New Report
Menlo Security finds a new sophisticated phishing campaign.
Icon Rounded Closed - BRIX Templates

Coalfire Guidance on Menlo for Zero Trust

|

In today's ever-evolving cybersecurity landscape, every organization finds itself at a unique point in the zero trust journey. Whether you're just beginning to lay the groundwork or are refining and optimizing an established framework, understanding your current position is crucial. This isn't just about implementing the latest technologies—it's about cultivating a mindset and strategy that prioritizes security at every level.

Image of a 5 step process for Zero Trust Journey

The journey to zero trust is complex and continuous. It involves adopting new processes and rethinking how existing assets, like your web browsers, fit into the overall security architecture. Too often, organizations fall into the "watermelon green" trap: they believe their security posture is strong because everything appears stable on the surface.

However, beneath that reassuring green lies a hidden layer of risk—unknown assets, unaddressed vulnerabilities, and overlooked threats that could compromise your security. To truly advance inZero Trust maturity, it's essential to continuously identify and mitigate these hidden risks. And this vigilance should extend to every asset in your environment, including your web browsers.

Zero Trust is a marathon

Implementing an effective zero trust strategy is a marathon, not a sprint. This journey requires sustained effort and vigilance, with the ultimate goal being seamless and transparent security integration. The objective should be to create a system where security measures are robust yet unobtrusive, supporting business operations without causing friction. By focusing on uncovering hidden risks in browser sessions and committing to a long-term, adaptive security strategy, you will build a resilient and dynamic zero trust framework that evolves with your organization’s needs.

Zero Trust is for web browsers, too

Web applications and the browsers that render them must adhere to zero trust principals. Last year, Gartner stated in the report Emerging Tech: Security — The Future of Enterprise Browsers that by 2027, the enterprise browser will be a central component of most enterprise super app strategies as productivity capabilities drive adoption.

Web browsers are super apps. Want any proof? Look at your own desktop. How many browser tabs? How many apps are you running other than your browser? It’s arguable that you..and I…and everyone else, are spending more time in a browser than we are sleeping! Coalfire’s discussion on browser security, as it applies to zero trust, is your guide to securing this critical super app as part of your broader zero trust strategy.

Challenges of Zero Trust with web browsers

Implementing zero trust with web browsers presents unique challenges, particularly in terms of user adoption. The recently released Air Force Zero TrustStrategy highlights that “the greatest risk to their zero trust strategy is institutional resistance to change.”

Some solutions on the market actually demand that users switch to new and unfamiliar browsers, creating significant barriers to adoption. Additionally, other browser security solutions often rely on installable software on the endpoint, introducing complexities and vulnerabilities.

Coalfire Product Applicability Guide

So, what can you do about browser security and zero trust? To help, Jason Wikenczy of the respected analyst firm Coalfire recently assessed how the Menlo Security solution aligns with the April 2023 CISA ZeroTrust Maturity Model and then delivered a new Product Applicability Guide pertaining to their assessment.

Thumbnail view of Zero Trust Maturity Model report

The guide delves into the Menlo Secure Enterprise Browser solution, evaluating how it aligns with the technical requirements of ZTMM 2.0. Leveraging Coalfire’s assessment methodology, the guide examines how Menlo’s security capabilities, functions, and features support a zero trust architecture (ZTA).

By viewing our solution through the eyes of an assessor, the guide aims to help you determine if the Menlo Secure Enterprise Browser is a good fit for your organization. Although it’s a detailed document, it offers valuable insights and discusses numerous deployment options and is worth a read.

Coalfire’s thorough review of the Menlo SecureEnterprise Browser solution confirmed its effectiveness in meeting zero trust objectives. Menlo’s capabilities provide essential controls for securing and managing access to applications in a zero trust setting.

Key functionalities include granular access control, data security within applications, user behavior analytics, continuous monitoring, verification, and of course enforcement. These features collectively contribute to a mature zero-trust posture.

Zero Trust Maturity Model Pillars diagram

We captured a helpful summary of the Coalfire analyst’s opinion in the table below. The “maturity alignment” column offers the Coalfire assessment of how the Menlo Secure Enterprise Browser solution aligns with each of the ZTMM 2.0 functions.

Table iamge

Zero Trust in the modern enterprise

The Coalfire PAG comprehensively demonstrates and documents what we observe in our customers every day: the Menlo Secure Enterprise Browser solution offers a platform for implementing zero trust objectives in a modern application environment.

As validated by Coalfire, the Menlo Secure Enterprise Browser and its capabilities across all the 800-207 tenants and the CISA ZTMM pillars truly make it an invaluable asset for organizations aiming to enhance their security posture within a zero trust environment.

Coalfireis not the only analyst firm to confirm that Menlo is a zero trust solution.You might also find the GigaOm Radar Report for Zero-Trust Network Access(ZTNA) worth a read. Download it now.

Menlo Security

menlo security logo
linkedin logotwitter/x logofacebook logoSocial share icon via eMail