|
|
|
|
IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Executive Summary
The boundless flexibility of the browser has made it more than the preferred endpoint platform
for today’s applications. Its ubiquitous availability, flexibility and extensibility have also made it an
increasingly popular target of attack. The browser has become one of the most adaptable computing
platforms ever conceived. This adaptability can be leveraged by the malicious, as well as by legitimate
users—no small threat considering just how pervasive the browser has become, and the extent of
sensitive content it handles.
Many of today’s browser attacks have been designed to evade a number of legacy defenses. This has
made it not just important but critical for defenses that will protect the browser itself—and one of the
most effective tools of defense is browser virtualization.
With the introduction of the Dell KACE Secure Browser as a freely available resource, Dell KACE
introduces security specifically for the browser that features enterprise manageability. The Secure
Browser is a virtualized browser that offers control over browser execution; optional white and black
list control over browser processes; constraints on changes
enhancements; and resilience against browser attacks. Attempted
By leveraging the capabilities
of virtualization to secure
the browser, Dell KACE
acknowledges a need
that enterprises can no
longer afford to ignore.
the KACE K1000 Management Appliance.
With these capabilities, KACE introduces a new level of security specific to the browser and browser
threats. As part of a defense-in-depth strategy, KACE leverages browser virtualization to provide
an added layer of insulation and control against attacks that seek to exploit the seemingly limitless
capability of the browser. By leveraging the capabilities of virtualization to secure the browser, KACE
acknowledges a need that enterprises can no longer afford to ignore, with a new and potent weapon in
the arsenal of defense against today’s browser-focused attacks.
The Browser: Today’s Target of Opportunity for Attackers
The impact of the Web has been nothing short of revolutionary. What began as an evolution in client-
server computing has come to dominate—and in many ways, define—today’s application landscape.
The seemingly limitless flexibility of the Web has made its universal client, the browser, into an equally
universal platform for delivering application content of nearly any kind.
Part of this broad flexibility is enabled by browser extensions, add-ons and so-called “helper objects”
that make browsers adaptable to an open-ended range of applications and content. Even greater flex-
ibility has resulted from expanding the client-side execution capability of browsers themselves, through
techniques such as those collectively known as AJAX (Asynchronous JavaScript and XML).
Virtualizing the Browser Against Security Threats: The Dell KACE Secure Browser
©2010 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
Page 1
to the browser and its extensions, add-ons and other browser
threats or illicit activity are contained within the virtual browser
environment, and can be eliminated with a single click by either
individual users or centralized remote administration. The Secure
Browser can be reset on-demand to roll it back to its initially
installed state. This control can be exercised by the individual
user, or can be initiated remotely throughout the enterprise via
IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Increased opportunity often brings increased risk, however, and the dynamic expansion of the browser
has been no exception. Attackers as well as legitimate users can take advantage of the browser’s
expansive capability. Browsers can be exploited to surreptitiously download threats, through exploitive
techniques such as phishing, cross-site scripting (“XSS”), illicit applications, or even through visiting
legitimate Web sites having vulnerabilities that have been compromised by attackers. The latter is an
example of a systematic approach to exploit, where the attacker first compromises a vulnerable Web
site or Web application, then exploits the vulnerability to get the site to host malware (malicious soft-
ware) as well as the means to propagate “drive-by” downloads of malware using exploits often hidden
in what appears to be legitimate Web site content.
This extreme capability, extensibility and flexibility of the browser
have made it one of today’s most popular targets of attack. The
malicious have turned their attention to the browser and browser
enhancements, not only because they expand the attack surface,
but because this rich capability is often under the direct control
of the user. Users can often make changes to the browser at will,
adding extensions, changing security policy, accessing malicious
applications that run in the browser, or even simply visiting
The extreme capability, flexibility
and extensibility of the browser
have made it one of today’s
most popular targets of attack.
legitimate Web sites that may have been compromised to become purveyors of drive-by attacks, unbe-
knownst to the unsuspecting individual.
When these exposures are exploited to the detriment of the enterprise, the effective result is that the
enterprise has placed its security in the hands of the user, and what the user can do with the browser’s
virtually unlimited potential. These exploits may not only be transparent to ordinary users—they may
also evade common security tools such as desktop antivirus and host intrusion prevention.
A Better Approach: Browser Security through Application
Virtualization
What can enterprises do to get better control over the browser’s many security vulnerabilities? One
approach is to get better control over the browser itself—and a compelling way to do this is through
browser virtualization.
Browser virtualization is an example of application virtualization for the endpoint. Application
virtualization may be served from the data center, or it may be a locally executing encapsulation of an
application in an isolated virtual environment. This isolated environment can be defined and managed
by the enterprise in order to balance browser flexibility with more direct control over a wide range of
security risks through the unique capabilities of virtualization. As part of a defense-in-depth strategy,
browser virtualization offers a number of distinct security advantages over alternatives.
One approach that combines the management advantages of a connected endpoint with local execu-
tion of virtual applications that allows endpoints to work in both online and disconnected mode is the
Dell KACE Virtual Kontainer. Recognizing the high security potential of this technology for giving
businesses better control over browser security risks, KACE has applied this technology to deliver the
Secure Browser.
Virtualizing the Browser Against Security Threats: The Dell KACE Secure Browser
©2010 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
Page 2
|
|
|
|