CIO Influence
CIO Influence News IoT Security

SquareX Exposes Failures of Secure Web Gateways at DEF CON 32, Releases Framework for Enterprise Testing

SquareX Exposes Failures of Secure Web Gateways at DEF CON 32, Releases Framework for Enterprise Testing

SquareX Logo (PRNewsfoto/SquareX)

SquareX delivered a groundbreaking presentation at DEF CON 32, univocally proving that Secure Web Gateways (SWGs) are broken beyond repair. Presented by SquareX founder Vivek Ramachandran and the research team, the talk exposed over 30 bypass techniques that highlight core architectural vulnerabilities in SWGs, challenging the effectiveness and relevance of a technology that has been trusted for over two decades.

Also Read: CIO Influence Interview with Kendra DeKeyrel, Vice President of ESG and Asset Management at IBM

To demonstrate the ease with which SWGs can be bypassed, SquareX introduced browser.security, a website designed to allow anyone—including SWG vendors—to test their products. The framework’s release has already garnered much attention, with thousands of requests logged through SWG solutions from top SASE/SSE vendors, potentially indicating that both customers and vendors are scrutinizing their products for vulnerabilities.

Audience reactions to the talk were overwhelmingly positive. One attendee, representing a security team, commented, “We are very surprised to see how easy it is to deliver malware to the endpoints by bypassing SWGs.” Another added, “It’s surprising that SWG vendors have not acknowledged these issues in their public documentation.”

Many are unaware of how much browsers have evolved into complex systems that resemble standalone operating systems. SWGs are becoming obsolete in monitoring and securing the browser. These revelations sparked widespread discussion on social media and across industry platforms, highlighting the need for a new approach to web security. A CISO from a Fortune 500 enterprise commented on one of the threads, stating, “It’s evident that the only way to protect users is to build security solutions natively within the browser.”

Also Read: The Dynamic Duo: How CMOs and CIOs Are Shaping the Future of Business

Vivek Ramachandran, Founder & CEO of SquareX, emphasized this point, “Attackers are targeting employees of organizations while they are online, and the old guard SWGs are failing to detect and block new-age client-side web threats due to their antiquated architecture. In our view, the only way to detect and block these complex attacks is to have access to DOM changes, browser events, user interactivity etc., as input to detection algorithms, and the only way to do this is to have a browser-native product. This is exactly what SquareX is building.”

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Jitterbit Survey Reveals Low-Code Application Platforms Play an Important Role in Automation

GlobeNewswire

Tip Harnesses ADVA For Successful Trial Of End-to-end Open Optical Network

CIO Influence News Desk

AI Processor Chipmaker Deep Vision Raises $35 Million in Series B Funding

CIO Influence News Desk