The once-overlooked ‘stepchild’ in security strategies is the modern attacker’s go-to battleground; it’s time we give the browser the security it deserves.

‍

Your browser presents unique risks that are unlike any other business-essential application. This client application is ubiquitous; inherent functionalities force it to run arbitrary code; and, it provides anyone on the web with a direct interface to a user. With these characteristics, bad actors recognize the value of bringing unsuspecting victims into this flexible, unmanaged application. Your browser is no longer just a window to the internet—it’s a full-blown battleground.

In order to stay abreast of the constant barrage of threats encountered via the browser, the Keep Aware research function has abstracted attacker procedures into higher-level classifications—Tactics and Techniques. Our attacker research aligns with the structure of MITRE’s ATT&CK framework—but in the browser context.

‍

‍

Though this matrix is still maturing, its introductory release marks a new day in the Browser Detection and Response (BDR) landscape. Mapping browser-based attacks means understanding these threats more rapidly, communicating attacks more effectively, and tackling security gaps more strategically.

‍

For a more in-depth look at different Tactics, download the full report here.

‍