RSA brings together so many great minds in the security industry. Whether it’s the solution providers continuing to support the ever changing risk landscape, the research community bringing new best practices to others in the field, or in-house security professionals expanding their knowledge to drive more secure experiences in their workforce, there is so much to catch up on when it comes to enterprise security. We are onsite showcasing our secure enterprise browsing solution, helping customers see how they can protect their corporate data in this quickly evolving AI era.
We are also highlighting some newer capabilities that continue to strengthen Chrome and the core, and bring even more protections to Chrome Enterprise. From ongoing hardening of our browser to stronger download controls, if you want to hear about new enhancements that will help protect your workforce, including BYOD users and contractors, read on.
1. Stopping Session Hijacking and Cookie Theft: Last year, Chrome introduced Device Bound Session Credentials (DBSC) representing a major leap forward in protecting user sessions from being compromised. By binding session cookies to a specific device, we effectively neutralize “session hijacking” attempts. Even if a sophisticated attacker manages to steal a user’s session cookies, those cookies become useless outside of the original, authenticated device, ensuring that your corporate accounts and data remain secure. This approach offers a critical foundation for browser hardening, helping all users but offering specific benefits to enterprises.
2. Protecting Data at Rest: Security doesn’t stop when a user closes their browser; it’s equally important to protect the data left behind. Our new browser cache encryption ensures that the cache stored on a device’s hard drive is fully encrypted. This means that in the event a laptop is lost or stolen, the cached data cannot be reconstructed or exploited by unauthorized parties, providing peace of mind for both the organization and its employees.
3. Neutralizing Infostealer Malware: The rise of “Infostealer” malware has made it more critical than ever to protect sensitive browser data from malicious applications. With App-bound encryption, we’ve introduced a powerful added defense that prevents unauthorized software from digging through your browser to extract passwords or credentials. By restricting access to browser data solely to the browser itself, we significantly reduce the risk of a successful malware-driven data breach.
4. Increasing Control Over Corporate Data Downloads: Maintaining a secure perimeter requires fine-grained control over how data moves across the cloud or web to local devices. We’ve introduced enhanced download controls that allow IT administrators to set more rigorous policies around where downloaded files are stored. IT and security teams can now set a rule to require Chrome downloads to be stored to Google Drive, and this capability is coming soon for Microsoft One Drive. These protections are especially vital for securing your workforce in a hybrid world, offering robust data loss prevention (DLP) for both managed devices and users on BYOD or contractor hardware.
