Security’s latest tools: New browsers, ‘posture’ management, virtual assistants

Investors in tech startups like to maintain communities of independent CISOs that entrepreneurs use to explore threats and unsolved problems and to pitch solutions to. In this incubation space, several technologies have begun to stand out: enterprise Web browsers, data posture management, and new takes on automation.

And here’s what they have in common: They’re innovations that reduce complexity. Consider the impossibility of deploying agents or security controls across heterogeneous devices. To achieve full coverage, they must span employees, third parties, and post-M&A workforces — including personal devices that hit the cloud.

RSA’s 2022 Innovation Sandbox winner, Talon Cyber Security, and the startup Island, both believe the enterprise Web browser can solve this and become an external leg of the cloud security architecture.

User data travels in an encrypted connection between the cloud and the browser, the latter of which has been leaky. These new browsers are hardened to malware, contain data loss by blocking uploads, downloads, screen captures, or cut and paste. They also add a layer of privacy. As Ashland CISO Bob Schuetter notes, his secure browser masks Social Security numbers on the screen “so the service reps don’t have to look at the actual numbers all day.”

These browsers even allow recording sessions for visual playback during incident response. “In reality, what they are is a secure gateway for tracking who’s using what SaaS resources,” says Dr. Shane Shook, a cybercrime consultant and expert witness.

Compartmentalized away from the rest of the endpoint, a secure browser sandboxes Web client code, contains the accessed cloud data, and secures traffic between device and cloud. Proponents believe it could become the new cloud perimeter and deliver some of the failed promises of data loss prevention.

Automation Is Bigger Than SOAR

2022’s upstarts are pushing automation beyond the security orchestration and automated response (SOAR) category. Many of them note that SOAR speaks to a past when security was dominated by incident response.

Cybersecurity is now under the CIO as much as the CISO. All this creates a huge divide between the CISO’s organization that detect threats and the remediation plans which must span multiple departments, and often extend to partners.

To read the complete article, visit Dark Reading.