10 Ways to Secure Browsing in the Enterprise
It goes without saying that the Internet isn't a safe place--it's a veritable jungle. In the world of browsers, we, the users, are seen as a delicious and commonly exploited target by many adversaries. Much like in the real jungle, we most often fall prey to lurking predators that bring us down using spear phishing, drive-by downloads and all manner of malware.
Tue, November 01, 2011
CSO — It goes without saying that the Internet isn't a safe place--it's a veritable jungle. In the world of browsers, we, the users, are seen as a delicious and commonly exploited target by many adversaries. Much like in the real jungle, we most often fall prey to lurking predators that bring us down using spear phishing, drive-by downloads and all manner of malware.
Slideshow: The Big, Bad Browser Quiz
[Also read Guarino's 7 Firefox plug-ins that improve online privacy]
Every technology has a downside that will be exploited. As a result, the browser, often called the universal client, is an ever-growing conduit of malware into the modern enterprise. Truth is, malware and its risks are ever evolving with the demands of cybercriminals and black hats, and browsers just happen to be a particularly soft and tantalizing target. Unfortunately, history has shown us that the trend is only accelerating. Despite the more recent evolution of additional security features, the browser remains a good soft target when care isn't taken to lock it down in your enterprise.
It's possible to improve your browser security stance by making some changes to people, procedures and technology. We don't have to be lunch for the piranhas or a quick snack for the tiger; we can defend ourselves in the Internet jungle. Here are my top 10 recommendations for improving the security of your browsing environment.
1. Holistic Patch Management
Patch management is nothing new, but it's rarely done in a holistic, all-encompassing way. Most organizations do a great job of patching core operating systems but sometimes neglect associated core Web technologies such as Adobe Flash and Reader, Apple Quicktime, and Java. Holistic patch management addresses the entire desktop of native and third-party applications, including the browser and all its associated plug-ins, in a comprehensive way.
As if the complexity of the desktop isn't enough, consumerization (the effort of many users to bring their own device into the enterprise) introduces new perils in both patch management and security. Whether it's the executive who wants to use a shiny new tablet with known unpatched vulnerabilities or the user who wants to use a smartphone running an ancient and exploitable browser, patches must be kept up to date. A coherent, holistic effort to patch is helpful in defending against a multitude of known vulnerabilities. Obviously it isn't a panacea--nothing is--and you can't fix zero-day vulnerabilities, but by addressing what you can, you'll reduce your risks and costs.