Google Chrome Has New Competition: Secure Browsers

Secure browser technology has captured the attention of security practitioners and investors alike. This year alone, Talon Security raised $100 million in Series A funding, and Island raised $115 million in Series B. A third competitor, Seraphic, entered the fray after launching from stealth in August.

So, how are these companies, which you’ve probably never heard of, valued at more than $1 billion?

The enterprise software world is increasingly moving toward browser-hosted applications. Salesforce, Workday, Dropbox, Slack and Teams are all often used within a browser. Recognizing this trend, the security industry has worked to protect this new landscape with cross-application single sign-on, multifactor authentication and zero trust access. These tools facilitate better password hygiene, streamline user experiences, limit the exposure of stolen credentials and provide increased access control.

Yet, while each of these security features play an important role, none are focused on the core software enabling this trend: the browser.

Traditional browsers pose plenty of problems for security teams. Exploits in browsers pop up constantly. Since 2009, there have been 116 Common Vulnerabilities and Exposures (CVEs) for Google Chrome alone, with the majority ranked at a Common Vulnerability Scoring System score of 6.0 or higher. Phishing attacks continue to plague security teams, and traditional browsers are limited in their protection options.

With so many different online storage solutions, the browser is a gateway for an increasingly remote workforce to download sensitive information onto machines that do not have appropriate security mechanisms. Traditional browsers present serious risk to nearly every organization.

Secure browsers address the risks traditional security mechanisms fail to cover. With secure browsers, additional protections are possible, including:

• Isolated web traffic – Close connections for attempted phishing or other malicious sites before data is transmitted.
• Data loss prevention – Control data leakage from the browser to the endpoint (e.g., restricting downloads/screenshots while enforcing encryption for necessary downloads).
• User control and monitoring – Limit users to actions with legitimate use cases, no matter the network, and collect data for advanced incident response.
• Policy management – Centralize whitelist/blacklist functionality, patching processes and onboarding/offboarding, all within the browser.
• Integrated identity – Connect identity providers directly into the browser for security continuity across web applications.

Additionally, secure browsers do not impact network performance such as VPNs, and they offer more fine-grained access control. The use cases for this technology continue to expand given the recent evolution of this space. Island’s own home page acknowledges this reality.

Most importantly, these browsers do not sacrifice functionality for security. Talon and Island have solutions built on Chromium, the back end for Google Chrome and Microsoft Edge. Users familiar with Chrome may not even realize they are using a different browser. Seraphic has taken a slightly different approach, implementing a lightweight agent on top of any browser, but keeping the difference to an end user minimal.

So where should secure browsers fall on your endless list of security priorities? For most companies, these are not critical capabilities. These browsers are very new compared to the average security product, and it is worth prioritizing ongoing initiatives like securing your cloud environment configurations before implementing cutting-edge browser security products.

Notably, none of these browsers share client logos or testimonials on their websites. This doesn’t mean they don’t have customers, but it does show reluctance to disclose who is paying for their products today. Unless you have a bleeding-edge security department and budget burning a hole in your pocket, most organizations will be watching from the sidelines as this space continues to evolve.

Secure browsers do present a shocking realization: the security industry has been so focused on securing Security as a Service applications through second-order mechanisms that many missed the most obvious solution, the browser itself. Secure browser technology is an exciting demonstration of the innovation opportunities present in security, and one that may have dramatic ramifications as its use cases and product offerings continue to evolve.

For more information about CDW’s services for browser security, application security or DevSecOps, email Sachin Sheth, Director of Cloud Security and Application Security, at sachin.sheth@cdw.com. 

Story by Kyle McNulty, Sachin Sheth.

Sachin Sheth, Director, Cloud Security and Application Security

Sachin has been in the technology industry for 25+ years and has performed various roles from enterprise architect to CISO and CTO. He has helped a number of customers develop and successfully deploy cloud adoption strategies and large-scale cloud workload migrations, ensuring they adopt a secure cloud journey and implement end-to-end security across their cloud footprint.

Kyle McNulty, Industry Advisor

Kyle is the founder of Secure Ventures, a podcast where he interviews founders and executives at cybersecurity companies. He previously led CDW’s cloud security and DevSecOps consulting practices, and before that he worked for KPMG in their cyber practice. He is a published author in the book series Reflections on Risk, and he has written countless articles on emerging security technology such as cloud security, DevSecOps, security operations, and more.