ManageEngine helps organizations tackle surge in browser-based cyberattacks due to increased cloud adoption

STRENGTHENING ENDPOINT SECURITY

890 views

ManageEngine, the real-time IT management company, announced its launch of Browser Security Plus, a browser management solution that helps organizations secure their corporate data in the cloud and protect their networks from web-based cyberattacks. Available immediately, Browser Security Plus provides organizations with a layer of management capabilities for browsers and their add-ons to maintain robust enterprise security. This allows enterprises to improve network health by preventing, detecting and fixing any browser vulnerabilities.

As modern web, portable computing devices, and other technologies have enabled employees to work from anywhere, there’s been a surge in cloud adoption among organizations, and browsers have evolved to be silent entry points for accessing corporate data. According to Statista, browsers have accounted for 23.47 percent of exploit attacks in 2018 as of Q1. This has a serious impact on enterprise security, as attackers leverage unsecured browsers and web applications to create lasting business repercussions.

Addressing this evolving need, ManageEngine has developed a comprehensive browser management solution that can secure multiple browsers — such as Google Chrome, Mozilla Firefox, and Microsoft’s Internet Explorer and Edge — used in Windows environments, as 88.18 percent of desktops worldwide run on Windows, according to Net Market Share.

“For the longest time, browsers have been considered just another application. With cloud applications pivoting the way business is done, browsers have become endpoints in and of themselves, capable of achieving functionalities of a number of native applications put together,” said Mathivanan Venkatachalam, vice president of ManageEngine. “By managing browsers the same way they manage endpoints like desktops and mobile devices, enterprises can seal their network from possible attacks at its most used threshold.”

Cyberhygiene Practices Implemented in Browser Security Plus

• Compliance: IT teams can set rules required by their organization and also monitor for compliance with Security Technical Implementation Guidelines (STIG) and industry security standards predefined by the Center for Internet Security (CIS).

• Policy deployment: Browser configurations are intelligently grouped into policies that address specific requirements such as threat defense and data leakage prevention.

• Add-on management: IT teams can provide and revoke access to browser add-ons like extensions and plug-ins based on their reliability and also silently push mission-critical extensions to computers from a central repository.

• Browser isolation: Trusted websites and business applications are segregated from their untrusted counterparts. Untrusted sites are rendered in a virtual browser to ensure enterprise data remains secure.

Browser Security Plus covers all critical aspects of securing a browser — from obtaining visibility, enforcing security policies, and controlling access to ensuring compliance with enforced policies. The company also plans to extend its browser management capabilities to macOS, followed by other operating systems in the near future.

Browser Security Plus is an on-premises solution that enables IT administrators to manage and secure Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Microsoft Edge browsers on Windows machines. Enforce security policies, control browser extensions and plug-ins, sandbox and lock down enterprise browsers, and establish and ensure compliance to configurations.

‘Ensure compliance with enforced policies and configurations’

Mathivanan Venkatachalam, vice president of ManageEngine, spoke to Saudi Gazette about the Browser Security Plus, a browser management solution that helps organizations secure their corporate data in the cloud and protect their networks from web-based cyberattacks.

SG: Brief us on the cybersecurity landscape in Saudi Arabia

MV: With most of Saudi Arabia's industries dealing with sensitive information, targeted cyberattacks could lead to hindrance in their physical operations. Such industries not only have to worry about loss of sensitive data, but also about catastrophic physical repercussions. With the stakes being dangerously high, businesses in the region need to minimize the chance of any possible breaches by ensuring they have good cyber hygiene practices in place.

SG: Elaborate on the vulnerabilities associated with browsers?

MV: According to Statista, browsers are the second most exploited applications. When vulnerabilities are detected in browsers or their plugins, browser users may become victim to arbitrary code execution or other cyberattacks when they land on a compromised site.

Extensions installed on browsers have the permission to access most aspects of a browser's data, including the browsing history and information entered into webpages. Hackers know this, and many have started developing malicious extensions to steal users' browser data.

Browsers also face targeted cyberattacks, like advanced persistent threats and man-in the browser attacks. Advanced persistent threats, as the name implies, can go undetected for years. With this type of cyberthreat, an attacker can modify the data displayed on browsers or steal browser data by installing malicious code on a victim's computer. In a man-in-the-browser attack, users are interrupted before they reach their intended website by a malicious third party which can observe, modify, and steal sensitive enterprise data accessed using the browser.

SG: What are the best practices for organizations in Saudi Arabia?

MV: In Saudi and the rest of the world, browsers are the latest addition to the endpoint family, capable of offering all the functionalities of many native applications thanks to the advent of SaaS tools. IT administrators need to implement the following practices across their networks to ensure cyber-hygiene:

• Obtain visibility into the different browsers and add-ons used across the network.

• Enforce security policies to keep browser configurations in place and prevent web-based attacks.

• Provide access to only trusted sites and blacklist untrusted sites and add-ons across the network.

• Ensure compliance with enforced policies and configurations, as well as standards like STIG and CIS.

SG: Details about ManageEngine’s Browser Security Plus and how it will protect browsers

MV: ManageEngine's latest tool Browser Security Plus combines browser security functionalities with seamless multi-browser management capabilities to offer end-to-end security from web-based threats and data breaches. It enables IT administrators to enforce security policies, control browser extensions and plug-ins, sandbox and lockdown their enterprise browsers, and establish and ensure compliance to configurations. — SG


890 views