Interview: ManageEngine’s Raj Sabhlok on Browser Security

Raj Sabhlok is the president of IT management software provider, ManageEngine. The vendor has recently released Browser Security Plus in response to an increasing number of cyber attacks targeting browsers. With eight years of experience at ManageEngine, Sabhlok was able to provide insight into how businesses and users can best protect browsers, as well as other endpoints.

With 23.47% of exploit attacks targeting browsers, what can organizations do to best protect this endpoint?

With organizations predominantly working in the cloud, browsers have become the conduit to access business data and an integral part of most organizations. Hence, browsers need to be managed and secured along with the other endpoints in order to prevent any web-based threats.

IT teams need to implement the following practices across their organizations to ensure security across their networks:

1. Obtain visibility into the different browsers and add-ons used across the network.
2. Enforce security policies to keep browser configurations in place and prevent web-based attacks.
3. Provide access to only trusted sites and blacklist untrusted sites and add-ons across the network.
4. Ensure compliance with enforced policies and configurations, as well as standards like STIG and CIS.

Have you noticed any other endpoints emerging as popular targets?

A few years ago, we saw browsers evolving and being actively adopted in organizations. With the widespread enthusiasm browsers were receiving, we knew they would have as many challenges as its benefits. We started exploring the various avenues of challenges associated with browsers. This has brought us to the invention of Browser Security Plus. Similarly, IOT devices are now on the rise. We are sure they would have as many challenges as the browser now does. We have yet to explore their demerits.

How can organizations stay ahead of the growing complexity of cyber-attacks?

Organizations need to have a fortifying layer of security, protecting all their endpoints from mobile devices and desktops to native applications. The latest addition to the lot, browsers need to be given the same amount of importance, managing and securing them to prevent any web-based threats. ManageEngine offers the end-to-end protection for all these endpoints: Desktop Central for desktops and laptops, Mobile Device Manager Plus for mobile phones and tablets, Patch Manager Plus for native applications and now Browser Security Plus for Browsers.

How do you think attacks on endpoints will evolve in the future?

Every day, organizations face new attacks and new breeds of malware. Currently, malware enters into the endpoints’ hardware through infected .exe files, .msi files, or even malicious documents. However, organizations will face a time when malware does not need to reach the hardware to wreak havoc. Simply by persisting in the memory, it can steal data or download a more persistent malware. For example, malicious code could be embedded in an image and viewing the image in a browser could lead to the introduction of malware.