Most web interactions occur via browsers, both at work and at home. Since the web browser is strategically located to defend against web-based threats, choosing one that provides an effective layer of defense against attacks reduces the burden on other deployed security controls. since browsers often have visibility into threats before other security technologies that are deployed both on the network or as local clients, their selection and configuring can dramatically impact an organization’s security posture.

Significant changes have occurred since the inception of web browsers. As content has grown richer, so too has the number of plug-ins and software extensions that are required to access this content. However, these additional browser plug-ins increase the likelihood of new vulnerabilities. Additionally, threat actors have grown more competent at deceiving users into clicking on malicious links.

The scope of this Test Methodology is limited to assessing the efficacy of browser protection against malware that utilizes social engineering and phishing attack capabilities. These more insidious attacks can be difficult to identify even for the seasoned security practitioner, and this is why browser protection can make a difference.