Browsers have become an endpoint, and have also become an attack vector and target for attackers. The problem is that your EDR isn't keeping up. In this conversation with Vivek Ramachandran, founder and CEO of SquareX, we dive deep into the emerging world of Browser Detection and Response (BDR) and why it matters for modern security teams.

Drawing from his 24 years in cybersecurity, Ramachandran explains why traditional security approaches are failing to protect the browser. The browser has effectively become an application platform rather than just a simple web viewer, so it is important to protect it. "EDRs currently have zero visibility into the browser," Ramachandran notes. "They primarily look at file and process, but by looking at a browser's memory, it's almost impossible to reconstruct what is happening at the application layer."

This blind spot creates vulnerabilities as organizations move to cloud-native operations, Ramachandran says. While SASE and SSE solutions claim to secure browser traffic, they introduce latency and are easily circumvented by modern attack techniques like "last mile reassembly," where attackers create malicious files entirely client-side, invisible to cloud inspection.

According to Ramachandran, Squarex takes a different approach from "enterprise browsers" that create user friction. Instead, BDR works with existing browsers through extensions, using WebAssembly to run detection algorithms at near-native speeds within the browser context. This provides complete visibility into attack chains and protects corporate identities, one of the primary targets nowadays.

Whether browser security emerges as a standalone category or becomes integrated into existing security tools, remains to be seen. Ramachandran is adamant that browsers represent an under-protected attack surface that needs immediate attention. Listen now to learn more about how "shifting up, not left" is necessary according to him and SquareX.