The common denominator of advanced attacks revolves around ever more difficult detection. Although Endpoint Detection & Response (EDR) and Security Service Edge (SSE) can pick up multiple signals, the browser remains a blind spot. Zscaler has also come to this conclusion and has acquired SquareX to keep an eye on browser usage via a lightweight extension.
In doing so, Zscaler is following the same philosophy as CrowdStrike: acquire a promising Browser Detection & Response (BDR) player to expand its own portfolio. Whereas CrowdStrike opted for Seraphic, Zscaler has acquired SquareX. As is often the case, this shows that security products rarely claim their own category, but are instead integrated into existing platforms. Look at previous paradigms surrounding end-user security solutions and one will see this pattern repeating itself.
From kernel to clicks
Zscaler CEO and founder Jay Chaudhry explains that organizations have long relied on VPNs and virtual desktops to keep their staff safe. The idea is that these external environments provide an extra line of defense against malicious actors. This assumption has since been debunked: these environments are not inherently secure. At the very least, an extra layer is needed, which is conspicuously absent in modern cyberattacks. The browser, long seen as a simple portal, has all kinds of bugs and architectural pitfalls that give malicious actors far too much room to maneuver. Think of the allocated memory and network packets that EDR and SSE solutions such as those from CrowdStrike and Zscaler primarily view externally.
Another assumption is that these solutions are already so deeply embedded in an endpoint that they theoretically cover all applications. Suspicious patterns, wherever they come from, would provide enough data points for detection thanks to the deep insight into the OS and files. Before companies such as Zscaler or CrowdStrike made their respective acquisitions, they may have suggested choosing an enterprise browser that further covers any risks. We no longer have to guess at that position. Chaudhry emphasizes that Zscaler can protect users of common browsers such as Chrome or Edge thanks to the SquareX addition.
Not a point solution
Through these acquisitions, EDR and SSE increasingly include BDR, with visibility into the runtimes, scripts, and functions that exploit browser-based attacks. We discussed this at length with SquareX CEO and founder Vivek Ramachandran in the middle of last year. An important point made by Ramachandran was that attackers often only assemble their payload in the ‘last mile’ on the end user’s device, using components that individually appear to be ordinary, trusted browser traffic. This client-side protection fits perfectly with the use case for an EDR product, even though the creators of BDR may have thought that their discipline was unique enough to remain outside the ever-expanding security platform of EDR players. This does not appear to be the case even for successful companies such as Seraphic and SquareX.