Browsing Security

Ep. 10 - The Data Beneath the Breach: Analyzing Francis Odum’s Latest Report

LayerX Security — Sun, 13 Jul 2025 05:09:23 -0700

In Episode 10, we take an in-depth look at the latest report from cybersecurity researcher Francis Odum, uncovering the key insights behind the numbers. We discuss:

How third-party and credential-based risks are evolving
What the report reveals about attacker tactics and system intrusion trends
The growing risk surface of browsers and unmanaged endpoints
What infosec leaders should take away—and act on—based on the data

This is a technical, first-person exploration of breach dynamics, informed by real-world telemetry and sharp analysis. If you’re a practitioner navigating complex environments, this episode is for you.

E9 - Inside the 2025 Verizon DBIR with Alex Pinto

LayerX Security — Thu, 19 Jun 2025 05:36:13 -0700

In this episode, we unpack the key insights from our recent LayerX webinar featuring Alex Pinto, lead author of the 2025 Verizon Data Breach Investigations Report (DBIR). Alongside Or Eshed, our CEO, we explore the changing risk landscape—from credential abuse and third-party risk to AI misuse and browser-native threats.

Key themes:

What the doubling of third-party breaches reveals about today’s interconnected environments
Why unmanaged devices and browser cookies still sabotage identity protection
The real AI risk: unsanctioned employee usage, not just attackers with LLMs
How the browser became ground zero for modern security battles

🎯 Want to go deeper? Watch the full webinar on demand:
👉 https://layerx.easywebinar.live/layerx-verizon-dbir

E8 - ExtensionPedia is Live!

LayerX Security — Wed, 11 Jun 2025 23:54:51 -0700

Are you aware of the hidden risks lurking in your organization’s browser extensions? Nearly every enterprise user has at least one extension installed—and over half of those extensions request powerful permissions that can expose cookies, passwords, and sensitive data. In this video, we introduce ExtensionPedia, LayerX’s free, publicly available Browser Extension Risk Database and Knowledge Center.

🔍 What You’ll Learn
• Why browser extensions are a growing attack vector for CISOs and InfoSec teams
• How ExtensionPedia aggregates risk scores for 200,000+ Chrome, Edge, and Firefox extensions
• The key permission scopes and reputation factors used to calculate each extension’s risk
• Practical steps to research any extension by name or ID before deployment
• How to leverage in-depth documentation, best practices, and threat advisories to safeguard your users

📈 Why It Matters
• 99% of enterprise employees have at least one browser extension installed
• Over 50% of those extensions request high-level permissions that can access critical data
• ExtensionPedia empowers security leaders to make data-driven decisions and eliminate blind spots at the browser level

🌐 Resources & Links
▶️ Read the official Dark Reading announcement:
https://www.darkreading.com/endpoint-security/layerx-launches-extensionpedia
▶️ Explore ExtensionPedia now:
https://layerxsecurity.com/extensions/
▶️ Learn more about LayerX Browser Security:
https://www.layerxsecurity.com

👍 Like, Comment & Subscribe
If this video helped you understand how to mitigate extension-based risks in your enterprise, please give it a thumbs up and leave a comment with your questions. Don’t forget to subscribe for more insights into browser security, SSE gaps, and next-generation enterprise protection.

#BrowserSecurity #ExtensionRisk #LayerX #ExtensionPedia #Cybersecurity #CISO #InfoSec #ThreatIntelligence

E7 - Where SSE Falls Short: A Deep Dive into Last-Mile Security Gaps

LayerX Security — Sun, 11 May 2025 02:05:11 -0700

🔍 Are SSEs Really Securing the Last Mile?
In this episode, we break down the hidden architectural gaps in Security Service Edge (SSE) platforms—specifically where they fall short in protecting the browser, where today’s real threats unfold.

📉 Despite vendor claims, SSEs are blind to:

Copy/paste data leakage
Malicious browser extensions
Shadow SaaS and GenAI misuse
Identity misuse and session hijacking

🛡️ We’ll walk through key use cases—like GenAI prompt monitoring, in-browser DLP, and zero-hour phishing—and explain why traditional network-layer tools just don’t cut it.

📌 Who should watch:
CISOs, security architects, and InfoSec leaders who are questioning the effectiveness of their SSE stack—or considering augmenting it.

📘 Based on the technical whitepaper: "Reevaluating SSEs: A Gap Analysis of Last-Mile Protection" by LayerX.
Download it here: [Insert link]

🔗 Want to see how browser-native security can close the gap? Learn more at: https://www.layerxsecurity.com

#SSE #Cybersecurity #DLP #BrowserSecurity #GenAI #InfoSec #LayerX

E6 - Browser extensions are everywhere - but are they safe for enterprise use?

LayerX Security — Mon, 05 May 2025 01:08:48 -0700

In this episode, we explore the hidden risks posed by one of the most overlooked elements of the modern enterprise tech stack: browser extensions.
In this episode we will unpack key insights from the newly released Enterprise Browser Extension Security Report 2025 - a data-driven look into how widely-used browser extensions are impacting enterprise security postures.

As the browser becomes the de facto interface for SaaS access, identity, and day-to-day productivity, extensions often slip under the radar of traditional security programs. But with capabilities like DOM access, clipboard monitoring, and cookie extraction, they’re increasingly being exploited as a backdoor into sensitive data and sessions.

Together, our AI hosts examine the anatomy of malicious extensions, the shortcomings of existing SSE and endpoint protection tools in detecting them, and what enterprises can do to regain visibility and control - especially in BYOD and hybrid environments.

Why are popular extensions like Grammarly or ad blockers being flagged by security researchers? What controls should security teams implement to protect against extension-based threats? Tune in to this episode for answers, insights, and actionable recommendations.

The Future of Browser Security: A Conversation with Cybersecurity Analyst Francis Odum

LayerX Security — Tue, 28 Jan 2025 02:17:48 -0800

In this episode, our guest Francis Odom, founder of Software Analyst Cyber Research, brings his wealth of expertise to the conversation.
With a following of over 60,000 cybersecurity and technology professionals, Francis specializes in emerging security markets, including identity, data, and AI security.
As organizations embrace digital transformation and AI adoption, the browser has become the critical interface for both productivity and security.

From accessing SaaS applications to interacting with AI tools like ChatGPT, the browser is now at the center of enterprise workflows. However, this shift also introduces significant risks—ranging from data leakage and malicious extensions to the secure use of generative AI.

Together with LayerX’s Head of Product Marketing, Eyal Arazi, Francis discusses how browser security is evolving to address the challenges of modern enterprises. They explore the role of browser security in mitigating GenAI risks, the limitations of traditional SASE and SSE solutions, and how enterprises can adopt a platform approach to streamline security while reducing complexity.
How can CISOs and security leaders navigate the intersection of browser edge and network security? Which use cases will define the future of browser security? Listen to this episode to find out.

Browser Edge vs. Network Edge

LayerX Security — Wed, 09 Aug 2023 08:53:58 -0700

As businesses continue their journey to SaaS adoption, the browser becomes the central location where work-related services are managed and operated. This means organizations now need to manage risk at the browser edge. Traditional network security controls are still important, but they are not flexible enough for securing the modern data and information flow on their own. Instead, the browser edge becomes the new central hub for policy enforcement and decision-making, providing relevant context and visibility.

Our guest, Steve Zalewski, was the CISO for Levi Strauss and has 25 years of security experience under his belt. He’s also an advisor for LayerX. In this new podcast episode, he embarks on a fascinating conversation with LayerX’s CEO, Or Eshed, about how CISOs, CSOs and security leaders can balance out browser edge and network edge security in their security strategies and stacks. They also discuss the importance of browser security for organizations that are not cloud-first.

How can CSOs prioritize their budget between network edge and browser edge security and which one of the three types of CISOs are you? Listen to this episode and find out.

Cyber Threats of ChatGPT and Generative AI

LayerX Security — Tue, 23 May 2023 08:03:43 -0700

Generative AI is introducing a new set of product development and data analytics opportunities that were previously inaccessible. Enterprises can leverage Generative AI across different lines of business to gain insights into human interactions and to identify anomalies, while also cutting costs. In cyber security, for example, Generative AI can be used to accelerate, scale and improve the work of SOC analysts. However, Generative AI also introduces data loss risks that require DLP, for example - developers pasting code into ChatGPT.

Our guest, James Azar, is the CTO and Head of Security for AP4 Group and the podcast host for CyberHub and CISO Talk podcasts. In this brand new episode, he talks with Or Eshed, CEO of LayerX, about ChatGPT and the opportunities and cybersecurity risks of all Generative AI platforms. They also share thoughts about CISO security strategies and discuss which promises CISOs should never believe.

Can you really trust the Generative AI creators? Listen to this episode and find out.

How to Turn the Browser Into a Zero Trust Security Control

LayerX Security — Mon, 17 Apr 2023 06:59:11 -0700

The browser has become the primary work interface. It acts as the workload, the data, and as a representation of the device. As such, implementing the most advanced security frameworks on the browser is essential for ensuring protection of organizational data and systems. And one of the most modern security frameworks, which is becoming increasingly widely-accepted by CISOs and organizations, is Zero Trust. Our guest, Ira Winkler, is a cybersecurity expert and award-winning CISO who has slayed a few attacker dragons in his past. Join his discussion with Or Eshed, CEO of LayerX, as they go beyond the “zero trust” buzzword and find out if and how zero trust principles can be implemented on the browser. They also contemplate how secure commercial browsers really are and Ira provides interesting insights and anecdotes about the human factor in cyber security. If you’re looking to cut through the fluff and find a secure solution for your organization – this episode is a must listen.

The hacker's point of view on the browser

LayerX Security — Mon, 20 Mar 2023 05:27:36 -0700

The browser is one of the easiest access points for cyber criminals. Exploiting browser vulnerabilities for account takeover and damaging environments does not require sophisticated technological capabilities. In fact, sometimes simple social engineering is enough. Yet, most users and organizations don’t take browser security into consideration. Organizations set up security controls for much more sophisticated and complex types of attacks, while leaving browsers unprotected.

Our guest, Brett Johnson, aka “The Original Internet Godfather”, is a former US ‘Most Wanted Cybercriminal’ who now helps organizations protect themselves from attackers. Join us to hear from him about the cyber criminals’ point of view when attacking the organizational browser, how CISOs should protect organizations from the risks of human error, upcoming trends for online crime (including how the war in Ukraine is changing the cybercriminal landscape), which types of cyber crime are profitable, and a lot more.

If your company uses browsers (i.e, all of you) – this episode is a must listen.