The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies. Credit: Billion Photos / Shutterstock CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication (MFA) attacks targeting session cookies. “Developing an enterprise browser — with an identity-first, security-first approach — was a natural progression for our business,” Gil Rapaport, GM Access at CyberArk, said in a statement.What can IT teams expect from CyberArk Secure BrowserThe browser is based on the Chromium open-source browser and supports zero trust with integrated security, centralized policy management and productivity tools. Being a feature of the vendor’s Identity Security Platform means that IT managers can tailor security, privacy, and productivity controls on managed and unmanaged devices, according to CyberArk.CyberArk’s enterprise browser will dynamically mirror controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, with the goal to reduce IT overhead and accelerate the deployment.The key feature shared so far are: Cookieless browsing allows users to access and use web-based resources without exposing or saving a static cookie file on the users’ devices. This approach, the company said in a statement, makes it difficult for attackers or third parties to steal, forge, alter, or manipulate cookies to gain unauthorized access to sensitive resources. It also helps ensure that users’ web sessions, data and accounts remain confidential and secure.Data exfiltration protections offer fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data.Password replacement where the browser displays a one-time alphanumeric string instead of stored credentials for privileged resources or websites. This string works only once, only in the CyberArk Secure Browser so users can never see privileged credentials in plain text.CyberArk Secure Browser will support third-party identity providers and out-of-the-box integrations with the CyberArk Identity Security Platform solutions. This includes the vendor’s Workforce Password Management and Secure Web Sessions. This will enable customers to customize session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints.A quick access sidebar allows end users to use their single sign-on (SSO) credentials to access frequently used apps, third-party tools, and CyberArk privileged access management (PAM) resources directly from CyberArk Secure Browser with one click.Other secure enterprise browsersMore than a handful of other secure enterprise browsers are available. One is Chrome Browser, which has both built in and added controls. These include preventing malware and isolating malicious web pages, quick fix for zero-day vulnerabilities, and options to manage policies and set up extension permissions.Talon’s enterprise browser is another option with full picture of browser activity, session recordings for forensic investigations and compliance, integration with SIEM and XDR platforms, protection against malware and phishing and many other features. Others, like LayerX, offer a browser security platform delivered as a browser extension. It can be applied to existing browsers extending zero trust approach to the browser and protecting unmanaged devices among other features. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe