Google has announced the introduction of real-time, privacy-preserving URL protection to Google Safe Browsing for those using Chrome on desktop or iOS (and Android later this month).
Why?
Google says with attacks constantly evolving, and with the difference between successfully detecting a threat or not now perhaps being just a “matter of minutes,” this new measure has been introduced “to keep up with the increasing pace of hackers.”
Not Even Google Will Know Which Websites You’re Visiting
Google says because this new capability uses encryption and other privacy-enhancing techniques, the level of privacy and security is such that no one, including Google, will know what website you’re visiting.
What Was Happening Before?
Prior to the addition of the new real-time protection, Google’s Standard protection mode of Safe Browsing relied upon a list stored on the user’s device to check if a site or file was known to be potentially dangerous. The list was updated every 30 to 60 minutes. However, as Google now admits, the average malicious site only actually exists for less than 10 minutes – hence the need for a real-time, server-side list solution.
Another challenge that has necessitated the introduction of a server-side real-time solution is the fact that Safe Browsing’s list of harmful websites continues to grow rapidly and not all devices have the resources necessary to maintain this growing list, nor to receive and apply the required updates to the list.
Extra Phishing Protection
Google says it expects this new real-time protection capability to be able to block 25 per cent more phishing attempts.
Partnership With Fastly
Google says that the new enhanced level of privacy between Chrome and Safe Browsing has been achieved through a partnership with edge computing and security company Fastly.
Like Enhanced Mode
In its announcement of the new capability, Google also highlighted the similarity between the new feature and Google’s existing ‘Enhanced Protection Mode’ (in Safe Browsing) which also uses a real-time list to compare the URLs customers visit against. However, the opt-in Enhanced Protection also uses “AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions.”
What Does This Mean For Your Business?
As noted by Google, the evolving, increasing number of cyber threats, the fact that malicious sites are only around for a few minutes, and that many devices don’t have the resources on board to handle a growing security list (and updates) have necessitated a better security solution. Having the list of suspect sites server-side and offering real-time improved protection kills a few birds with one stone, allows Google a more efficient (and hopefully effective) way to increase its level of security and privacy. It’s also a way for Google to plug a security gap for those who have not taken the opportunity to opt-in to its Enhance Protection Mode since its introduction last year.
For business users and other users of Chrome, the chance to get a massive (estimated) 25 per cent increase in phishing protection without having to do much or pay extra must be attractive. For example, with phishing accounting for 60 per cent of social engineering attacks and, according to a recent Zscaler report, phishing attacks growing by a massive 47 per cent last year, businesses are likely to welcome any fast, easy, extra phishing protection they can get.