SafetyDetectives spoke with Alon Levin, Vice President of Product Management at Seraphic Security, about the benefits of browser security, cyberattacks that focus on a browser, and he gave some helpful tips for securing your personal data.
Can you please talk about Seraphic Security and the motivation behind founding the company?
Seraphic Security, which launched from stealth in August 2022, delivers a unique enterprise browser security solution. The solution works across any browser, like Chrome, Safari, or Firefox, both managed and unmanaged devices, and whether the user is on-campus or remote. The platform ensures safe browsing and enforcement of corporate policies across public sites and corporate applications, both SaaS and internal.
The rise in remote work, increased adoption of bring your own device (BYOD) environments, and the continued growth of web-based SaaS applications have transformed the browser into employees’ primary productivity tool. This prominence, combined with the fact that browsers are also personal tools, also makes them a significant attack surface. Yet, browsers lack enterprise-grade security and governance capabilities. As a result, attackers that exploit browsers and web application vulnerabilities or leverage social engineering methods for attacks, as well as employees who infringe corporate policy, are putting businesses at risk. And that’s where Seraphic was born.
What are the primary services offered by Seraphic?
Seraphic offers a unique security solution that introduces enterprise-grade browser security and governance on any browser on any device, protecting both the employees and the enterprise assets. Seraphic is the only solution that provides robust protection against zero-days and unpatched n-days. Seraphic also provides effective and unique anti-phishing capabilities and comprehensive protection against clickjacking, XSS, HTML smuggling, and all other web-based attacks.
The Seraphic solution is easy to deploy, has no impact on performance, leaves user experience untouched, and is fully compatible across all browsers, all operating systems, and all devices, including Android and iOS mobile devices.
What is the benefit of browser security, and how does it differ from using an HTTPS website?
HTTPS is an important element of security, but it’s designed to ensure that web traffic isn’t intercepted or manipulated in transit rather than to defend against other types of attacks. The browser is the linchpin of many employees’ day-to-day activities, but it’s also an avenue for threat actors to conduct malicious activities. Any enterprise with employees using the browser as a working and productivity tool needs a browser security tool like Seraphic, especially organizations with hybrid workforces that need to support BYOD & unmanaged devices for both employees and third-party contractors.
What are some of the biggest cyber threats that target a user’s browser?
Because browsers are used for both professional and personal tasks, there is a latent risk of corporate policy infringements by employees due to negligence or occasionally even malicious intent. This is a major concern for organizations. Companies should also watch for these top attack vectors as they navigate how to protect their browsers and businesses:
- Phishing: Phishing attacks can begin with email messages, but serious phishing attacks do their damage via a browser. Phishing targets are often directed to a malicious, yet normal-looking website that could be disguised as a bank website, for example, with a URL like www.chase.co instead of www.chase.com. If the target isn’t paying close attention, they may log in as usual and hand over their credentials to an attacker. This attack method utilizes a vulnerability that is hard to fix: the human element. In today’s fast-moving world, it’s easy for us as humans to miss potential small changes in a URL, and the everyday consumer isn’t worried about the possibility of being hacked. This is why we have seen the trend of phishing dramatically rise over the last few years.
- Browser Exploits: Some of the risks associated with the browser emerge from exploits attacking the browser itself. While this is nothing unique to the browser, it’s still something that can be hard to prevent. For example, the complex code that makes up a browser may contain an error that can be exploited by a hacker for the execution of malicious code on the target machine when a user visits a particular website. In many cases, threat actors enter a targeted system through a browser, allowing attackers to use their position in the browser to penetrate corporate networks, exfiltrate data, and more. Meanwhile, the user and their employer may have no idea that they have been breached through a compromised browser.
- Web Application Vulnerabilities: Web application vulnerabilities have been around for years and involve a system flaw or weakness in a web-based application due to misconfigured web servers, and application design flaws that can be exploited to compromise an application via the browser. These vulnerabilities enable attackers to gain unauthorized access to systems through the browser and access critical assets of an organization. Different from browser exploits, this is usually more of a one-step attack.
Is your browser protection designed to replace antivirus software or work with it to prevent malicious attacks?
Seraphic’s browser protection is designed to protect a largely overlooked attack vector that exists on a user’s devices – the browser. Seraphic is made to secure the browser completely and prevent attacks on the browsers, as well as preventing unintentional or intentional corporate data leakage. Seraphic does not stop attacks coming in from external devices or attacks exploiting other endpoint software, which antivirus is designed to help prevent. However, it reduces the number of scenarios where the antivirus software is needed and adds a substantial protection layer on top of the antivirus.
Do you have any tips or advice for the average user to secure their online connection and prevent hackers or scammers from accessing their private data?
For the day-to-day personal use of browsers, our recommendation would be to always use the latest version of your preferred browser (preferably by enabling automatic updates), being vigilant when sites request authentication information or require you to input any identifying/personal/financial information. If you are not sure, look at the site address, and keep an eye out for typos or other things that don’t look right.
For corporate use, we recommend protecting their browsing sessions using Seraphic. Seraphic is designed to reduce the risk to the browser and to the user, but also to dramatically reduce the exposure of corporate data. When using protection platforms like Seraphic, it is still recommended to stay vigilant, but Seraphic will prevent exploitation of the browser even if it’s not on the latest version, and will prevent phishing even if the site asking for credentials looks authentic.