Season 4 Kickoff - Browser Security - Dr. Chase Cunningham- #38

Security Architecture Podcast

Evgeniy Kharam & Dmitry Raidman, Evgeniy Kharam, and Dmitry Raidman에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Evgeniy Kharam & Dmitry Raidman, Evgeniy Kharam, and Dmitry Raidman 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

2y ago 16:52

MP3•에피소드 홈

Join us for a Season 4 kickoff Episode, This season we are transitioning to a more end user-centric security topic Browser Isolation. This security concept is an old concept and goes back to 1995 when CITRIX was first introduced. However, since then many things have changed and the fact we are using browsers for almost anything at work including gaming and video consumption brings the need for defense-in-depth and zero trust

We invite you to join us and watch the kickoff episode!
There are about 1.7 billion websites on the internet, and 4.5 billion people interact with these websites daily. An unprecedented number of 500,000 new websites are created daily following websitesetup.org stats. This noise serves as a great disguise for the adversaries. While the bad actors adopt automation and DevOps in line with the rest of the market, they can spin up new phishing websites with high similarity to the original website. Other attack vectors that gain popularity are infecting legitimate websites with malware or utilizing formjacking and other OWASP Top 10 weaknesses. That being said, it's challenging to be reactive to protect people when we know the adversaries are always one step ahead. This is where the Isolation or air-gaping approach for the websites could be a helpful mechanism in protecting the end-user.
The season will examine a few approaches and solution architectures by vendors:
-Remote Browser Isolaiton
-Secure Enterprise Browser
-Browse Plugin based Security
We believe that this topic is fascinating and has so many great solutions on the market. You will have the opportunity to familiarize yourself with many great options to protect the end-user and also a variety of attacks such as:
-Malicious documents and files download
-Drive-by downloads
-Redirect attacks
-Zero-day exploits
-Cross-site scripting
-A load of malicious Java scripts
-Malvertising
-Cookie stuffing and session fixation
Here are some of the questions we plan to ask the participants,
-What's the name of the offering/product addressing the browser isolation?
-Describe your overall architecture at a high level?
-What is the user experience compared to browsing, especially with SPA (Single Page Application)?
-Please describe how you integrate with IAM/SSO providers?
-How would your technology work with existing SWG or ZTNA vendors? Does it replace or complement it?
-Is the isolation done for all URLs/APPS or only for the risky ones?
-Can I use the solution to isolate internal web-based resources and how can you support legacy web applications that run only on old versions of Internet Explorer?
-Please describe how users can work and edit documents via browser?
-How does your solution address BYOD Devices? How about Mobile devices?
-How do your products work with browser extensions such as Lastpass, Webex, etc.?
-How can the organization get visibility or a report of attacks prevented by the technology?