The Battle for the Browser
By Michael Montecillo
Advancing sophistication in IT security strategies has allowed enterprise organizations to address a great many attacks. As a result, sophisticated attackers who are continually attempting to circumvent security countermeasures are now focusing their efforts on one of the least protected aspects of an IT infrastructure: the web browser. There currently exists a multitude of malicious websites specifically purposed to exploit browsers and deliver malicious software – commonly referred to as malware – to unknowing users. Further complicating matters, it is more and more commonplace for legitimate websites to be exploited in order to secretly redirect users to malicious websites. Accordingly, the browser is quickly becoming the most common attack vector for infiltrating an enterprise network.
Web browsers are a particularly vulnerable aspect of IT because of their universal and highly functional nature. Often they’re created with the ability to integrate third-party utilities that enhance the end-user’s Internet browsing experience. Unfortunately, with the addition of each of these utilities, the browser’s attack surface area increases. This, of course, makes defending the browser more difficult for security professionals. However, defense of web browsers is still possible.
In order to defend browsers within an enterprise, organizations must utilize a comprehensive strategy that incorporates both network and endpoint security technologies. These technologies include content filters, intrusion prevention systems (IPS), and anti-malware. Content filters are typically the first line of defense – blocking users from accessing the information on known malicious websites. IPS technology is used as a second line of defense – typically preventing the exploitation of endpoints by detecting known attack behaviors and blocking them. Finally, endpoint security technology can be used as a last line of defense. Anti-malware technology and browser protection technology such as virtual sandboxing are becoming increasingly effective at preventing malware delivered in browser attacks from infecting endpoints. If these technologies are properly leveraged, an enterprise can achieve a high level of security assurance against browser attacks.
Mike Montecillo is Principal Analyst, Security & Risk Management, for Enterprise Management Associates (EMA), a leading industry analyst and consulting firm. EMA, established in 1996, is located in Boulder, CO. Contact Mr. Montecillo at (303) 543-9500, mmontecillo@enterprisemanagement.com.