Mounting zero-day hacks mean enterprises need better visibility to be secure online

With browsers increasingly vulnerable to zero-day exploits, enterprises need to be aware of browser usage of their remote and hybrid working employees.
11 October 2021


Everybody wants (nay, needs) to have a secure browser when going online today. However, despite numerous cyber hygiene and browser protections installed, securing browsers continues to be a big challenge as threats continue to find new ways to intrude from the web.

With remote working still heavily in practice by most enterprises, a secure browser is crucial especially for employees accessing company data from out of the office. Some of the methods to browse with a moderate expectation of security include using secure browser extensions, disabling saved passwords and autofill, as well as managing browser cookies.

Safari, Chrome, Edge (and its legendary but slow-death predecessor, Internet Explorer), Tor, Firefox, Opera are some of the relatively mainstream browsers that have their own security protocols. Chrome and Firefox particularly are known to have rigorous security in place, despite some questions about privacy when using Chrome.

Malicious downloads and phishing attacks — which are the gateway for ransomware to permeate — are most likely to occur in the browser, where the user is more susceptible to unwittingly releasing these attacks. Enterprises have experienced information leaks such as credentials being extracted from browsers and malicious extensions stealing corporate data.

Zero-days exploits are on the rise too, with Google issuing critical fixes for several zero-day reports this year alone. In fact, Chrome recently requested its 2.6 billion users to be on high alert again, with the search giant uncovering multiple new high-level hacks of its market-leading browser. Updating about the issue in a blog post, Google revealed four high-rated vulnerabilities and has released a critical update — but warned users that the rollout is staggered and not everyone will be able to protect themselves immediately.

According to a Forbes article, Chrome continues to be targeted with “Use-After-Free” (UAF) exploits. Having already experience double-digit UAF attacks in September, hackers have already exploited a zero-day UAF flaw in Chrome this month, ahead of the latest discovery.

 A secure browser for corporates

With browsers seemingly more vulnerable to threats these days, can enterprises have a secure browser when using the internet, especially with remote and hybrid working the new normal? For Talon Cyber Security, it just might be possible to create a secure browsing environment. The browser-based security solutions provider recently launched TalonWork, a first-of-its-kind browser-based endpoint solution created to address the unique threats imposed by the needs of a hybrid workforce.

Designed with the employee experience in mind, Talon’s ‘corporate browser’ can be deployed across the organization in less than an hour. Not only does it empower security leaders to make the browser their first line of defense, but it is also cost-efficient and does not require additional hardware investment.

“To enable this instant shift to a distributed workforce, many organizations were forced to quickly patch security gaps using their current IT stack. Talon offers a new and first to market approach and a strategic alternative that is practical and more sustainable,” said Ofer Ben Noon, Talon’s co-founder and CEO.

Talon is currently working with some of the largest employers in the US to protect their evolving global hybrid workforce via its unique, patent-pending technology. This includes enabling organizations to better secure and control access to sensitive data and resources, accelerate onboarding in multiple work scenarios, and enabling rapid and efficient endpoint disaster recovery.

TalonWork can secure browsers through a multi-layered approach as it provides enterprise-grade security regardless of the endpoint. This includes resilience against malware on the device, browser hardening against zero-day exploits, and data leakage prevention mechanisms, integrated into the browser.

More importantly, security leaders will gain full, context-aware visibility into all work-related activity in the browser. This will enable better control and governance across sanctioned and unsanctioned SaaS services, as well as internal web applications.

After all, visibility is key to securing any browser. Without having clear visibility on what remote or hybrid employees are using, enterprises are only making themselves vulnerable to more threats. There might be some privacy concerns concerning visibility. However, employees need to understand that when using company devices, their employers have the right to check their browsing activities, SaaS usage, and security protocols.