I was thrilled to catch up with SquareX during Black Hat USA 2024. SquareX is a cybersecurity startup that specializes in enhancing browser security and privacy through innovative solutions. The company offers a cutting-edge browser plugin designed to protect users from a wide range of online threats, including malware, phishing attacks, and invasive tracking. By focusing on browser security, SquareX ensures that users can browse the internet safely, with their personal data and privacy safeguarded.
Watch my TV interview with the SquareX CEO by clicking here.
Listen to my podcast with him by clicking here.
SquareX’s browser plugin works by isolating and neutralizing potential threats in real time, preventing them from affecting the user’s system or compromising sensitive information. This proactive approach to browser security provides a seamless and secure browsing experience, allowing users to navigate the web with confidence and peace of mind. The company’s mission is to make online activities safer and more private by offering powerful, easy-to-use tools that integrate directly into the browser.
The web browser is the most used application within the enterprise but also the least protected. It is predicted that by 2025, around 85% of business apps will be SaaS-based. Bad actors are now increasingly targeting the weakest link: employees and consultants. Unfortunately, most of these attacks happen online when the employee or consultant is going about his daily work. Existing security solutions like Secure Web Gateways (SWGs) as part of SASE/SSE solutions are unable to protect users against modern web threats that happen on the client side, and endpoint security solutions have no visibility into what happens in the browser during an attack. This makes it currently impossible for enterprise security teams to detect, mitigate and threat hunt these attacks.
SquareX helps organizations detect, mitigate, and threat hunt web attacks happening against their users in real-time. With their innovative browser-native security product, SquareX safeguards enterprise users from a spectrum of web-based threats, encompassing malicious files, websites, scripts, and compromised networks. SquareX combines rules-based methods, heuristic analysis, and machine learning algorithms that run in the browser to continuously monitor page DOM changes, user interactions, and web traffic patterns to identify and block potential threats in real-time. Their technology can be deployed on any browser and does not need to inconvenience enterprises with a custom browser which additionally opens them up to other threats.
As an attack-focused organization, SquareX released multiple exposés on the current state of security. At DEF CON 32 Main Stage, SquareX presented ground breaking research on more than 30 attacks that bypass traditional Secure Web Gateways. These attacks exploited architectural flaws in cloud-proxy based solutions which allow attackers to smuggle well known malware, even famous ransomware like WannaCry, through SWGs. The release of this research sparked many SWG vendors and clients to test their browser security posture against the open-source framework available at https://browser.security. This research will have a massive impact on the 40 Billion dollar SASE / SSE market today, with every large security vendor having a SWG which is vulnerable to this class of attacks.
Previously, SquareX had also tested popular email gateways and discovered alarmingly low file scanning capabilities, leaving everyday email users vulnerable to document-based attacks. Numerous well known media outlets, such as Forbes, The Register, CyberNews, SecurityWeekly, to name a few, covered these exposés.
“If you have to build a client-side web attack monitoring product, it has to have a browser component. Without having access to DOM changes, browser events, user interactivity etc., it is just impossible.” – Vivek Ramachandran, Founder & CEO of SquareX
While SWGs provide some metrics for securing web traffic, such as detecting and blocking malicious URLs and content, filtering based on website categories, DNS filtering and scanning files for malware during downloads and uploads, they do not allow the creation of flexible security policies due to the limitations imposed by high computational costs associated with cloud-based solutions.
Further, SWGs are not application context aware, which is SquareX’s greatest strength. With SquareX, every user interaction with the web, ranging from clipboard access, browser extensions, web app identity, SaaS app permissions, can be used to create policies to allow, block or isolate an action. SquareX provides these granular metrics by leveraging in-browser computations, which reduce costs and improve performance. As a result, SquareX offers superior control and visibility, enabling a more comprehensive approach to securing web interactions directly at the browser level.
Visit sqrx.com for tons of different use cases that SquareX can help you with and sign up for an obligation free enterprise pilot. Find them on Twitter (X) @getsquarex #BrowserSecurity #Cybersecurity #BeFearlessOnline
About the Author
Gary Miliefsky is the publisher of Cyber Defense Magazine and a renowned cybersecurity expert, entrepreneur, and keynote speaker. As the founder and CEO of Cyber Defense Media Group, he has significantly influenced the cybersecurity landscape. With decades of experience, Gary is a founding member of the U.S. Department of Homeland Security, a National Information Security Group member, and an active adviser to government and private sector organizations. His insights have been featured in Forbes, CNBC, and The Wall Street Journal, as well as on CNN, Fox News, ABC, NBC, and international media outlets, making him a trusted authority on advanced cyber threats and innovative defense strategies. Gary’s dedication to cybersecurity extends to educating the public, operating a scholarship program for young women in cybersecurity, and investing in and developing cutting-edge technologies to protect against evolving cyber risks.
