Part 10 of 10 Securing Chrome with Chris Loehr

In the season finale of our Chrome Hardening CIS Benchmark Series, we had the privilege of hosting Chris Loehr from Solis . With decades of experience in cybersecurity, particularly within the financial sector, Chris shared his deep knowledge on the importance of browser hardening and the real-world implications it has for organizations today. This episode was a powerful reminder that when it comes to securing your digital environment, the devil is in the details.

Auditing and Compliance: The Bedrock of Financial Security

Chris opened the discussion by sharing his extensive background in financial services, where the stakes are high, and compliance is critical. In this heavily regulated industry, Chris emphasized that security isn’t just a good idea—it’s mandatory. He discussed how, during his time in banking, using frameworks like Center for Internet Security Benchmarks was essential not only for maintaining security but also for providing defensible proof during audits. Chris underscored the importance of having a standardized approach to security configurations, which can stand up to scrutiny from even the toughest auditors.

One of the standout points Chris made was about the variability in audit practices. He explained how different auditors might have varying expectations, which can lead to inconsistencies. This variability makes it crucial to adhere to established frameworks like CIS, providing a solid foundation that can help organizations avoid the pitfalls of subjective auditing standards.

The Underrated Importance of Browser Hardening

Transitioning into the core topic of the episode, Chris focused on the critical, yet often overlooked, practice of browser hardening. He pointed out that while large enterprises may have long understood the importance of securing browsers, smaller organizations are often still playing catch-up. Chris highlighted that the browser is one of the most powerful tools in an end-user's arsenal, making it a prime target for cyberattacks.

One of the key settings discussed was disabling video capture capabilities. Chris explained that while this setting might cause minor inconveniences—such as limiting the use of video conferencing tools—it is vital for preventing unauthorized access to cameras. This setting is particularly important in environments where privacy and data security are paramount. Chris advised that the potential disruption is a small price to pay for the significant security benefits.

Another critical topic was the disabling of user feedback in Chrome. Chris highlighted the hidden risks associated with allowing browsers to send feedback, which can inadvertently include sensitive information. He stressed that while contributing to browser improvements might seem noble, it’s more important to protect your organization’s data. By disabling this feature, you significantly reduce the risk of sensitive information being exposed.

The Power of DNS Security

The discussion then moved to DNS over HTTPS, a setting that Chris emphasized as crucial for protecting DNS traffic. He explained that while enabling this setting without insecure fallbacks might cause compatibility issues with some legacy systems, particularly in sectors like banking, the security benefits far outweigh the potential downsides. Chris’s experience in financial services underscored the importance of securing DNS, a critical component of internet security, to prevent various types of cyberattacks.

Real-World Challenges and Practical Solutions

Chris also delved into the practical challenges of implementing these security measures in everyday business environments. He acknowledged that while enforcing strict browser settings might meet some resistance, especially from users accustomed to convenience, it’s a necessary step in building a resilient security posture. Chris’s advice was clear: communicate the reasons behind these security measures to gain user buy-in and minimize resistance.

He shared insights from his work in the MSP space, where balancing client needs with stringent security requirements is often a challenge. However, by clearly explaining the risks and the reasons for these settings, organizations can help users understand the importance of these changes and ultimately create a more secure environment.

Chris Loehr on the Future of Browser Security

Throughout the webinar, Chris emphasized that browser security is not a luxury—it’s a necessity. He warned that as cyber threats continue to evolve, the browser remains a significant attack vector. By hardening browser settings according to CIS Benchmarks, organizations can disrupt the attack process, making it more difficult for bad actors to exploit vulnerabilities.

Chris also touched on the importance of continuous learning and adaptation in the field of cybersecurity. As threats evolve, so too must our defenses. He encouraged organizations to stay informed about the latest developments in browser security and to regularly update their settings to protect against new and emerging threats.

Elevating Security Through Collaboration

Partnerships matter, and this week at Senteon, we’ve seen firsthand just how transformative they can be. In the cybersecurity world, the vendor-to-vendor ecosystem plays a crucial role in elevating not only our own security standards but also the overall rapport within the industry. This week, we took a significant step forward by diving into a transparent, close relationship with a new partner. This wasn’t just about business; it was about building something together—something better.

Through this partnership, we received invaluable insights on how to improve Senteon Managed Endpoint Hardening ’s offerings. But it didn’t stop there. Our new MSP partner also facilitated introductions to other vendors, helping us advance our initiative to create a “better together” ecosystem. It’s moments like these that underscore the importance of clear intentions when engaging with other vendors. At Senteon, we pride ourselves on our flexibility. We don’t have corporate hoops or rigid policies dictating how we do business, and that agility allows us to move fast and prioritize the companies and people who prioritize us in return.

The takeaway? Never underestimate the power of other vendors wanting to work together. In a world where security is paramount, these relationships can make all the difference. By working closely with partners who share our vision, we’re not just enhancing our own capabilities—we’re helping to build a stronger, more resilient cybersecurity community.

Act Now to Secure Your Browsing Environment

Chris Loehr’s insights in this episode drive home a crucial point: browser security is an essential aspect of any organization’s overall cybersecurity strategy. The settings discussed, while potentially disruptive, offer significant protection against a wide range of cyber threats. Implementing these changes is not just about following best practices—it’s about safeguarding your organization’s future.

To delve deeper into Chris’s advice and learn how to apply these critical security measures in your own environment, watch the full episode here. Don’t miss out on future webinars—register now for upcoming sessions at this link. For a personalized assessment of your current IT security posture, take advantage of our special offer. Sign up with the comment “settings webinar” at Senteon to generate internal and external free reports and start strengthening your security today.