Browser security consolidation: what it means for IAM teams

TL;DR: Browser security has consolidated quickly, with three acquisitions in five months and 85% of organisations expecting to increase spend over the next 12 to 24 months, according to Push Security. The market signal is clear, but practitioners still have to separate platform convenience from the browser-layer identity controls needed to stop browser-based attacks.

NHIMG editorial — based on content published by Push Security: Why "good enough" isn't enough when it comes to browser security, and a best-of-breed approach is needed to tackle emerging threats

By the numbers:

• 85% of organizations expect to increase that spend over the next 12 to 24 months.
• 92% of organizations allow employees to use public GenAI applications.

Questions worth separating out

Q: How should security teams evaluate browser security for identity risk?

A: Security teams should evaluate browser security by asking whether it can see and stop identity abuse inside the session, not just block known malicious sites.

Q: Why do browser controls matter so much for IAM programmes?

A: Browser controls matter because the browser is where modern identity attacks are executed and where trust is created at login time.

Q: What do security teams get wrong about bundled browser security?

A: Teams often assume that a bundled browser feature is adequate if it reduces vendor count.

Practitioner guidance

• Re-evaluate browser controls as identity controls Map browser security requirements to the identity attacks you actually need to stop, including session hijack, OAuth consent abuse, and device code phishing.
• Test technique-based detection against live attacker behaviour Use realistic phishing kits and consent abuse scenarios rather than old URLs or known indicators.
• Tie browser telemetry into IAM and SaaS governance Route browser findings into identity workflows for access review, account takeover investigation, and risky SaaS suppression.

What's in the full article

Push Security's full analysis covers the operational detail this post intentionally leaves for the source:

• A breakdown of the browser attack techniques the vendor says it detects in live sessions, including AiTM phishing and ClickFix.
• Examples of how browser-layer telemetry surfaces password use, MFA gaps, risky extensions, and shadow SaaS that endpoint tools miss.
• Discussion of operational scale, false positives, and deployment considerations for teams evaluating browser security in production.
• The vendor's account of research output and detection velocity across new browser attack techniques.

👉 Read Push Security's analysis of browser security consolidation and identity risk →

Browser security consolidation: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →