The browser has go nan main activity interface successful modern enterprises. It’s wherever labor create and interact pinch data, and really they entree organizational and outer SaaS and web apps.
As a result, nan browser is extensively targeted by adversaries. They activity to bargain nan information it stores and usage it for malicious entree to organizational SaaS apps aliases nan hosting machine.
Additionally, unintentional information leakage via nan browser has go a captious interest for organizations arsenic well.
However, accepted endpoint, network, and information protection solutions neglect to protect this captious assets against precocious web-borne attacks that continuously emergence successful sophistication and volume. This spread leaves organizations exposed to phishing attacks, malicious browser extensions, information exposure, and information loss.
This is nan situation LayerX is attempting to solve.
LayerX has developed a unafraid endeavor browser hold that tin beryllium mounted connected immoderate browser. The LayerX hold delivers broad visibility, continuous monitoring, and granular argumentation enforcement connected each arena wrong nan browsing session.
Using proprietary Deep Session Analysis technology, LayerX tin mitigate browser information nonaccomplishment risks, forestall credential theft by phishing sites, place malicious extensions, and overmuch more.
In this level review, we’ll locomotion you done nan full LayerX personification journey, from first installation and configuration to visibility and protection. (to get a personalized demo of Layerx, sojourn their website here)
Initial Installation and Setup
LayerX is designed for easy installation connected apical of nan organization’s existing browser infrastructure. The personification tin administer it done a group policy, immoderate endeavor instrumentality guidance platform, aliases nan browser’s guidance workspace.
For nan past option, LayerX is not installed connected nan hosting device. Instead, it is delivered arsenic portion of nan browser’s profile, making it a earthy prime for nan protection of unmanaged devices.
The installation surface enabled nan personification to take nan browsers that are successful usage successful their environment.
|Figure 1: The LayerX installation screen. Centralized distribution (left), browser guidance sign-in (right)|
The LayerX Dashboard
Once nan installation is complete, nan LayerX dashboard instantly becomes populated pinch pre-defined policies, accusation connected nan browsers, users, extensions, and web activity.
When nan personification configures policies, nan dashboard will show them arsenic well, on pinch their status, detected consequence alerts, and different information aggregations.
The dashboard provides high-level insights into nan information posture of nan browser ecosystem. For drilling down into circumstantial issues, let’s move connected to nan Discovery page.
Visibility and Discovery of Entities successful Browsing Sessions
The Discovery page provides nan personification pinch a wealthiness of accusation astir 5 types of entities:
- The ‘Apps’ conception shows users each nan web and SaaS applications nan organization’s labor are accessing done their browsers. This includes 100% of nan apps successful use, sloppy of whether they are sanctioned aliases personal.
- The ‘Accounts’ conception shows nan spot of nan account’s passwords aliases immoderate usage of noncorporate identities. The personification besides tin observe browsers that are moving outdated versions, enforce updates, and summation visibility into each nan different extensions that are installed connected browsers successful nan ecosystem.
Proactively Detecting and Resolving Browser Issues
The Discovery process informs nan personification astir various issues, enabling nan personification to resoluteness them connected nan spot. For example, reviewing nan different extensions mightiness uncover an hold that has captious permissions that could expose it to compromise.
In specified a case, nan hold tin simply beryllium added to a artifact list, eliminating nan risk.
Moreover, LayerX provides a dedicated ‘Issues’ tab that aggregates each nan findings that bespeak a imaginable information weakness for each entity type.
For accounts, it could beryllium anemic passwords aliases shared accounts. For applications, nationalist app uploads aliases non-SSO firm apps. Etc.
It’s important to statement that this is nan first clip that astir of nan information displayed successful nan Discovery page is disposable for monitoring and analysis. Existing IT and information products were not capable to coming it. As such, LayerX addresses a agelong recognized unsighted spot.
Detecting and Resolving Malicious Browser Extensions Risk
One of nan astir captious and unaddressed risks are malicious browser extensions. These extensions person nan powerfulness to discuss browser data, way labor to malicious web pages, seizure convention data, and transportation retired galore different malicious activities.
The ‘Extensions’ tab successful nan Discovery page pinpoints each nan extensions that present a consequence to nan environment.
The ‘Issues’ page aggregates nan risky extensions and provides a proposal connected really to resoluteness it. This tin beryllium done manually aliases pinch LayerX’s ‘Automatic Resolve’ option.
Following nan find and solution of existing risky extensions, nan personification tin proactively mitigate this consequence going guardant pinch a dedicated policy. Before showing how, let’s supply penetration into LayerX’s argumentation configuration feature.
LayerX Policies – How to Solve Various Browser Security Use Cases
LayerX policies alteration users to proactively protect against a wide scope of web-borne risks. Policies are classified into different types (DLP, safe browsing, etc.) based connected nan consequence type they address.
The bosom of nan argumentation is nan ‘Conditions’ section, successful which nan personification determines nan conditions that trigger a protective action. These conditions tin scope from elemental rules to highly granular combinations, enabling laser attraction enforcement, little mendacious positives and accuracy that cannot beryllium achieved by different product
Respectively, nan ‘Action’ portion is besides highly granular, including some straightforward ‘block access’ aliases ‘prevent upload’ actions, arsenic good arsenic nan expertise to surgically disable risky components wrong nan web page aliases pop-up warnings to nan browsing employee.
LayerX is shipped pinch a group of default policies. Users tin usage them arsenic is, modify their conditions and actions, aliases create caller ones from scratch.
Let’s analyse a fewer policies to exemplify this capability.
A Policy for Preventing Risky Extension Installation
LayerX enables nan personification to create a database of permitted extensions. This database tin past beryllium utilized arsenic a information parameter to continuously show and govern this erstwhile unsighted spot.
LayerX provides its users pinch a wide scope of mitigations against malicious extensions. Users tin specify a block\allow lists to proactively power which extensions tin beryllium installed.
In summation LayerX’s granular visibility into each of nan extensions’ components enables users to configure policies that tin artifact extensions based connected their requested permissions, name, instal type, web shop and galore others. this is simply a unsocial capacity that cannot beryllium recovered successful immoderate endpoint protection aliases IT guidance tool.
Once activated, immoderate effort to download an hold that’s not included successful nan database will trigger a protective action. The worker will person a pop-up informing them that nan hold violates nan organization’s policy.
Based connected nan action configured successful nan policy, LayerX will either inquire nan worker to disable nan hold aliases return action to automatically deactivate it.
A Policy for Preventing Data Leakage via ChatGPT
While ChatGPT is an astonishing productivity booster, it is imperative to guarantee that labor usage it successful a unafraid mode and without exposing delicate data.
The argumentation beneath shows really this consequence tin beryllium mitigated. In nan ‘Conditions’ section, nan personification defines nan target tract and which type of matter triggers a protective action.
These first conditions tin beryllium refined by adding conditions that subordinate to nan instrumentality authorities (managed\unmanaged), nan browser type, personification identity, and more.
A argumentation tin trigger various actions based connected nan user’s needs. The screenshot beneath shows nan different options: monitoring, popping up an worker informing message, ‘prevent pinch bypass’ that enables labor to complete their ChatGPT query pending they tin warrant it, and nan last action of afloat prevention.
Once nan argumentation is configured and enabled, users tin still usage ChatGPT freely, unless delicate information is taxable to leakage risk. Any usurpation of nan conditions defined successful nan argumentation will trigger nan configured protection, arsenic good an alert that notifies nan admin of nan usurpation and its details:
Another captious rumor LayerX policies alteration resolving is Shadow Identity. This consequence surfaces chiefly wrong sanctioned apps. Suppose nan user’s statement is utilizing Google Suite, pinch labor accessing it pinch a firm identity.
However, they besides person a individual Google relationship that introduces a information leakage consequence if an worker accidentally uploads files pinch delicate information to their individual thrust aliases email alternatively than to nan firm one.
To lick this challenge, LayerX enables users to configure policies that are delicate to nan employee’s personality and adhd nan personality arsenic a condition, together pinch record content, labeling, and different accepted DLP attributes. Once enabled, nan argumentation prevents uploading of firm information to Google, unless it’s accessed by nan user’s firm account.
Hardening Protection Against Account Takeover pinch LayerX arsenic an Additional authentication Factor
LayerX tin beryllium integrated pinch nan environment’s unreality Identity Provider (IdP). In that manner, entree to nan SaaS apps nan IDP manages is imaginable only from a browser connected which nan hold is installed. For example, erstwhile accessing a SaaS app via Okta without LayerX connected nan browser, an alert connection is triggered:
LayerX serves present arsenic an MFA, but without nan intrusive personification acquisition of nan push notification to nan employee’s phone.
This serves arsenic highly effective mitigation against malicious entree that exploits compromised credentials, since adversaries will ne'er get entree to SaaS and web resources based connected credentials alone.
Monitoring nan Web-borne Threats Landscape from nan Alerts Screen
The last LayerX surface successful this overview is nan Alerts screen. Every triggered argumentation registers an alert. The Alerts surface classifies and aggregates nan alert by severity (low, medium, high, critical) and type (paste, safe browsing, etc.), and shows nan apical triggered policies.
The personification tin usage nan various filters to position only alerts wrong a definite timeframe, type, action type, aliases consequence level.
For example, filtering for nan ‘Upload’ type will show each nan policies that were triggered by labor who uploaded files successful an insecure manner. Clicking connected ‘Investigate’ reveals nan employees’ browsing way and nan nonstop constituent wrong nan convention that violated nan policy.
For example, nan pursuing arena travel for a information upload argumentation shows that nan worker uploaded a record to their individual Gmail and past switched backmost to their activity account.
Detecting and blocking specified an arena is simply a unsocial capacity that can’t beryllium performed by immoderate CASB aliases different application-oriented information tool, since they deficiency nan capacity to differentiate betwixt accounts for nan aforesaid app.
The LayerX unafraid browser hold consolidates protection measures for nan afloat scope of web-borne risks. Some of these risks are partially addressed by existing solutions, while astir were a complete unsighted spot, until now.
For organizations that admit nan centrality of nan browser successful their operations, LayerX is an invaluable solution, providing a azygous pane of solid for each nan functionalities that mitigate some browser-based attacks and web-related information loss.
Visit nan LayerX website here
Sponsored and written by LayerX.