SURF, a zero-trust browser, recently emerged out of stealth with a seed funding round led by 11.2 Capital, Okta Ventures, & Mango Capital. We spoke with Moty Jacob, CEO, SURF, to learn more about the company, its mission, and what security challenges its aiming to solve for organizations in the age of remote and hybrid work.
What is the difference between a regular browser and an identify-first enterprise browser?
Although the modern browser is the most common application used by enterprises worldwide, it wasn’t designed to be an enterprise tool. It was originally meant for consumers so they could easily surf the web.
Now, because of the growth of SaaS, cloud-based applications and data, the web browser has become the general OS to access company resources. With that in mind - because the common browser wasn’t designed for enterprises - companies face the enormous challenge of adding additional security measures in an attempt to compensate for the lack of security features built into “regular” browsers.
The fact that employees can download any browser they choose to work with means they are using an insecure environment to access the company’s assets and creating a massive attack surface adversaries can exploit.
An identity-first enterprise browser stops the risks associated with BYOD and corporate data flowing through and residing on countless devices, directly addressing the complexity of today’s multiplatform threat surfaces and collapsing the security stack into one single control point – the corporate browser.
Implementing a Zero-Trust browser lowers dependency on security tools and reduces security complexity and vulnerable plug-ins. It ensures that security starts at the user identity, making it easier to track and ensure that team members access only what they need, to get the job done.
What is the mission of SURF?
SURF Security’s Zero-Trust enterprise browser was born out of the understanding that security teams can only handle so much when it comes to balancing security, privacy, and business operations. Corporations are adopting hybrid and remote work and are struggling with securing the access and devices. It’s time for a different approach to tackling enterprise security.
We’re a company that was built by CISOs for CISOs, so we understand the challenge CISOs face today - closing the security loop without affecting productivity or agility. By collapsing the security stack into one single power control point, SURF provides security leaders with unprecedented visibility into all employee corporate activity without compromising on their privacy and is redefining enterprise cybersecurity by making the browser the organization’s security asset, securing a distributed workforce, BYOD and 3rd parties.
What are the main security challenges you're looking to solve?
To keep attack surfaces as small as possible, CISOs and security experts are faced with the challenging task of managing a significant volume of complex security tools. Security teams are having difficulty managing so many tools across many different platforms and need a solution that aligns with companies' need for agility and security simultaneously, not at the expense of one or the other. SURF’s Zero-Trust, identity-based browser directly addresses the complexity of today’s multi-platform threat surfaces.
What are your areas of focus in 2023 coming out of stealth?
Our aim is to help global enterprises close their security gaps without affecting their productivity. Our platform supports work from office, remote worker, and on-premises secure access use cases allows companies to supplement or replace their VDI, RBI, VPN, SWG, CASB, ZTNA, and more. We’re focused on fulfilling this challenge as well as helping organizations allow their employees, contractors, and third-party partners to work whenever, however, and wherever they want, on any device, able to access any data and application securely, on-premise or in the cloud.
In addition, the way SURF is built means that it works on the local machine without any heavy infrastructure hosted in the cloud or remote servers, significantly reducing licensing and operational costs.
How do you see the threat landscape evolving in the new year?
Today’s new world of hybrid work combined with the proliferation of enterprise SaaS applications has reshaped the way we work. The use of the web has become the foundational access point through which most employees perform almost all their day-to-day responsibilities. This new way of working has overwhelmed security teams, who are constantly implementing and trying to manage complex security tools to try to keep up with security gaps and prevent sensitive data from falling into the wrong hands.
As remote and hybrid work structures become more permanent, companies are hiring more employees who are based out of different countries, making it difficult to supply company devices, thus losing control of their security. In addition, some of these contractors are working for more than one organization, making security even more complex.
As this happens, coupled with CISOs' attempts to protect all web applications and Internet-accessible data, the security stack will only continue to grow, drive up costs, and leave IT teams spread even thinner.
Another challenge companies will be facing has to do with contractors being more prevalent; Thanks to the massive number of employees resigning from their jobs over the past couple of years, IT teams were left short staffed. To fill in the gaps, companies have been hiring third-party contractors. This approach is costly and risky in terms of the potential for the theft of sensitive data.