SquareX Exposes Failures of Secure Web Gateways at DEFCON - How Secure are Yours?
Mike Miller
vCISO | Senior Security Consultant | Penetration Tester on a mentoring mission | Over 25+ Experience in IT and Cyber Security | Teaching People how to be Discovered | Don't Hunt ~ Be the Hunted.
The browser is now the most used tool for productivity.? It is also one of the most vulnerable.
Vivek Ramachandran , founder and CEO of SquareX spoke about a new class of attacks called Last Mile Reassembly Attacks that happen within the browser.? Without getting technical, these attacks have the ability to bypass Secure Web Gateways which many enterprises use today.
This was one of the topics Vivek spoke about on the main stage at Defcon on August 9th.? Vivek has been a major asset to the Cyber Security community for years which has included founding several firms as well as being a well known published author in this industry.
Vivek’s talk was a bit of a game changer as it continually proves that SWGs aren’t always the silver bullet they are thought to be.? He and his team have worked extremely hard to develop a product that eliminates browser security risk, one use case at a time.? Here are the use cases:
To prove the current weaknesses, the team created a framework/toolkit called browser.security , where any organization can test their SWGs capability.
85% of professionals use the browser more than any other application where organizations use their typical Endpoint Security Solutions and Secure Web Gateways.
Most vendors claim they prevent most known malware and viruses embedded in websites, however as demonstrated by Vivek, they are not able to do so.
By digging into the research that Vivek and his team has done, it has really opened my eyes to just how vulnerable our systems still are.? SquareX’s solution is a great solution to protect browsers from what SWGs are not able to.
References:
2. Press Release Coverage: Pre-Defcon Talk:
领英推荐
b) CyberNews:?https://cybernews.com/security/def-con-32-unfixable-bug/
Post-Defcon Talk:
IT Brief Asia: https://itbrief.asia/story/squarex-exposes-swg-flaws-at-def-con-urges-browser-security
3.? Compilation of DEF CON mainstage talk:?https://vimeo.com/999363679
4. Data?Sheet:?https://sqrx.com/resources/SquareX-Enterprise-Datasheet.pdf
5. DEF CON?32' Talk Abstract:?https://defcon.org/html/defcon-32/dc-32-speakers.html#54470
6.? Website:?https://sqrx.com/lastmilereassemblyattacks
Digital Marketer | Cyber Security Practitioner (Ce-CSP) |?CISMP |?ISO 27001 |?ITF+ | CCSK
1 个月Thank you for sharing your insights on such an important topic. ??
20 years IT Experience | Sr. Security Administrator | Security | Offensive | Defensive | Linux enthusiast
1 个月This post serves as a crucial reminder that while traditional security measures are essential, they are not infallible. Great article Mike Miller, very insightful! Keep it up buddy!!!
Cyber Security Analyst at CyberNow Labs | CompTIA Security+ | Security Operations Center | Risk Management
1 个月That's for this review. Hard to believe that we developed computers to help make things work better, and yet these systems are so vulnerable.
Helping SMEs automate and scale their operations with seamless tools, while sharing my journey in system automation and entrepreneurship
1 个月Cybersecurity is constantly evolving. Professionals must stay updated on threats and technologies to strengthen defenses. Continuous education and collaboration are essential for resilience against cyber threats. ??