Software-as-a-Service (SaaS) security vendor Qualys has just announced a Business Edition of their free BrowserCheck web browser vulnerability assessment tool. Browser security has increasingly become a more pressing issue for organizations of all sizes, and this latest Qualys tool provides some business-friendly features that administrators should find useful.
BrowserCheck Business Edition provides system administrators with a management console that lets them track browser usage by users in their IT environment. This features allows admins to look at the state of browser security across the company, and informs them when specific machines have outdated browsers in need of patching. Users can also use the free tool -- accessible by a unique BrowserCheck URL that Qualys provides for free -- to examine their own browser security.
Qualys CTO Wolfgang Kandek says that the existing version of BrowserCheck has more than 500,000 users since it was launched, and they've added support for browsers running on Linux, Mac, and Android devices. "The feedback we've received from users has been very positive," Kandek says. "Our business edition allows admins to sign up for a free account on BrowserCheck, create a unique URL they can provide to their users, and then they can use the admin interface can see the collective results of the scan and make any corrective actions if needed."
In a statement announcing the availability of BrowserCheck Business Edition, Gartner analyst Avivah Litan stressed the importance of browser security. "Secure web browsing is a growing concern for IT security. As employees increasingly access important information and use applications through their web browsers, malicious users are targeting their attacks on security vulnerabilities in out-of-date browsers and their plug-ins," Litan said. "Providing a way for IT administrators to assess browser security across an organization, and tools for users to keep their browsers and browser plug-ins up-to-date can help protect company data from malicious activity."
Kandek provided me with some eye-opening stats about the state of browser and plug-ion security in the form of the following chart:
The blue line represents the installed base of the indicated browser plug-in, yellow is the percentage of web browsers using those plug-ins that are vulnerable to attack, and the red line indicates vulnerabilities that are exploited in commonly-available "exploit kits" that cybercriminals often sell to other criminals.
Qualys has created a BrowserCheck Business Edition sign-up page that admins can use to create their free accounts.
Are you concerned about the state of browser security in your organization? Let me know what you think by adding a comment to this blog post or by starting up a conversation on Twitter.
Follow Jeff James on Twitter at @jeffjames3
Follow Windows IT Pro on Twitter at @windowsitpro