Recent news of Palo Alto Networks announcing intentions to acquire Talon Cyber Security demonstrates the importance of securing the browser. In Forrester’s 2022 report on browser security, we discussed enterprise browsers — a solution that Talon Cyber Security delivers, along with an extension, for protecting this modern endpoint. What does this acquisition mean to the browser security space and for you, the professional responsible for securely delivering applications through the browser? Let’s start by reviewing the enterprise browser category.
Most organizations use one of the free, publicly available browsers, mainly Google Chrome but also Microsoft Edge and Mozilla Firefox. What all of these browsers have in common is just that — they’re common. Made for use everywhere, from a grandparent browsing their grandchild’s pictures on social media to an SOC analyst investigating a possible breach at a global enterprise, these browsers are made for general use. They do have controls that enterprises can adjust through policies, but underneath it all, they’re the same browser solution that you use on your personal laptop.
Enterprise browsers bring a unique perspective, and by working off the open source Chromium engine (which is the basis for Chrome), they change the features and functions within that engine and recode it to fit the needs of an enterprise.
With your personal browser, you control the settings, what you store, what extensions you load, what cookies are saved, and all aspects of that program. For the enterprise, that needs to be managed and maintained by IT and security operations to ensure that the correct security posture is met to conform to the enterprise’s policies. Where this goes beyond what can be delivered by management of other installed browsers such as Chrome or Edge is that this can be applied to third-party and contract users or on BYOD by using a separate browser that is focused on security and delivered by the business that they’re working with.
Consumers don’t need — or, quite frankly, want — their behavior inside web applications tracked, while within an enterprise, IT and security operations want insights in the event that a user is performing a malicious action or the application itself is misbehaving. Some of this can be delivered through native management, but these enterprise browsers go beyond what’s available.
Downloading files from the web? A grandparent wants to be able to save or upload pictures or any other file (excluding malware, of course) at will, whereas your business wants to be able to enforce data security management policies and control how data is shared inside and outside the business.
Palo Alto Networks’ acquisition of Talon gives validity to the approach that enterprise browsers are taking in offering a secured, managed platform to be delivered wherever the end users, employee, or third party needs to be so they can access their work application. And with Talon and other enterprise browser providers also delivering a browser security extension to add functions to an enterprise’s managed browser, this is an indicator of the importance of securing the browser within the business beyond what’s offered “out of the box” by common browsers.
Palo Alto’s announcement on acquiring Talon states that it is aligning the Talon solutions with its Prisma SASE offering, which should allow customers to control and secure their web application delivery, from the app server to the browser, and provide security teams with needed insight, from the app server to the endpoint. An enterprise browser also helps support a Zero Trust product strategy. Don’t trust the user — verify who they are. Don’t trust the device — verify that it is secure. Don’t trust the modern endpoint — verify that it is protected.