SquareX Exposes Failures of Secure Web Gateways at DEFCON - How Secure are Yours?

SquareX Exposes Failures of Secure Web Gateways at DEFCON - How Secure are Yours?

The browser is now the most used tool for productivity.? It is also one of the most vulnerable.

Vivek Ramachandran , founder and CEO of SquareX spoke about a new class of attacks called Last Mile Reassembly Attacks that happen within the browser.? Without getting technical, these attacks have the ability to bypass Secure Web Gateways which many enterprises use today.

This was one of the topics Vivek spoke about on the main stage at Defcon on August 9th.? Vivek has been a major asset to the Cyber Security community for years which has included founding several firms as well as being a well known published author in this industry.

Vivek’s talk was a bit of a game changer as it continually proves that SWGs aren’t always the silver bullet they are thought to be.? He and his team have worked extremely hard to develop a product that eliminates browser security risk, one use case at a time.? Here are the use cases:

  • Malicious / Suspicious Websites
  • Malicious / Suspicious Files
  • Web & GenAI DLP
  • File DLP
  • Clipboard DLP
  • Malicious Browser Extensions
  • Identity Attacks
  • Malicious QR Codes
  • Last Mile Reassembly Attacks
  • Web-AV
  • Malware Sandbox
  • Browser Isolation
  • File Isolation: Cloud Based
  • File Isolation: Office-365 Based
  • Content Disarm & Reconstruction

To prove the current weaknesses, the team created a framework/toolkit called browser.security , where any organization can test their SWGs capability.

85% of professionals use the browser more than any other application where organizations use their typical Endpoint Security Solutions and Secure Web Gateways.

Most vendors claim they prevent most known malware and viruses embedded in websites, however as demonstrated by Vivek, they are not able to do so.

By digging into the research that Vivek and his team has done, it has really opened my eyes to just how vulnerable our systems still are.? SquareX’s solution is a great solution to protect browsers from what SWGs are not able to.

References:

2. Press Release Coverage: Pre-Defcon Talk:

a)TheRegister:?https://www.theregister.com/2024/08/09/secure_web_gateways_are_anything/

b) CyberNews:?https://cybernews.com/security/def-con-32-unfixable-bug/

Post-Defcon Talk:

Yahoo:? https://finance.yahoo.com/news/squarex-exposes-failures-secure-gateways-150000133.html

IT Brief Asia: https://itbrief.asia/story/squarex-exposes-swg-flaws-at-def-con-urges-browser-security

3.? Compilation of DEF CON mainstage talk:?https://vimeo.com/999363679

4. Data?Sheet:?https://sqrx.com/resources/SquareX-Enterprise-Datasheet.pdf

5. DEF CON?32' Talk Abstract:?https://defcon.org/html/defcon-32/dc-32-speakers.html#54470

6.? Website:?https://sqrx.com/lastmilereassemblyattacks

7. Browser.Security :?https://browser.security/

SquareX

Carlos Cabezas Lopez

Digital Marketer | Cyber Security Practitioner (Ce-CSP) |?CISMP |?ISO 27001 |?ITF+ | CCSK

1 个月

Thank you for sharing your insights on such an important topic. ??

回复
Peter Shultz

20 years IT Experience | Sr. Security Administrator | Security | Offensive | Defensive | Linux enthusiast

1 个月

This post serves as a crucial reminder that while traditional security measures are essential, they are not infallible. Great article Mike Miller, very insightful! Keep it up buddy!!!

Ronald S.

Cyber Security Analyst at CyberNow Labs | CompTIA Security+ | Security Operations Center | Risk Management

1 个月

That's for this review. Hard to believe that we developed computers to help make things work better, and yet these systems are so vulnerable.

回复
Peter E.

Helping SMEs automate and scale their operations with seamless tools, while sharing my journey in system automation and entrepreneurship

1 个月

Cybersecurity is constantly evolving. Professionals must stay updated on threats and technologies to strengthen defenses. Continuous education and collaboration are essential for resilience against cyber threats. ??

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了