SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Phishing
#
Advanced Persistent Threat Protection
#
Email Security

Exclusive: SquareX aims to redefine cybersecurity with browser security

Today
Author image
By Melania Watson, Interview Editor

The rise of remote work and increased dependence on web applications have exposed a major security gap - browser-based threats.

While organisations have invested in endpoint detection and response (EDR) solutions and secure web gateways, the browser itself remains a weak link.

SquareX, a cybersecurity firm incorporated in 2023, is addressing this issue head-on.

Dakshitaa Babu, the company's Product Evangelist and Security Researcher, explained to TechDay that SquareX is providing the world's very first browser detection and response solution.

"The best way to think about it is like an EDR for the browser," she said.

"We detect web attacks happening in real-time and mitigate them within the browser before they can expose users to threats."

A refreshing approach to security

Founded by cybersecurity veteran Vivek Ramachandran, SquareX identified a glaring vulnerability in the browser space.

Babu noted that while organisations were heavily investing in security solutions, breaches were still occurring.

"They have proper secure web gateways, paying thousands or even hundreds of thousands on security, yet they still get compromised. The reason? They have no visibility into what's happening inside the browser."

And, according to Babu, the shift in work environments post-COVID has "exacerbated the problem."

"The way we work has changed. Employees are using unmanaged devices, logging into applications via browsers, and using single sign-on systems," she explained.

"Ninety percent of the attacks we see today are initiated through the browser."

The evolution of cyber threats

The landscape of cyber threats has changed significantly in recent years.

In the early days, file-based attacks - where malicious macro files were sent via email - were very common.

However, SquareX has observed a shift towards identity-based attacks and threats exploiting browser extensions.

"A recent attack involved malicious extensions logging users into third-party applications without their consent," Babu explained.

"Extensions can click buttons on a page and grant access to attackers without the user's knowledge."

With attackers constantly refining their techniques, SquareX's research team is focused on staying ahead.

"We simulate attacks before they even exist in the wild," she said.

"Sometimes these attacks don't even exist yet, but we create proof-of-concepts based on how we think attackers will operate."

Security research and innovation

Security research is at the heart of SquareX's approach. The company recently introduced an industry-first dynamic analysis engine for browser extensions, designed to detect malicious behaviour before it can compromise users.

"There is currently no industry standard for detecting malicious extensions," Babu said.

"Because of the way extensions are architected, it's difficult to see what they are doing. Our dynamic analysis engine is designed to fill that gap."

SquareX has also been publishing extensive research on threats like Browser Syncjacking, a new attack vector targeting synchronised browser sessions. "We take pride in our ability to detect new attack methods before they become widespread," Babu added.

Customer adoption and challenges

While SquareX's technology has been met with enthusiasm from cybersecurity professionals, adoption has presented some challenges.

"The biggest barrier isn't the technology - it's the budget allocation," Babu noted. "Browser security isn't yet a defined budget category for most enterprises."

Despite this, customer feedback has been overwhelmingly positive.

"When people see our demos, they love it. Their jaws drop," she said. "The problem is finding where to fit browser security into their existing cybersecurity framework."

SquareX versus enterprise browsers

One of the biggest misconceptions in the industry is that enterprise browsers provide the same level of security as SquareX's BDR solution. However, the two serve different functions.

"Enterprise browsers are designed for access control - they help companies manage which teams can access certain websites," Babu explained. "But they don't protect users from web-based attacks. Our solution focuses entirely on stopping web threats."

Another key difference is user adoption. "Enterprise browsers require users to switch to a new browser, which can be disruptive," she said. "SquareX works as an extension on whatever browser the user is already using."

Real-world security insights

One of the key benefits of SquareX is the visibility it provides to enterprises. By monitoring user behaviour, the company has uncovered alarming trends.

"We saw multiple employees clicking on ads that led them to phishing websites," Babu said.

"Enterprises used this insight to roll out company-wide ad blockers."

Other findings included employees installing extensions with excessive permissions. "We found cases where extensions had full access to screen recording or cookies," she said.

"That means they could see everything the user was doing and even hijack sessions."

Future outlook and industry recognition

Since its inception, SquareX has experienced rapid growth. Initially stress-testing its technology with a large pool of consumers, the company refined the product to fit the enterprise market.
"We know that attackers target enterprises through the browser and our solution would have a huge impact in the industry," Babu said.

"Securing employees' credentials and preventing data leaks is critical."

Looking ahead, the company is waiting for official industry recognition of browser detection and response as a solution category.

"We're just waiting for industry leaders to formally define browser security, browser detection and response, and acknowledge that SquareX was the first to introduce this concept," she said.

For SquareX, the mission remains clear: stay ahead of attackers and redefine cybersecurity for the modern web.

"We want to be the industry leader in browser security," Babu said.

Related stories
F5 unveils new platform to tackle AI-driven complexities
Falcon Cloud Security now supports Oracle Cloud users
Zscaler launches asset exposure tool to tackle cyber risks
Cyber report warns of AI-driven threats & quicker attacks
Trend Micro unveils AI model for proactive threat prevention
Top stories
Exclusive: How Babeltext is transforming voter engagement in Australia
CrowdStrike enhances identity security for hybrid clouds
Trustwave highlights cybersecurity risks in manufacturing
DDoS attacks surge by 550% in 2024 due to AI & tensions
BeyondTrust unveils AI-driven Pathfinder identity platform