The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies. Credit: Billion Photos / Shutterstock CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication (MFA) attacks targeting session cookies. “Developing an enterprise browser — with an identity-first, security-first approach — was a natural progression for our business,” Gil Rapaport, GM Access at CyberArk, said in a statement.What can IT teams expect from CyberArk Secure BrowserThe browser is based on the Chromium open-source browser and supports zero trust with integrated security, centralized policy management and productivity tools. Being a feature of the vendor’s Identity Security Platform means that IT managers can tailor security, privacy, and productivity controls on managed and unmanaged devices, according to CyberArk.CyberArk’s enterprise browser will dynamically mirror controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, with the goal to reduce IT overhead and accelerate the deployment. The key feature shared so far are: Cookieless browsing allows users to access and use web-based resources without exposing or saving a static cookie file on the users’ devices. This approach, the company said in a statement, makes it difficult for attackers or third parties to steal, forge, alter, or manipulate cookies to gain unauthorized access to sensitive resources. It also helps ensure that users’ web sessions, data and accounts remain confidential and secure.Data exfiltration protections offer fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data.Password replacement where the browser displays a one-time alphanumeric string instead of stored credentials for privileged resources or websites. This string works only once, only in the CyberArk Secure Browser so users can never see privileged credentials in plain text.CyberArk Secure Browser will support third-party identity providers and out-of-the-box integrations with the CyberArk Identity Security Platform solutions. This includes the vendor’s Workforce Password Management and Secure Web Sessions. This will enable customers to customize session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints.A quick access sidebar allows end users to use their single sign-on (SSO) credentials to access frequently used apps, third-party tools, and CyberArk privileged access management (PAM) resources directly from CyberArk Secure Browser with one click.Other secure enterprise browsersMore than a handful of other secure enterprise browsers are available. One is Chrome Browser, which has both built in and added controls. These include preventing malware and isolating malicious web pages, quick fix for zero-day vulnerabilities, and options to manage policies and set up extension permissions.Talon’s enterprise browser is another option with full picture of browser activity, session recordings for forensic investigations and compliance, integration with SIEM and XDR platforms, protection against malware and phishing and many other features. Others, like LayerX, offer a browser security platform delivered as a browser extension. It can be applied to existing browsers extending zero trust approach to the browser and protecting unmanaged devices among other features. Related content brandpost Sponsored by Microsoft Security What will cyber threats look like in 2024? Analyzing incidents in the past will help advise a stronger cybersecurity strategy in the future—2024 and beyond. By Microsoft Security Apr 24, 2024 5 mins Security news analysis How the ToddyCat threat group sets up backup traffic tunnels into victim networks The Chinese APT group is using a variety of tools to infiltrate networks and steal large amounts of data. By Lucian Constantin Apr 24, 2024 6 mins Advanced Persistent Threats Threat and Vulnerability Management Network Security news New OT security service can help secure against critical systems attacks Critical Start’s new offering is designed to handle security teams with specialized detection and response tooling for operational technology systems. By Shweta Sharma Apr 24, 2024 3 mins Security Software feature What is biometrics? 10 physical and behavioral identifiers that can be used for authentication Biometrics has the potential to make authentication dramatically faster, easier and more secure than traditional passwords, but companies need to be careful about the biometric data they collect. By Maria Korolov Apr 24, 2024 14 mins Biometrics Authentication Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe