Book a demo

Talon’s Enterprise Browser protection in MITRE D3FEND™ framework

MITRE D3FEND™ (Detection, Denial, and Disruption Framework Empowering Network Defense) is an open knowledge base of cybersecurity defensive techniques. D3FEND provides a common taxonomy that lets various constituents (SecOps teams, pen testers, red and blue teams, security solution providers, threat intelligence vendors, etc.) communicate using the same vocabulary.

D3FEND organizes cybersecurity countermeasures into five distinct defensive tactics: harden, detect, isolate, deceive, and evict. Each tactic is comprised of various techniques and sub-techniques. For example, the harden tactic includes application hardening, credential hardening, message hardening and platform hardening techniques. And the application hardening technique includes seven sub-techniques.

MITRE maintains an interactive D3FEND knowledge graph that makes it easy to visualize all the tactics and techniques at a glance, and quickly drill down on individual techniques and sub-techniques for detailed information.

D3FEND complements the popular MITRE ATT&CK® knowledge base of adversarial tactics, techniques, and procedures (TTPs). The D3FEND knowledge graph maps ATT&CK offensive techniques to D3FEND defensive techniques, helping cybersecurity professionals counter known TTPs and eliminate gaps.

The table below maps the Talon Enterprise Browser’s security capabilities to relevant Mitre D3FEND sub-techniques. Use the scroll button at the top and bottom of the table to scroll from left to right and see the whole table.

Array
(
    [0] => WP_Term Object
        (
            [term_id] => 20
            [name] => Harden
            [slug] => harden
            [term_group] => 0
            [term_taxonomy_id] => 20
            [taxonomy] => mitre-type
            [description] => 
            [parent] => 0
            [count] => 0
            [filter] => raw
            [term_order] => 18
        )

    [1] => WP_Term Object
        (
            [term_id] => 18
            [name] => Detect
            [slug] => detect
            [term_group] => 0
            [term_taxonomy_id] => 18
            [taxonomy] => mitre-type
            [description] => 
            [parent] => 0
            [count] => 0
            [filter] => raw
            [term_order] => 11
        )

    [2] => WP_Term Object
        (
            [term_id] => 21
            [name] => Isolate
            [slug] => isolate
            [term_group] => 0
            [term_taxonomy_id] => 21
            [taxonomy] => mitre-type
            [description] => 
            [parent] => 0
            [count] => 0
            [filter] => raw
            [term_order] => 22
        )

    [3] => WP_Term Object
        (
            [term_id] => 16
            [name] => Deceive
            [slug] => deceive
            [term_group] => 0
            [term_taxonomy_id] => 16
            [taxonomy] => mitre-type
            [description] => 
            [parent] => 0
            [count] => 0
            [filter] => raw
            [term_order] => 7
        )

    [4] => WP_Term Object
        (
            [term_id] => 19
            [name] => Evict
            [slug] => evict
            [term_group] => 0
            [term_taxonomy_id] => 19
            [taxonomy] => mitre-type
            [description] => 
            [parent] => 0
            [count] => 0
            [filter] => raw
            [term_order] => 13
        )

)
Harden (1 – 2)
Application Hardening
Credential Hardening

TalonWork requires a digital certificate to authenticate a user, and ensures the certificate is signed by a trusted Certificate Authority. In addition, TalonWork allows the organization to add dedicated certificates and manage the list of trusted CAs for browsing and accessing company resources.

TalonWork allows the admin to manage trusted TLS Certificate Authorities in the browser, and ignore ones deployed manually by the user or in the device. In addition, TalonWork can block access to unsafe SSL connections. For example, block the “Continue anyway” option when getting an SSL error that might appear during an SSL MitM attack.

TalonWork supports multifactor authentication to prevent unauthorized access to the browser. TalonWork user authentication provides an additional layer of security above and beyond the native user authentication features provided by SaaS solutions or other web-based applications. In addition, according to the admin’s policy, the user can be authenticated with MFA to TalonWork and effectively use this authentication as another factor for logging into corporate services.

TalonWork supports a permissions hierarchy for TalonWork users based on what has been established by the Identity Provider, including the masking of sensitive information in websites or files.

With TalonWork you can force users to use strong passwords for SaaS and web-based applications based on policy. Talon can also monitor for evidence of leaked credentials.

Credential Hardening (3 – 4)
Message Hardening

As of the nature of internet protocols, TLS encryption assures authentication to senders of messages. Talon allows enforcing usage of secure protocols.

All messages are encrypted with HTTPS protocol.

Platform Hardening

With TalonWork you can validate an endpoint’s posture including OS version and patch levels before granting users access to enterprise applications and services. TalonWork also ensures the browser is up to date with the latest security patches.

TalonWork can optionally locally encrypt files, based on policy. The policy can be set at a granular level and depend on the file content, source, destination and type, as well as the user and device used.

With TalonWork you can validate an endpoint’s posture and ensure its disk is encrypted before granting users access to enterprise applications and services.

Detect (1 – 3)
File Analysis

TalonWork integrates with Avira File Reputation™ to deliver advanced malware protection. The joint solution prevents TalonWork users from uploading or downloading potentially harmful files. When a user attempts to upload or download a file, TalonWork automatically forwards the file to Falcon X for analysis.

TalonWork allows scanning file content for specific data types and forms, helping prevent data leakage (by mistake or intent).

TalonWork optionally integrates with CrowdStrike Falcon X™ to deliver advanced malware protection. The joint solution prevents TalonWork users from uploading or downloading potentially harmful files. When a user attempts to upload or download a file, TalonWork automatically forwards the file to Falcon X for analysis.

TalonWork optionally integrates with CrowdStrike Falcon X™ to deliver advanced malware protection. The joint solution prevents TalonWork users from uploading or downloading potentially harmful files. When a user attempts to upload or download a file, TalonWork automatically forwards the file to Falcon X for analysis. In addition, TalonWork also has native file scanning capabilities for malicious file identification.

Identifier Analysis

TalonWork prevents access to malicious domains, URLs, and phishing websites with enhanced safe browsing functions.

Using its malicious domain & URL protection feature, TalonWork controls access to confirmed malicious domains and URL addresses – including the detection of malicious strings that are being presented to users.

Message Analysis
Detect (5 – 6)
Network Traffic Analysis

TalonWork provides additional checks for the client certificate, allowing certificates generated only by an administratively defined list of approved certificate authorities.

Platform Monitoring
Platform Monitoring (7 – 8)
Process Analysis

TalonWork can detect processes that change at runtime, such as malicious extensions that try to inject JavaScript or change their code at runtime

User Behavior Analysis

TalonWork can monitor and analyze user login attempts over time, and block access for attempts that deviate from the norm.

TalonWork can collect statistics on the number of files and data uploaded or downloaded by a user and determine if this behavior deviates from the norm.

TalonWork maintains detailed audit trails of all browser activities and SaaS or other web application actions.

TalonWork can analyze the connection start time of certain applications and compare it to the regular working hours of the enterprise. Login attempts at unusual times (late night hours or holidays) can indicate illicit or suspicious activity.

Isolate
Execution Isolation

Upon policy, TalonWork can block the execution of files downloaded from specific applications.

Upon policy, TalonWork can restrict downloading of certain files or authenticate the digital signature before opening in the browser.

Network Isolation

TalonWork can restrict web access and application logins to only approved domains and subdomains.

TalonWork can restrict web access and application logins based on criteria such as IP address, domain name, or DNS query type.

Access to corporate resources can be restricted to TalonWork only and the source network can be verified before permitting access.

TalonWork can restrict network traffic based on geolocation and additional user, device and network parameters.

TalonWork integrates with various network and application layer access solutions, including VPN browser extensions and stand-alone VPN solutions, to encrypt and encapsulate network traffic.

TalonWork can denylist returned IP addresses to prevent a malicious user from learning IP addresses.

TalonWork can block DNS queries that are deceptively similar to legitimate domain names such as outloook.com instead of outlook.com.

TalonWork can block browsing to specific sub-domains, domains or full URLs.

TalonWork can block browsing to specific domains or block navigating to specific URL types.

Deceive
Decoy Environment

TalonWork relies on deception and decoys to counter certain types of attacks.

TalonWork relies on deception techniques to counter various types of malicious activities.

Decoy Object

TalonWork relies on deception and decoys to counter certain type of attacks.

TalonWork relies on deception and decoys to counter certain type of attacks.

TalonWork relies on deception and decoys to counter certain types of attacks.

TalonWork relies on deception and decoys to counter certain types of attacks.

Evict
Credential Eviction

TalonWork removes tokens and credentials from a browser authentication cache.

A TalonWork admin can terminate and disable access to a user’s TalonWork browser and all related data.

Process Eviction

A TalonWork admin can terminate access to a specific SaaS and web-based application even if the user is already authenticated and connected to the app. In addition, TalonWork can restrict access to data and services if there are suspicious processes running on the computer system.

Learn how Talon’s Enterprise Browser maps to the MITRE D3FEND framework.

Download Whitepaper

Talon has joined forces with Palo Alto Networks to secure all users and devices

Learn more