Latest news with #OrEshed
Techday NZ
5 days ago
- Business
- Techday NZ
ExtensionPedia launches with risk scores for 200K browser add-ons
LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions. The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions. Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI. One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations. Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures. Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft." He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves." ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers. Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors. Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity. Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation. ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.
Forbes
28-04-2025
- Business
- Forbes
Rethinking Enterprise Security For The Browser-Centric Workplace
The growing role of the browser in enterprise workflows is reshaping cybersecurity priorities. The browser has quietly ascended to become the enterprise's most critical—and most vulnerable—point of exposure thanks to hybrid work, SaaS-driven operations, and everyday AI adoption. While security teams have long focused on networks, endpoints, and identities, the digital workplace has migrated to the browser itself, creating an expansive blind spot that traditional defenses were never designed to see, let alone secure. As organizations embraces flexibility and cloud-native workflows, the browser now governs access to sensitive data, manages interactions with GenAI tools, and mediates connections to countless sanctioned and unsanctioned SaaS applications. The stakes have never been higher, and yet browser-layer security remains an often-overlooked frontier. Sensitive data now routinely traverses browser sessions. Unauthorized apps—so-called "shadow SaaS"—are adopted by employees without security oversight. Identity credentials flow through browser tabs where malicious extensions, session hijacking, or phishing attacks can exploit them. According to Forrester Research, over 80% of employees now perform all or most of their work within a browser, reinforcing the idea that the browser is no longer peripheral—it's foundational. Or Eshed, co-founder and CEO of LayerX, explains, 'The browser is the nerve center of the modern workplace. However, traditional security solutions—such as endpoint protection, DLP, and SASE/SSE—do not provide adequate protection for the browser and the data that goes through it.' Despite this evolution, many enterprises still rely heavily on network-centric defenses like Secure Service Edge, which often lack visibility into encrypted browser sessions or the nuances of in-browser activity. This gap leaves organizations exposed to a new generation of threats. Securing browser activity presents a delicate balancing act. Organizations cannot simply lock down browser functionality without risking significant disruption to productivity and user experience. Replacing standard browsers with secure enterprise versions is one approach, but it often encounters fierce resistance from users unwilling to abandon familiar workflows. Meanwhile, network- and endpoint-based controls struggle to observe or govern the real-time user behavior inside browser sessions. Part of the challenge lies in the browser's unique position at the intersection of network security, endpoint security, identity management, and data protection. Traditional tools address parts of the problem but often fail to provide a cohesive, real-time defense at the browser layer itself. Eshed notes that the risk is not just from external attacks but also from user behavior. 'If you're under attack by an external attack vector, then where users spend most of their day is where that attack is most likely to happen. And if your primary concern is from user error, the browser is where that user error is most likely to occur.' Recognizing the browser's rising strategic importance, cybersecurity innovators are exploring multiple paths to mitigate the risk. Secure enterprise browsers aim to reimagine the browsing experience from the ground up, embedding governance and security controls into purpose-built platforms. However, these solutions often face adoption hurdles due to their disruption of familiar user workflows. A parallel movement focuses on integrating security natively into existing browsers through lightweight, enterprise-grade extensions. These approaches aim to deliver real-time visibility, control sensitive data flows, prevent malicious activities, and govern GenAI tool usage—all while maintaining a frictionless user experience. The growing interest in browser-native security reflects a broader trend: protecting the browser is a necessity for organizations operating in a perimeter-less, SaaS-first world. The strategic importance of browser security is increasingly visible in market dynamics. LayerX Security just announced an $11 million extension to its Series A funding round, led by Jump Capital, with continued participation from initial backers Glilot Capital Partners and Dell Technologies Capital, bringing its total raise to $45 million. While LayerX is one example, the funding reflects a wider acknowledgment from investors that browser security is emerging as a distinct and necessary pillar within enterprise security architectures. Enterprise adoption patterns reinforce this momentum. Organizations across industries are seeking solutions that provide real-time monitoring, control over data use in SaaS apps and GenAI tools, and protection against browser-based threats—without forcing users to abandon their preferred browsers or workflows. For CISOs and security architects, addressing browser-layer risk requires a fundamental rethink. Evaluating solutions means focusing on critical attributes: Security leaders must also be mindful not to replicate past mistakes—overcomplicating architectures or degrading the user experience in the name of protection. The most effective browser security solutions will be those that empower security teams while preserving the fluid, familiar workflows users expect. The browser is no longer just a portal to the web—it is the new perimeter of the enterprise. As SaaS and GenAI adoption accelerates, organizations must extend their security strategies to fully encompass the browser environment where today's work actually happens. Browser security is evolving from an overlooked necessity into a foundational pillar of enterprise security, alongside endpoint, network, and identity protections. Those who recognize and act on this shift early will be better equipped to navigate an increasingly complex and dynamic threat landscape—safeguarding users, data, and operations in the process.
