Menlo Security brings critical security capabilities to the browser

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

Historically, threat actors would work diligently to hack through next-generation firewalls, endpoint detection systems and other traditional security tools — something that takes significant work and is often for nothing, since perimeter security is excellent today.

For the bad guys, a better approach is to go through the users. Once credentials are stolen, the threat actor typically has access to all the systems the worker does, which is sometimes everything. I recently talked to a penetration tester who said he can typically compromise the company that hired him within an hour, and it’s always through the user channel.

Companies spend billions on securing the different parts of the environment. From the network to the cloud to the endpoint, we have ignored a critical area: the browser. Today, the browser is the desktop, with people spending most of their day working with software-as-a-service-based applications. I’ve talked to many chief information officers who have made a concerted effort to move all their apps to browser-based ones because it makes hybrid work easier. Browsers provide a consistent experience regardless of where a worker is.

One of the challenges of securing a business with a large percentage of employees who work from home, which is most companies today, is that the user often winds up being the decision maker as to whether they should click on a link, use a certain app or respond to an email that may or may not come from the person it said it did. Security will not work if the user is the integration point for the technology.

That’s the reason behind Menlo Security Inc.’s Secure Enterprise Browser, introduced today. Menlo’s new solution takes the decision process out of the user’s hands by securing the browser directly, providing enterprise-class security directly to the browser.

The cloud-delivered solution is powered by Menlo’s Secure Cloud Browser, which is currently used by millions of enterprise workers. The product offers end-to-end visibility and dynamic policy enforcement directly in browser sessions. This approach blocks phishing, malware and ransomware in real time. Among the new features:

Security Browser Posture Manager enables security professionals to perform browser configuration assessments and instant attack surface analyses. For some reason, the browser security is often ignored, partly because there are so many updates from the browser providers. In its press release, Menlo cited that in 2023, 175 critical vulnerabilities and exposures were deemed high or critical, and more than 125 new features were added to Chromium. This technology supports Google Chrome and Microsoft Edge, two of the most commonly used enterprise browsers.

The effort it would take a security team to track all changes across all corporate browsers manually would be overwhelming, which is why it’s often overlooked. The new feature from Menlo completely automates this process.

Browser Extension and Security Client bring zero-trust access to various devices, users and applications. The Menlo Browser Extension brings self-service capabilities and supports unmanaged devices. The Menlo Security Client provides users with cloud-based access to legacy applications for users that need support for Secure Shell Protocol and Remote Desktop Protocol. This includes apps such as Windows Terminal Server and Remote Desktop software. With this capability, workers can run virtually any needed application with Menlo.

Last-mile data protection is like data loss prevention on steroids. Data protection can be applied through the cloud. Menlo supports cut, copy and paste control, user input limits, watermarking and data masking. This capability helps companies combat data loss to apps, such as ChatGPT, as it disables unprotected data from being leaked through the browser.

Many information technology organizations rely on virtual desktop infrastructure systems to enable users to securely work from anywhere, but VDI clients typically offer a poor user experience, and they do not have the same level of control as a secure browser. VDI offers basic security, but Menlo’s Secure Enterprise Browser adds exploit protection, zero trust and isolated cloud browsing in a way that’s nearly invisible to the user. With security, the less intrusive the better, as it limits user frustration.

Founded in 2012, Menlo Security has been around for a little over a decade, and many, me included, had considered browser security to be a solution looking for a problem. Fast-forward a decade, and a “perfect storm” has been created, which should kickstart Menlo into another wave of growth.

SaaS applications have become the norm, hybrid work almost mandates a location-independent way of working, and the generative AI providers, all browser-based, have created a wave of users pushing unsanctioned company data through the web browser. Now add in advancements in phishing and spam, it’s easy to make a case that browser security should be a critical component of every organization’s cyber strategy.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.