This is Susan Bradley for CSO Online. Are you still using Internet Explorer inside your office for your business browser. For those of you running Windows 7 I’ll have you take a look at a certain beta that’s coming out. Microsoft Edge is now going to be based on the chromium engine not the Spartan engine. Because of that it will be more compatible with Web sites that you use right now. In addition it’s anticipated than any extensions that you currently use on Chrome will be compatible with the Edge browser. Attackers often use the browser to enter systems by using drive by compromise where somebody in your office goes on a Web site and a banner ad or something drops an attack onto your systems. Typically they just happened to go to a website that has malicious code. There’s a script that automatically executes and then if they find a vulnerable system or a file on your system they’ll attack the operating system. If the exploitation is successful it sometimes will give the adversary full rights your system. Often a drive by compromise is blended with other attacks to raise rights on the system. So for example if the user is running with non admin rights a blended attack will use both the drive by compromise and some other exploit in order to raise rights on the system. So how do we keep ourselves safe from these attacks? Obviously we want to make sure we have a very secure browser and we want to keep it up to date. Internet Explorer and Windows 7 is not that browser. But let’s take a look at Edge on Chrome. As you can see from the site not only is going to be available for Windows 10 it’s also going to be available for older systems as well. For those of you in enterprise that will have the extended security patches for Windows 7. Edge will be available to download on these systems. For those of you in enterprises that use group policy you’ll note that the policy file will be able to be used with this edge based on the chrome engine. This is not a complete list at this time but here’s some of the features and things you can control the group policy with the upcoming Edge browser. One specific control actually allows you to control the extensions. This can be a key feature to keeping your network and your users safe. The chrome extension ecosystem isn’t exactly the most secure in the world. About 50 percent of all chrome based extensions have fewer than 16 installs. The ecosystem of chrome extensions isn’t as robust as it could be. That’s why as a network administrator you want to make sure that you choose which ones are appropriate in your firm and only allow those. And this setting can be done either group policy, via a Windows registry setting and later on will also be included in intune and mobile device management. So I recommend now for you to download and take a look at the edge beta. And also take a look at the Chrome extension ecosystem and decide ahead of time which chrome extensions you allow inside your firm. Taking a little bit of time now to understand and determine which browser extensions are allowed and not allowed will help and go a long way to keep your network safe and secure. Until next time. This is Susan Bradley for CSO Online. And remember to sign up for the tech talk from IDG on the new YouTube channel. Protect news of the day. See you next time.
READ MORE HERE