In today’s enterprise landscape, securing the browser has become more critical than ever. Traditional gateway-based methods for inspecting web traffic fall short when faced with advanced phishing schemes and malware, as they cannot detect or block malicious activities occurring within the browser itself.

This gap in security has led to the rise of a new category: browser security solutions.

These solutions enhance the browser’s security capabilities, offering protections against phishing, malware, risky extensions, and more.

“Enterprise browsers or extensions enhance an organization’s web browsing traffic visibility, enable secure application access and provide a lightweight alternative to commonly deployed security capabilities. Over time, enterprise browsers will become platforms for delivery of security services for a broad category of use cases. As the diversity and sophistication of capabilities grow, so will adoption as organizations become more familiar with the technology.“

– Gartner 2023 Hype Cycle for Endpoint Security

Two Approaches to Browser Security

Browser security vendors generally fall into two camps:

1. Agent-Based Custom Browsers: These vendors provide customized, security-focused versions of the Chromium browser. Users must install an app or agent on their devices and conduct all work-related activities within this specific custom browser.
2. Security-Focused Extensions: These vendors offer lightweight browser extensions that enhance the security of mainstream browsers like Chrome, Edge, Safari, and Firefox. Most of these solutions are agentless.

The Case for Security-Focused Extensions

At first glance, it might seem that browser extensions lack the necessary power to offer comprehensive security features. However, modern browser extensions are equipped to provide a full spectrum of security controls:

• Inline Website Inspection: Extensions can analyze websites in real-time, offering advanced protection against phishing and other malicious sites.
• File Scanning: They can scan downloaded files to prevent malware and ransomware from reaching the device and also scan uploaded files to prevent sensitive data leaks.
• Data Loss Prevention (DLP): Extensions can enforce DLP policies, such as controlling clipboard usage and preventing printing of sensitive information.
• Extension and Browser Settings Control: They can inspect and manage other installed extensions and browser settings.
• Screenshot Deterrents: By adding watermarks, extensions can discourage users from taking screenshots of sensitive web applications.

While certain capabilities like device posture checks may still require an agent, these are typically covered by existing zero trust solutions.

Addressing Common Misconceptions

A prevalent myth is that users can easily uninstall or bypass these security extensions. In reality, organizations can enforce the use of these extensions in several ways:

• Managed Devices: Extensions can be installed forcibly on all allowed browsers, including in incognito mode.
• Unmanaged Devices: Organizations can mandate the activation of these extensions within a work browser profile as a prerequisite for accessing work web applications, ensuring that DLP and data protection measures are always active.

Challenges with Agent-Based Custom Browsers

Despite their security benefits, agent-based custom browsers face significant adoption barriers:

• User Resistance: Many users are reluctant to install powerful corporate apps on personal or unmanaged devices due to privacy concerns.
• Ecosystem Compatibility: Custom browsers often lack seamless integration with existing enterprise ecosystems like Microsoft and Google, limiting interoperability with tools such as password managers and productivity features.
• Browser Diversity: Organizations, particularly in the tech sector, prefer allowing employees to use their preferred browsers, benefiting from the latest innovations and features. Custom browsers can hinder this flexibility and lead to user dissatisfaction.
• Migration Issues: Transitioning to a new browser can be cumbersome for users who have established workflows, including saved passwords, bookmarks, and reading lists.
• Performance and Compatibility: Installing new agents can introduce performance issues and compatibility conflicts, potentially affecting the entire device and increasing helpdesk support requests.
• Update Management: Custom browser agents require continuous updates, adding to the IT workload for maintaining up-to-date security across all devices.

Comparison of Browser Security Solutions

The Future of Browser Security

As the industry evolves, more custom browser vendors are pivoting towards the extension model to offer broader applicability across diverse work environments. By leveraging security-focused extensions, organizations can ensure robust browser security without the drawbacks associated with agent-based solutions. This approach not only simplifies deployment but also enhances user acceptance and overall security posture.

In conclusion, while agent-based custom browsers offer certain advantages, security-focused extensions provide a more versatile, user-friendly, and effective solution for securing modern browsers. By adopting this approach, enterprises can achieve comprehensive browser security without the need for intrusive agents.