Though inherently unsafe, companies can still take steps to secure web browsers
Tools to erect a safe perimeter help protect networks, devices from attack
By Byron Acohido, ThirdCertainty
While many organizations have set up defenses for malware that could come in through email, the browsers we use to access the internet might be of equal or greater risk.
I spoke with Lance Cottrell, Ntrepid’s chief scientist, about browser security—or lack of security—and what can be done to protect devices and networks. Some takeaways:
Living with insecure browsers
No one can really opt out of using the web, Cottrell says. “It’s integral to everything we do all the time. But at the same time, it is, because of its capabilities, uniquely vulnerable out of all the applications that we use.”
The real challenge is maintaining functionality and security at the same time.
“The browser itself, the actual thing that renders the pages, is always going to be insecure; it’s just too complicated to lock down,” he says. Major browsers will exhibit a couple of hundred major vulnerabilities each year.
Most of the threats hitting organizations right now are getting in via the browser, Cottrell says. “It seems to be the real weak point in most of the security structures that companies are putting in place, because it is the hardest thing to protect.”
With hundreds of graphical elements and pieces coming through simultaneously, a security system monitoring a digital perimeter has milliseconds to decide whether a file is safe and whether to let it through.
Ntrepid’s Passages tool is deployed like a browser, installed on a desktop, running as a virtual machine. “It’s inside its own little bubble, and nothing can get out,” he says. If malware tries to infect or exploit the browser, it doesn’t affect your files or network.
Dealing with abundant access
Attackers are constantly innovating and coming up with new ways of building tools to bypass detection systems, Cottrell says. “It’s a complicated multifaceted problem. I think you’ll never see just one single silver bullet that will kill everything.”
With companies and consumers having multiple digital devices—phones, laptops, tablets, PCs—and accessing the internet in public spaces, security has to be approached in a new way.
“We’re spending a lot more time thinking about the end point … that browser is unsafe,” Cottrell says. “If you shrink it all the way down, I can put that perimeter just around the browser.”
For a deeper drill down, please listen to the accompanying podcast.
More stories related to browser security:
New behavior-based technology emerges to block bots
Browser security startups insulate users from web-based threats
VPNs prevent marketers, others from cashing in on your browser history