Season 4 Kickoff - Browser Security - Dr. Chase Cunningham- #38

Security Architecture Podcast

Το περιεχόμενο παρέχεται από το Evgeniy Kharam & Dmitry Raidman, Evgeniy Kharam, and Dmitry Raidman. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Evgeniy Kharam & Dmitry Raidman, Evgeniy Kharam, and Dmitry Raidman ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

2+ y ago 16:52

MP3•Αρχική οθόνη επεισοδίου

Join us for a Season 4 kickoff Episode, This season we are transitioning to a more end user-centric security topic Browser Isolation. This security concept is an old concept and goes back to 1995 when CITRIX was first introduced. However, since then many things have changed and the fact we are using browsers for almost anything at work including gaming and video consumption brings the need for defense-in-depth and zero trust

We invite you to join us and watch the kickoff episode!
There are about 1.7 billion websites on the internet, and 4.5 billion people interact with these websites daily. An unprecedented number of 500,000 new websites are created daily following websitesetup.org stats. This noise serves as a great disguise for the adversaries. While the bad actors adopt automation and DevOps in line with the rest of the market, they can spin up new phishing websites with high similarity to the original website. Other attack vectors that gain popularity are infecting legitimate websites with malware or utilizing formjacking and other OWASP Top 10 weaknesses. That being said, it's challenging to be reactive to protect people when we know the adversaries are always one step ahead. This is where the Isolation or air-gaping approach for the websites could be a helpful mechanism in protecting the end-user.
The season will examine a few approaches and solution architectures by vendors:
-Remote Browser Isolaiton
-Secure Enterprise Browser
-Browse Plugin based Security
We believe that this topic is fascinating and has so many great solutions on the market. You will have the opportunity to familiarize yourself with many great options to protect the end-user and also a variety of attacks such as:
-Malicious documents and files download
-Drive-by downloads
-Redirect attacks
-Zero-day exploits
-Cross-site scripting
-A load of malicious Java scripts
-Malvertising
-Cookie stuffing and session fixation
Here are some of the questions we plan to ask the participants,
-What's the name of the offering/product addressing the browser isolation?
-Describe your overall architecture at a high level?
-What is the user experience compared to browsing, especially with SPA (Single Page Application)?
-Please describe how you integrate with IAM/SSO providers?
-How would your technology work with existing SWG or ZTNA vendors? Does it replace or complement it?
-Is the isolation done for all URLs/APPS or only for the risky ones?
-Can I use the solution to isolate internal web-based resources and how can you support legacy web applications that run only on old versions of Internet Explorer?
-Please describe how users can work and edit documents via browser?
-How does your solution address BYOD Devices? How about Mobile devices?
-How do your products work with browser extensions such as Lastpass, Webex, etc.?
-How can the organization get visibility or a report of attacks prevented by the technology?

51 επεισόδια

#Tech #Evgeniy Kharam & Dmitry Raidman #Dmitry Raidman #Evgeniy Kharam