Menlo Security VP Andrew Harding Shows How the Company is Bolstering Browser Security Amidst Escalating Cyber Threats

We sat down with Andrew Harding, VP Security Strategy at Menlo Security, to delve into how the company is tackling the escalating challenges of browser security amidst a complex cyber threat landscape.

How does the Menlo Secure Enterprise Browser solution address the unique challenges of browser security in today's increasingly complex cyber threat landscape?  

The Menlo Security Enterprise Browser turns any browser into a secure enterprise browser. The reality is that replacement browsers such as Island only expand the enterprise attack surface, creating an added burden for IT and security teams. Employees spend 75% of their workday in the browser, yet traditional approaches to browser security are failing. Highly evasive threats are weaving past traditional security tooling. In fact, phishing attacks regularly evade all existing protections. Menlo Security recently released research that examined the changing nature of today’s phishing attacks and discovered a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first half. If you zero in on attacks classified as evasive, the research team saw a 206% increase. Add this to the fact that ransomware doubled in 2023 to over $1B in payments, and you are face to face with the urgent need of a new approach to browser security.  

The Menlo Security Enterprise Browser solution is the industry’s first cloud-delivered secure enterprise browser to finally stop these attacks, once and for all. The solution adds the local browser into a layered security architecture by managing it with a curated security policy, leveraging it for zero-trust application access, and creating a digital twin of the browser in the cloud to eliminate threats. 

With the introduction of the Menlo Security Browser Posture Manager, what specific gaps in browser policy management are you aiming to fill, and how does this tool automate the process for enterprises?   

During 2023, 175 CVEs classified as high or critical were issued and over 125 new features were added to Chromium, the open-source web browser project that underpins both Google Chrome and Microsoft Edge. Most enterprises neglect browser policy management, because of the time and effort needed to update thousands of settings every two to four weeks. The burden required to track configuration settings and feature additions and the lack of automated tooling has left a significant security gap within these enterprises. Menlo Security Browser Posture Manager automates the process and enables administrators to define policies for browsers and deploy them instantly. Menlo Security Browser Posture Manager works with Microsoft InTune to set browser policies and enables compliance with CIS Benchmarks for browsers. In essence, Posture Manager provides easy browser configuration assessment and instant attack surface analysis. 

 Can you provide more details on how this solution simplifies the adoption of a unified zero-trust access model for both managed and unmanaged systems? 

Enterprises large and small benefit from risk reductions that facilitate more efficient work. Our goal is to avoid forcing our customers – which include nearly 1,000 global enterprises and leading government organizations, including the U.S. Department of Defense – to embrace an entire new browser. The new solution makes zero-trust access easy even on unmanaged desktops and devices through the Menlo Browser Extension and Menlo Security Client, two of the four new innovations being introduced with the launch of the Menlo Security Enterprise Browser solution. The Menlo Browser Extension, which allows users to keep the browser they love, supports unmanaged devices and adds a self-service deployment option. It empowers hybrid workers, contractors, and BYOD workers to do business. The Menlo Security Client, an optional component, enables cloud-based access to legacy applications, going beyond web applications for users that need support for SSH and RDP. 

How does the Menlo Secure Enterprise Browser solution compare to traditional VDI systems in terms of cost-effectiveness, user experience, and overall security, especially for unmanaged users and devices? 

In stark contrast to legacy VDI systems, the Menlo Security solution delivers modern secure remote access for unmanaged users and devices. It supports safe browsing, web filtering, isolated cloud browsing, exploit protection, and zero-trust access without frustrating end users and is significantly more cost effective than VDI, network infrastructure-based, or replacement browser approaches that are offered by other players in the market. Menlo accelerates governance over privileged access while moving past these legacy approaches.

The Menlo Enterprise Browser solution provides unparalleled protection against even the most advanced and evasive threats, no matter what browser users choose. Menlo’s philosophy is that traditional security approaches have run their course and are not up to speed with the evasive threats of today and tomorrow, and that’s what led to the launch of this new solution.