|
![]() Shourya Pratap Singh presented for SquareX at Security Field Day 14 |
This Presentation date is September 25, 2025 at 10:30-11:15.
Presenters: Shourya Pratap Singh
Follow on Twitter using the following hashtags or usernames: #XFD14
SquareX Browser Detection and Response: Closing the SWG and EDR Visibility Gap
Watch on YouTube
Watch on Vimeo
SquareX’s browser extension turns any browser on any device into an enterprise grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively defend against browser-native threats including Last Mile Reassembly Attacks, rogue AI agents, malicious extensions and identity attacks. SquareX is the only solution that provides BDR, enterprise browser and browser DLP capabilities in a single extension. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, delivering security without compromising user experience.
In the presentation, Shourya Pratap Singh explains that this solution is necessary because the very definition of an endpoint is evolving. Whereas endpoints were once defined by native applications and local storage, today the browser has become the primary application platform where most organizational work occurs. This shift means that the attack surface has also moved to the browser. Singh argues that traditional security tools, which were designed when browsers were simple rendering tools, are no longer sufficient. The modern browser is a complex ecosystem with advanced protocols and capabilities, making it impossible to infer all threats simply by inspecting network traffic, as was possible in the past. This complexity creates a significant visibility gap for existing security stacks.
Singh details how both Endpoint Detection and Response (EDR) and Secure Web Gateway (SWG) solutions fail to close this gap. EDR tools have limited visibility because the browser operates as a “closed box,” preventing them from seeing threats that live and die entirely within it, such as malicious extensions, identity-based consent attacks, or threats delivered via WebAssembly. Likewise, network-based SWG solutions lack the application context to detect advanced evasions. Singh uses the example of “Last Mile Reassembly Attacks,” where a malicious file is broken into individually benign chunks that pass through network security, only to be reassembled into a threat by JavaScript on the client side. By operating as a browser extension, SquareX’s BDR provides the necessary in-browser visibility to detect and respond to these modern, evasive threats that bypass traditional security controls.
Personnel: Shourya Pratap Singh
SquareX Browser Detection and Response Demos
Watch on YouTube
Watch on Vimeo
Shourya Pratap Singh, Principal Software Engineer, discusses the architecture of the SquareX Extension, engineered from the ground up with a modular and scalable design to deliver browser security. He explains how it augments existing security setups. Through demos, Shourya showcases use cases such as Browser Attack Detection and Response, Browser DLP, and enterprise browser use cases. He also highlights how the platform enables rapid modeling of protection against new threats, providing organizations with faster and more comprehensive browser security.
Throughout the presentation, Singh demonstrates how attackers exploit the visibility gap in traditional security tools by executing attacks entirely within the browser. He showcases how malicious files can be hidden in plain sight within legitimate web resources like CSS or WebAssembly files, and then reassembled and triggered as a download on the client side, bypassing proxy-based scanners. Similarly, he illustrates an OAuth consent attack where a legitimate link to a service like Salesforce is used to trick a user into granting risky permissions, leading to data exfiltration that email security and EDRs would miss. In both scenarios, the SquareX browser extension provides the necessary “last mile” control, intercepting the file download or the consent-granting action directly within the browser to block the threat before it can be executed.
Singh explains that the SquareX platform complements existing security setups by providing granular control and deep visibility into browser activity. Administrators can create policies using a simple UI, an AI-powered natural language generator, or a flexible Lua script editor, which allows for rapid defense modeling against novel attacks. Detections are enriched with an “AttackGraph” that maps the user’s entire navigation path leading to an incident, providing far more context than traditional logs. The extension-based approach is positioned as superior to dedicated enterprise browsers, as it avoids disrupting user behavior and workflows, enhances reliability, and seamlessly integrates with any browser to fill the critical security gaps in DLP and EDR.
Personnel: Shourya Pratap Singh