A decade ago, I naively sought to simplify my whole environment. I would deploy and manage just a single browser. Originally, I tried this with Internet Explorer – later with Chrome. Both had a fairly rich set of management features and could be tweaked to make problematic websites work with them.
I never quite got down to a single browser environment and I doubt I ever will. We would have some critical website that was only supported with another browser. We would have exceptions and then exceptions to those exceptions. Both Google and Microsoft acknowledge this reality with their Legacy Browser and Enterprise Site list tools.
When it comes to managing (and securing) your browsers, you have two paths. You can try and use the vendor supplied tools. A lot of your work will be duplicated as you manage three or four browsers separately. You won’t have access to any real reporting.
Or you can use ManageEngine’s Browser Security Plus to achieve all of this centrally. In this review, we will look at the compliance, policy settings, and additional features that Browser Security Plus brings to your environment.
What is Browser Security Plus?
Browser Security Plus is an on-premise solution that utilizes a client agent to report on, enforce, and enhance the security of the four most popular web browsers (Google Chrome, Microsoft Edge and Internet Explorer, and Mozilla Firefox).
It is designed only for Windows. The agent, deployable through SCCM or Group Policy, regularly reviews browser configurations and reports on the status for each user. Because the agent sits at the system level, you don’t have to mess around with specific user settings. I always hated how a certain setting would only be available for users in Group Policy.
Compliance and Review
Because the Browser Security Plus agent is always running, it is able to gather and report on the configuration and compliance for each user on a machine. This data is quickly summarized on the Home Screen as a series of dashboards.
Data, such as Default Browser Distribution and Recently Accessed Plugins, allow you to see how your users actually work. You might find out that a managed browser could be removed because few users use it or that a deployed plugin is never accessed.
Detailed and customized reporting can be found in the Compliance section. Example reports include machines at risk for phishing, machines with malicious plugins, and machines with exposed cloud services. All reports can be filtered by the computers affected or by the specific configurations that are missing.
Enforcement and Enhancement
All of the data in the world is useless if you can’t act on it. The Manage, Policies, and Insights sections allow you to deploy your configurations and to see how your environment stacks up.
Computers will appear in the Manage tab as you install or deploy the agent. From here, you can group devices together to make configuration a bit easier. In the future, it would be great to see some groups be created automatically – either through a sync to Active Directory or by looking at attributes of clients.
Policies is where you will find the meat of this product – 9 different categories to beef up the security of your browsers[note]See what I did there?[/note]
For example, the Browser Router tool functions like the Google’s Legacy Browser Extension or Microsoft’s Enterprise Sites List. Unlike those previous tools, you only need to do your configuration once for it to apply across your browsers.
Threat Prevention and Data Leakage Prevention allow you to set the traditional “Group Policy” security settings for your browsers without having to reference settings across multiple browsers. If you wanted, you could even replace the generic Group Policy settings (such as homepage settings) with the Browser Customization node.
URL and download restrictions provide additional layers of security for your environment, especially on shared computers. With URL restrictions, you can blacklist or whitelist specific sites. Whitelisting allow you to lock down the browser to just a few approved sites and is useful for kiosk locations. I can see it also being useful in an education environment – especially in lower grades.
Speaking of that, one of the more powerful features of Browser Security Plus is the extension reporting and control tool. If you are coming from a wild west type of environment – where users can install any extension that they find, this tool will allow you to see what is installed and what users are using it. From here, you can see what is updated, malicious, or widespread. That data allows you to then build custom allow list for your environment that prevent problematic plug-ins from being installed.
Finally, I want to highlight the Insights tab. I am a huge fan of security scores as a way to rank and prioritize work. With Insights, I can see a security score breakdown by browser or components. I can then focus on the most pressing issues (such as machines with an outdated browser or a malicious add-on that is spreading around).
Make Browser Security a Bit Simpler
There is no magic bullet to security and no automatic way to secure the most public facing application that your users interact with. The standard way of securing browsers is not effective in a multi-browser environment. Lack of data and no standardization mean that you do not know where you stand or where you need to go.
ManageEngine’s Browser Security Plus solves those problems and can make multi-browser environments easier to secure! If you are interested in demoing Browser Security Plus, you can do so here.