Most Web users today use their own installed browsers or VPN connections to secure their online activities. A new approach from startup Quaresso Software Technologies could change that paradigm with a novel armored browser technology that creates secured browsing sessions that are delivered via a Web site or remote server without the need for users to have the technology pre-installed.
Quaresso is leveraging intellectual property it is licensing from network optimization and security vendor Blue Coat (NASDAQ: BCSI), which also provided some seed capital to help start the new company. Both Blue Coat and Quaresso declined to provide the exact financial value of the intellectual property or the investment, though they did explain the promise of the new technology.
“What we are really trying to solve is the last mile information security problem around browsers,” Mark Elliott, Quaresso’s founder and CEO, told InternetNews.com. “Specifically we’re trying to enable enterprise Web site owners to be able to try and reduce the risk that browsers bring to the equation when those browsers connect to their Web sites.”
Quaresso’s service enables a site to deliver a secure browser on demand, Elliot said. The armored browser is a sort of browser sandbox that is initiated remotely and provides encryption for cookies, history and cache information that occurs during a user session. Elliott described the approach as providing an “ephemeral” browser that doesn’t leave any software or trace of the user session behind. The idea is that by securing the session information, private user information cannot be sniffed or stolen from the browser.
The idea of creating a secured browser by somehow isolating the browser is not a new one. Checkpoint has a software called Zone Alarm ForceField, which also aims to provide an armored browser. But Elliot noted that what Quaresso is providing does not require any client-side installation, which in his view is a key difference.
Quaresso is now offering two services to deliver the armored browser approach, My Protect and Protect on Q. The My Protect service is a freely available version of the technology. Protect on Q is the full-scale enterprise version, a software solution that runs on a Java middleware
“One of the challenges for the Web site owner is the fact that regardless of how many security features are in a Web browser, the Web site owner has no idea what settings are enabled and whether or not they are properly configured,” Elliott said. “What is shocking is the amount of sensitive data that is left behind in browser caches.”
Elliott added that the private browsing mode features, which don’t store session information, now available in modern Web browsers including IE 8, Firefox and Chrome are a step in the right direction, but it’s not enough.
“We basically encrypt any kind of session data that is committed to disk such as cookies, password store, history and cache files,” he explained. “It ensures that people can’t snoop on the data.”
The service includes several patented technologies that Quaresso is licensing from Blue Coat. Blue Coat’s products include hardware and software technologies to accelerate and secure enterprise networks. Blue Coat also has a free consumer service called K9 that provides Web filtering.
While Blue Coat sees value in the intellectual property that Quaresso is now licensing, developing an armored browser was not a focus for Blue Coat.
“We think that the technology has a lot of promise to it, but in terms of the market right now and our focus we felt that it was outside of the core area that we’re developing ourselves,” Steve Schick, senior director of corporate communications at Blue Coat, told InternetNews.com. “So it makes sense to have a separate entity focus on those market dynamics and figure out how to apply the technology in a solution and that was outside of our immediate focus.”