In today’s world of cloud-first modern enterprises, the web browser is the entrypoint to many critical company resources. Sensitive corporate credentials, session tokens, MFA authenticated services, emails and documents – ranging from employee pay stubs to client contracts – live in resources such as cloud drives and third party SaaS applications. In addition to corporate resources, it is also common for employees to access personal websites on company machines. Hence monitoring and protecting browser usage within a corporate setting is paramount.
Companies can go about this by installing agents on the user OS but there are several problems with this approach including: Significant time and resources needed to deploy and configure; resiliency issues as demonstrated with recent outages; missed context on user behavior which increasingly takes place on the browser; performance impact on employee machines; poor employee privacy control.
While agents may be appropriate in some situations, the majority of customers demand lightweight and resilient approaches that allow security teams to get the right visibility while preserving corporate resiliency, employee privacy & company culture.
In order to enhance its agentless insider-risk and human security offering, Anzenna has released an optional browser extension that customers can deploy to solve specific browser level security problems while protecting employee privacy.
Our browser extension securely tracks employees’ security posture on the web. The scope of data collection is centrally managed by the security team within a specific customer environment. Errors are sandboxed to the browser and can be unilaterally rolled back because they don’t touch the underlying OS.
Here are some key use cases we address via the browser extension:
- Data exfiltration: Track downloads of sensitive company resources (e.g. documents originating from the corporate drive) and keep track of where they have been uploaded and shared. This is especially important with the increasing use of AI tools such as GPT to perform tasks on company resources. The scope of data collection is configurable by security admins to balance employee privacy with risk visibility.
- Shadow IT tracking : Employees may use unapproved applications (e.g., note taking, management, and AI tools) to perform day-to-day tasks. Since these applications may not be accessed via the enterprise SSO, security teams have no visibility over them. Any data breaches in these applications would go undetected and leak sensitive company information.
- Unsafe password usage : Track employee password hygiene. Are they using password managers or sharing passwords across websites? Have their credentials been compromised in a recent security breach?
All of the collected data is easily viewable and queryable via the Anzenna admin interface.
Anzenna serves as the ultimate source of truth for people-security data, enhancing existing controls and pinpointing areas needing reinforcement. Leveraging AI to forecast and curb insider risks, Anzenna proactively counters both malicious and accidental threats within minutes, offering a modern alternative to traditional siloed security measures such as UEBA, SaaS Security, and conventional security training.
Contact Anzenna to learn more and get a free Insider Risk Assessment today!
