Though inherently unsafe, companies can still take steps to secure web browsers

Tools to erect a safe perimeter help protect networks, devices from attack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

While many orga­ni­za­tions have set up defens­es for mal­ware that could come in through email, the browsers we use to access the inter­net might be of equal or greater risk.

I spoke with Lance Cot­trell, Ntre­pid’s chief sci­en­tist, about brows­er security—or lack of security—and what can be done to pro­tect devices and net­works. Some takeaways:

Liv­ing with inse­cure browsers 

No one can real­ly opt out of using the web, Cot­trell says. “It’s inte­gral to every­thing we do all the time. But at the same time, it is, because of its capa­bil­i­ties, unique­ly vul­ner­a­ble out of all the appli­ca­tions that we use.”

The real chal­lenge is main­tain­ing func­tion­al­i­ty and secu­ri­ty at the same time.

The brows­er itself, the actu­al thing that ren­ders the pages, is always going to be inse­cure; it’s just too com­pli­cat­ed to lock down,” he says. Major browsers will exhib­it a cou­ple of hun­dred major vul­ner­a­bil­i­ties each year.

Pro­tec­tive bubble 

Most of the threats hit­ting orga­ni­za­tions right now are get­ting in via the brows­er, Cot­trell says. “It seems to be the real weak point in most of the secu­ri­ty struc­tures that com­pa­nies are putting in place, because it is the hard­est thing to protect.”

With hun­dreds of graph­i­cal ele­ments and pieces com­ing through simul­ta­ne­ous­ly, a secu­ri­ty sys­tem mon­i­tor­ing a dig­i­tal perime­ter has mil­lisec­onds to decide whether a file is safe and whether to let it through.

Lance Cot­trell, Ntre­pid chief scientist

Ntrepid’s Pas­sages tool is deployed like a brows­er, installed on a desk­top, run­ning as a vir­tu­al machine. “It’s inside its own lit­tle bub­ble, and noth­ing can get out,” he says. If mal­ware tries to infect or exploit the brows­er, it doesn’t affect your files or network.

Deal­ing with abun­dant access

Attack­ers are con­stant­ly inno­vat­ing and com­ing up with new ways of build­ing tools to bypass detec­tion sys­tems, Cot­trell says. “It’s a com­pli­cat­ed mul­ti­fac­eted prob­lem. I think you’ll nev­er see just one sin­gle sil­ver bul­let that will kill everything.”

With com­pa­nies and con­sumers hav­ing mul­ti­ple dig­i­tal devices—phones, lap­tops, tablets, PCs—and access­ing the inter­net in pub­lic spaces, secu­ri­ty has to be approached in a new way.

We’re spend­ing a lot more time think­ing about the end point … that brows­er is unsafe,” Cot­trell says. “If you shrink it all the way down, I can put that perime­ter just around the browser.”

For a deep­er drill down, please lis­ten to the accom­pa­ny­ing podcast.

More sto­ries relat­ed to brows­er security:
New behav­ior-based tech­nol­o­gy emerges to block bots
Brows­er secu­ri­ty star­tups insu­late users from web-based threats
VPNs pre­vent mar­keters, oth­ers from cash­ing in on your brows­er history