to day-to-day business operations and employee productivity; “however they remain an incredibly vulnerable access point where most of today’s undetected attacks originate,” according Ntrepid Corporation, which released data amassed by Enterprise Strategy Group (ESG) highlighting “the growing need for secure virtual browsers as enterprises experience more damaging attacks and data breaches.”
“The Internet is only getting more complex, and browser security is not getting any easier. It is becoming increasingly clear that the use of traditional browsers leaves organizations open to any number of potential attacks,” said Lance Cottrell, chief scientist of Passages, part of the Ntrepid family of cutting-edge cybersecurity solutions. “Until CISOs start considering new types of browser security models that virtualize web browsers using isolation technology, endpoints and therefor enterprises will remain at risk.”
According to ESG, a vast majority of companies say that preventing and detecting security incidents is much more difficult today than it was two years ago. Of these same organizations, 59 percent say cyber-attacks are more sophisticated than they were two years ago, and 45 percent claim cyber-attacks are more frequent than two years ago.
Yet, despite these perspectives, “there seems to be little effort being made by companies to secure Internet browsers: 29 percent of organizations have experienced a security breach within the past 24 months related to an attack that was introduced to the network through an endpoint browser,” ESG said.
ESG Senior Principal Analyst Jon Oltsik said, “Secure virtual browsers, like Passages, can execute web traffic within a dedicated environment and help protect organizations from browser-based exploits and malware. Protecting enterprise data today must encompass all channels for potential attack, including daily employee Internet use.”
According to ESG, “Passages is a secure virtual browser that protects the enterprise from all web-based attacks, including web-delivered malware, watering hole attacks, spear phishing, passive information leakage, and drive-by downloads. Passages isolates all browsing activity from the local computer and network, allowing users to access any website and follow any link without risk to the company’s infrastructure or data. Additionally, Passages hides user identity and corporate affiliation, significantly reducing the ability of adversaries to conduct targeted social engineering attacks.”
Continuing, the company noted, “There are certainly challenges facing browser-specific security. ESG research indicates 88 percent of organizations report multiple browsers on each endpoint is a common occurrence, and that breaches as a result of poor browser security are a byproduct of these multiple browser types and versions. In addition, security professionals believe browser security is difficult because of scalability issues. Twenty-three percent of organizations say they spend the bulk of their time reacting to security alerts and not enough time in vulnerable areas like browser security.”
An additional 23 percent claim browsers are not monitored for vulnerabilities or configuration problems as often as they should be.
ESG said, “The reality is that many organizations simply can’t keep up with the maintenance tasks and security hygiene necessary to protect web browsers from attack. Isolated virtualized browsers like Passages can help reduce the time and effort spent keeping up with patches.”
More information and an ESG infographic, The Case for Secure Virtual Browsers, can be found here.