CyberArk’s enterprise browser promises zero-trust support, policy management

CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication (MFA) attacks targeting session cookies. “Developing an enterprise browser — with an identity-first, security-first approach — was a natural progression for our business,” Gil Rapaport, GM Access at CyberArk, said in a statement.

What can IT teams expect from CyberArk Secure Browser

The browser is based on the Chromium open-source browser and supports zero trust with integrated security, centralized policy management and productivity tools. Being a feature of the vendor’s Identity Security Platform means that IT managers can tailor security, privacy, and productivity controls on managed and unmanaged devices, according to CyberArk.

CyberArk’s enterprise browser will dynamically mirror controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, with the goal to reduce IT overhead and accelerate the deployment.

The key feature shared so far are:

• Cookieless browsing allows users to access and use web-based resources without exposing or saving a static cookie file on the users’ devices. This approach, the company said in a statement, makes it difficult for attackers or third parties to steal, forge, alter, or manipulate cookies to gain unauthorized access to sensitive resources. It also helps ensure that users’ web sessions, data and accounts remain confidential and secure.
• Data exfiltration protections offer fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data.
• Password replacement where the browser displays a one-time alphanumeric string instead of stored credentials for privileged resources or websites. This string works only once, only in the CyberArk Secure Browser so users can never see privileged credentials in plain text.
• CyberArk Secure Browser will support third-party identity providers and out-of-the-box integrations with the CyberArk Identity Security Platform solutions. This includes the vendor’s Workforce Password Management and Secure Web Sessions. This will enable customers to customize session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints.
• A quick access sidebar allows end users to use their single sign-on (SSO) credentials to access frequently used apps, third-party tools, and CyberArk privileged access management (PAM) resources directly from CyberArk Secure Browser with one click.

Other secure enterprise browsers

More than a handful of other secure enterprise browsers are available. One is Chrome Browser, which has both built in and added controls. These include preventing malware and isolating malicious web pages, quick fix for zero-day vulnerabilities, and options to manage policies and set up extension permissions.

Talon’s enterprise browser is another option with full picture of browser activity, session recordings for forensic investigations and compliance, integration with SIEM and XDR platforms, protection against malware and phishing and many other features. Others, like LayerX, offer a browser security platform delivered as a browser extension. It can be applied to existing browsers extending zero trust approach to the browser and protecting unmanaged devices among other features.