Tekspace ranks browser security vendors as market matures

Tekspace Cyber Lab has published a research report ranking 13 browser security vendors. It found that only two reached what it describes as comprehensive maturity.

The report places suppliers on what Tekspace calls a Cyber Continuum after analysing more than 400 vendor features and narrowing them to 40 measurable criteria. It examines three main product approaches in the market: browser extensions, enterprise browsers and cloud-hosted isolation platforms.

Browser security has become a more prominent part of cyber defence as business software, identity systems, file-sharing tools and generative AI services have moved into the web session. The report argues this has created gaps for organisations that still rely mainly on endpoint and network controls.

Its findings suggest an uneven market, with the largest group of vendors in the lower tiers. These products offer core functions but fall short of broader oversight for browser-based work.

The focused tier includes ManageEngine, Check Point Harmony and SquareX. The broad tier includes LayerX, Apozy, Conceal, Acium, Red Access and KeepAware. The comprehensive tier includes Push Security, Seraphic, Menlo Security and DefensX, although only two of the 13 assessed vendors reached comprehensive maturity.

Threat picture

The research links its ranking exercise to wider trends in identity-led attacks and browser-based risk. Among the figures highlighted, 75% of initial access attempts in 2024 arrived malware-free, while 46% of compromised corporate logins came from unmanaged devices.

It also points to the growing use of generative AI outside formal controls. More than half of current GenAI use is shadow AI, taking place in browser tabs on unmanaged accounts and outside company policy.

Another figure cited is an estimate of 25 million live Australian access session tokens for sale on dark web marketplaces. These tokens can allow access through an already authenticated session without triggering multi-factor authentication checks.

The report also links browser risk to major incidents in Australia, saying 42% of the country's most serious cyber incidents involved compromised accounts or credentials.

Visibility debate

Alongside detection and control, the report gives weight to questions of staff monitoring. Browser security platforms can capture what workers type into AI tools, which files they upload and the sites they visit, creating a governance issue as well as a security one.

Its assessment scores vendors on controls that govern how much an organisation chooses to see. These measures include anonymisation options, whether data capture is enabled by default, configurable visibility settings and audit trails for administrator activity.

That focus reflects a wider debate in workplace technology over how to secure browser activity without expanding surveillance beyond what employers consider proportionate. For buyers, the architectural choice is not only about product coverage but also where inspection happens and how much information is retained.

Frank De Pasquale, Chief Executive Officer at Tekspace, said the browser now sits at the centre of how many organisations work and verify what staff are doing online.

"Browser security is the most personal layer in the cyber stack. Work has decentralised, the browser has absorbed almost every workflow that used to be visible, and leaders can no longer walk the floor and see what is happening. Verification has become technical because it can no longer be physical."

Buyer choices

The study is Tekspace Cyber Lab's second market analysis, following an earlier report on email security. This time, it focuses on helping IT and product teams assess the trade-offs between different technical approaches rather than choose a vendor from a simple league table.

Browser extensions are one of the main delivery models in the market, offering controls inside existing browsers. Enterprise browsers take a different route by replacing the browser itself with a managed alternative. Cloud-hosted isolation platforms separate the user from the web session by executing browsing activity elsewhere.

These design choices can affect deployment, user experience, compatibility and the depth of inspection available to security teams. They also shape whether products are better suited to managed devices, third-party access, contractors or hybrid workforces moving between personal and corporate hardware.

The report's central conclusion is that the browser has become the main work surface for many Australian organisations, while much of the market remains below the top tier of maturity. Of the 13 vendors assessed, only two reached comprehensive maturity.