How to Avoid Bad Things Happening to Good Browsers

This blog post is a recap from GovLoop’s Government Cybersecurity Virtual Summit. To see more blog posts about the summit, click here.

In today’s day and age, the internet is a critical aspect of any organization’s success. It is full of useful data and information that allow users to effectively support their agency’s mission. However, the internet is also a haven for malicious content and malware. Nefarious cyberattackers spend their days targeting agency employees’ web browsing habits and using them as a vulnerability that can lead to compromised agency data.

Matt Porco, Lead Sales Engineer for Citrix Public Sector sat down with GovLoop to discuss how agencies can combat this threat. Throughout the discussion, he offered a solution that allows agencies to securely browse the internet and drive agency mission.

As you are browsing the internet at work or at home, you are constantly facing threats from nefarious actors. Some of these threats include ransomware, phishing attacks, browser and plugin vulnerabilities, data loss, proxies, and outdated browsers.

Three types of threats that are particularly concerning are man-in-the-middle attacks, browser compatibility issues, and socially engineered malware. “Man-in-the-middle attacks are simply a malicious user inserting themselves into the middle of someone who is browsing a website and the backend of that website,” Porco said. The man in the middle is essentially impersonating a trusted website to inject malware or collect information from the user.

Another common issue that agencies run into are issues around browser compatibility. “People try to make their sites as browser agnostic as possible but the reality is that some sites work better with different browsers,” Porco explained. This is a challenge for IT departments because they have to maintain multiple browsers and ensure security across all of them.

Socially engineered malware is a final big problem that agency employees face when browsing the internet. Today, only three percent of malware attacks are not based on social engineering. This means that 97 percent of malware attacks are perpetrated by nefarious actors who are tricking users into activating malware through misleading or false information, often disguised as well-known and trusted services. These are very difficult to protect against because there is no exploitation of a technical flaw.

Despite the plethora of threats agencies face on the internet, there are ways that government employees can browse the internet without compromising security. In particular, Citrix’s Secure Browser allows users to browse the internet without fear of compromising security or affecting the integrity of the agency network.

The solution works by redirecting how users browse the internet. “Traditionally individuals in agencies browse the internet directly. The model changes this by connecting them to a virtual browser session that then runs them to a secure browser environment that then gets routed out to browse the internet,” Porco said. The browser is not run locally but rather virtually.

The benefits of Citrix’s solution include sandboxing, lack of residual data, and compatibility. Sandboxing isolates the secure browsing environment from the internal network. “What happens in the secure browser stays in the secure browser,” Porco explained. “When there is secure malware present, the sandbox gives IT a lot of control over protecting the secure browsing and preventing and limiting data exchange.”

Another benefit of the Secure Browser is that there is no residual data left behind. After a user is done in the secure browsing environment, all the browsing data associated with the session is destroyed and wiped. This means that any malware that was inadvertently downloaded during the session is wiped and there is no chance that sensitive data can be left behind in cache history.

The secure browsing environment also eliminates compatibility issues. If there is a specific application that needs to use a specific browser, the Secure Browser environment seamlessly matches the best browser with each application. Porco explained, “you can run multiple browsers on multiple sessions, concurrently for the same user, using the best browser and version for each web application.” Ultimately, this alleviates the problem of old and unsupported browser use.

There is also flexibility in how your agency deploys the Secure Browser. The Citrix Cloud allows subscribers access to the umbrella cloud hosted by Citrix. “Basically, with the cloud service users get very easy and fast deployment,” Porco said. Additionally, it provides a simple wizard-based administration console, transparent and remote access, and per-user consumption licensing.

On the other hand, on-premises deployment allows users access to the Secure Browser solution when they can’t, or choose not to use the cloud. The on-premises deployment option provides a deployment tool-kit that leverages an on-premises XenApp environment, giving IT departments complete control over the environment. Additionally, the on-premises toolkit includes an easy step-by-step do it yourself guide to setting up the environment.

Looking forward, Porco is optimistic that more agencies will see the value in secure browsing. He concluded the conversation by saying, “I would encourage those who are not currently able to browse the internet on your workstations to talk to your security team because you might be able to enable that. And if you are currently able to browse you should look into secure browsing because you can reduce the risk you are putting your agency at.”

For more information on Citrix’s solutions and how you can secure browsers at your agency, check out Citrix’s recent white paper “Securing the Published Browser: Endpoint and Hosted Browser Security Guidance.” 

Did you enjoy GovLoop’s Government Cybersecurity Virtual Summit? Don’t miss our next virtual summit, all about government innovation, on May 10. Sign up here.

citrix-public-sector-logo-horiz

Leave a Comment

Leave a comment

Leave a Reply