11-15
SquareX Exposes Failures of Secure Web Gateways at DEF CON 32, Releases Framework for Enterprise Testing
SINGAPORE,Aug. 21,2024 -- SquareX delivered a groundbreaking presentation at DEF CON 32,univocally proving that Secure Web Gateways (SWGs) are broken beyond repair. Presented by SquareX founder Vivek Ramachandranand the research team,the talk exposed over 30 bypass techniques that highlight core architectural vulnerabilities in SWGs,challenging the effectiveness and relevance of a technology that has been trusted for over two decades.
To demonstrate the ease with which SWGs can be bypassed,SquareX introduced browser.security,a website designed to allow anyone—including SWG vendors—to test their products. The framework's release has already garnered much attention,with thousands of requests logged through SWG solutions from top SASE/SSE vendors,potentially indicating that both customers and vendors are scrutinizing their products for vulnerabilities.
Audience reactions to the talk were overwhelmingly positive. One attendee,representing a security team,commented,"We are very surprised to see how easy it is to deliver malware to the endpoints by bypassing SWGs." Another added,"It's surprising that SWG vendors have not acknowledged these issues in their public documentation."
Many are unaware of how much browsers have evolved into complex systems that resemble standalone operating systems. SWGs are becoming obsolete in monitoring and securing the browser. These revelations sparked widespread discussion on social media and across industry platforms,highlighting the need for a new approach to web security. A CISO from a Fortune 500 enterprise commented on one of the threads,stating,"It's evident that the only way to protect users is to build security solutions natively within the browser."
Vivek Ramachandran,Founder & CEO of SquareX,emphasized this point,"Attackers are targeting employees of organizations while they are online,and the old guard SWGs are failing to detect and block new-age client-side web threats due to their antiquated architecture. In our view,the only way to detect and block these complex attacks is to have access to DOM changes,browser events,user interactivity etc.,as input to detection algorithms,and the only way to do this is to have a browser-native product. This is exactly what SquareX is building."
SquareX invites enterprises concerned about the security of their SWG solutions to engage with the company directly. For more information or to request an assessment,visit sqrx.comor contact SquareX at founder@sqrx.com.
About SquareX: