New Report
Menlo Security Named a Leader in GigaOm Radar Report for Secure Enterprise Browsing
Icon Rounded Closed - BRIX Templates

ブラウザセキュリティ

ブラウザは企業にとってなくてはならないアプリケーションですが、一般的なセキュリティ制御の盲点でもあります。最も広く使用されているビジネスアプリケーションであるブラウザは、脅威アクターの主要な標的となっています。ブラウザセキュリティにより、企業は最も重要な企業資産を保護することができます。

__wf_リザーブド_デコラティブ

Research has shown that the browser is the most widely used application in the enterprise, and Google Chrome and Microsoft Edge are by far the most popular. Both of these fully featured browsers are provided at no charge, making them an excellent choice for enterprises and end-users alike.

As they have evolved, these browsers have added an astonishing number of differentiated features, becoming more like an operating system than a simple method of fulfilling search queries. Like any other enterprise asset, it is vital to manage these powerful browsers to ensure that their advanced features are used appropriately and that they do not expand the enterprise attack surface or defeat data privacy controls.

Forresterによると、企業ユーザーは勤務時間の最大75%をWebブラウザで過ごしています。現在、脅威アクターは、企業への初期アクセスを試みる 10 回のうち 8 回でブラウザを標的にしています。多くの場合、大規模な企業ネットワークへの攻撃の最初のステップは、ブラウザとユーザーまたはエンドユーザーのデバイスを危険にさらすことです。この傾向は、クラウドサービスとサービスとしてのソフトウェア (SaaS) アプリケーションの普及とリモートワークフォースの増加に伴ってさらに強まっています。これらの変化により、ブラウザの使用量がさらに増加しました。その結果、ブラウザの攻撃対象領域が拡大しているため、企業はブラウザ、ユーザ、およびデータを保護するという課題に直面するケースが増えています。browser security strategy. Even if browsing sessions are isolated and secured, the endpoint browser controls many aspects of how users interact with the web, including managing passwords, validating HTTPS connections, determining what types of data are shared with external services, and more.

What type of policies are managed in the browser? Are they complex?

ブラウザセキュリティとは、マルウェア、フィッシング攻撃、データ侵害などのセキュリティ脅威からウェブブラウザを保護するために実装された対策と技術を指します。

ブラウザセキュリティはどのように機能しますか?

ブラウザは、インターネット経由の攻撃の入り口、データ漏えいの出口、SaaSやプライベートアプリケーションへのアクセスの経路として機能します。によると、攻撃の 98% 以上はインターネットの利用から発生しています。

How important is it for enterprises to manage policies?

Simply allowing the browser to go unmanaged may have been the simplest approach in the past. Unfortunately, this path is increasingly untenable. In part, that’s because many new browser capabilities are created to ease consumer friction and build the browser vendor’s ecosystem. And many of these features are enabled by default.

But these capabilities, while creating conveniences for consumers, can have security, compliance, and privacy implications that are problematic in the enterprise.

What are the compliance implications of browser posture management?

Managing the browser is a vital component of many different types of standards, including those from the Center for Internet Security (CIS). CIS benchmarks are often adopted in the following industries:

  • Healthcare – CIS benchmarks can help to ensure privacy of patient Personally Identifiable Information (PII), and compliance with Health Insurance Portability and Accountability Act (HIPAA).一般的に導入されているセキュリティ制御を回避するゼロアワーフィッシング攻撃からユーザーを保護します
  • Financial Services – CIS standards are often used in banks, insurance companies and other financial institutions. These benchmarks can aid in the protection of customer data, as well as compliance with regulations such as Payment Card Industry Data Security Standard (PCI-DSS).
  • ‍‍State, Local, and Federal Government – These agencies are subject to a variety of compliance requirements. Compliance with security benchmarks for the browser are a vital element.
  • Education – The browser has become integral to today’s educational environment, and safeguarding student and faculty data is important. Following security benchmarks can prevent problems before they happen, while helping institutions to comply with regulations like the Family Educational Rights and Privacy Act (FERPA).

Are you letting your browser — or your users — determine enterprise security?

As mentioned earlier, some browser features can affect overall enterprise security in unforeseen ways, including expanding your attack surface and thwarting data privacy policies. Some elements may require intervention even in cases where the default policies seem appropriate. That’s because if policies are not specifically locked down, websites may query users for access, leaving the choice up to them.

Are you making policy decisions?

Each enterprise — and each group of users within an enterprise — has its own needs and requirements. There is no such thing as “one-size-fits-all,” and you know better what will work than an outsider. The modern enterprise browser has flexible policy controls and reporting capabilities to ensure users only have access to the websites, applications and features needed to perform their role. Simplified iterations of policies are important, but whether or not to implement recommendations should remain in-house.

ブラウザセキュリティホワイトペーパー

ブラウザを保護するための適切な方法を見つける