search

Enhancing Security with the TalonWork Enterprise Browser and Okta for Sensitive Data Protection

At Red Cup IT, we are dedicated to providing top-tier security solutions to protect sensitive data, including Okta API secrets, AWS Secret keys, Azure keys, PEM certificates, and more. Our approach leverages the advanced capabilities of TalonWork Enterprise, coupled with Okta's trusted network feature, to offer unparalleled protection for our clients' digital assets.

hashtag
Leveraging Talon's Proxy IPs for Enhanced Access Control

TalonWork Enterprise's proxy IP feature plays a crucial role in our security strategy. By routing all browser traffic through Talon's proxy IPs, we can enforce strict access controls, ensuring that sensitive admin consoles and Single Sign-On (SSO) applications are accessible only through the Talon browser. This level of control effectively prevents these critical resources from being accessed via unmanaged browsers like Chrome, Firefox, Edge, and Safari, which significantly reduces the risk of unauthorized access and data breaches[1].

Authentication Policy for the Okta Admin Console requires the TalonWork Browser with a Default Deny Catch-all rule. This is in addition to our Global Session policy which requires Beyond Identity and a phishing-resistant MFA.

hashtag
Okta's Trusted Network Feature for Secure Authentication

In conjunction with Talon's proxy IPs, we utilize Okta's trusted network feature to further secure access to sensitive admin consoles. By designating Talon's proxy IPs as trusted within Okta, we ensure that authentication requests originating from outside this trusted network are denied. This means that attempts to access resources like the AWS Console from unsecured devices or unconventional browsers, such as those on TVs, cars, or smart refrigerators, are effectively blocked, providing an additional layer of security[2]. These IoT and smart devices are typically running very outdated versions of browsers with known zero-day exploits.

Zero Trust in action, Cato Networks SASE is required in additon to the Talon Enterprise Browser

hashtag
Comprehensive Data Protection Features

Our security solution encompasses several key features designed to protect sensitive data:

  • Data Masking and Watermarking: TalonWork Enterprise obscures sensitive information displayed within the browser and applies digital watermarks to deter and trace unauthorized data sharing[3].

  • Blocking Printing and Screenshots: To prevent data exfiltration, TalonWork Enterprise restricts printing and screenshot capabilities within the browser environment[3].

You can see the watermarks here, which deter someone from taking a picture of the screen with their mobile device.

  • Clipboard Control and Copy-Paste Limitations: We enforce strict control over clipboard operations, including copy-paste actions, to prevent sensitive data from being moved to unauthorized applications or web pages[3].

Example of an AI/LLM policy that prevents users from inputting sensitve data into OpenAI's ChatGPT
Screenshot of the browser DLP policy in action, with a helpful tooltip that shows the end user what actions are allowed.

  • URL and Application Access Restrictions: Policies can be defined within TalonWork Enterprise to restrict the copying or pasting of sensitive data to only approved URLs or applications, ensuring that data remains within a secure environment[3].

We've configured Talon Browser's Typing Guard to block user input of a Social Security Number (SSN) into ChatGPT.

hashtag
Conclusion

By integrating TalonWork Enterprise's advanced security features with Okta's trusted network capabilities, Red Cup IT delivers a robust solution for protecting sensitive data against the evolving threats of the digital age. Our approach not only secures Okta API secrets, AWS Secret keys, Azure keys, and PEM certificates but also establishes a comprehensive defense mechanism that restricts access to critical resources to authorized environments only. With Red Cup IT, businesses can confidently navigate the complexities of cybersecurity, knowing their most valuable digital assets are safeguarded with cutting-edge technology and expert care.

circle-info

Check out the next page for a how-to guide on how to find out what User Agent your IoT browsers are using!

Citations:

  1. Palo Alto Networks. (n.d.). Web Proxy. Retrieved from https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxyarrow-up-right

  2. Okta. (n.d.). About Single Sign-On (SSO). Retrieved from https://help.okta.com/oie/en-us/content/topics/apps/apps-about-sso.htmarrow-up-right

  3. Talon Security. (n.d.). Zero Trust for Web Applications. Retrieved from https://talon-sec.com/solutions/zero-trust-for-web-applications/arrow-up-right

  4. Talon Security. (n.d.). MITRE ATT&CK. Retrieved from https://talon-sec.com/mitre-frameworks/mitre-attack/arrow-up-right

  5. Okta. (n.d.). Overview of Managing Apps and SSO. Retrieved from https://help.okta.com/en-us/content/topics/apps/apps_overview_of_managing_apps_and_sso.htmarrow-up-right

  6. Microsoft. (n.d.). Tutorial: Azure Active Directory integration with Talon. Retrieved from https://learn.microsoft.com/en-us/entra/identity/saas-apps/talon-tutorialarrow-up-right

  7. Computerworld. (n.d.). Start-up emerges with an enterprise browser. Retrieved from https://www.computerworld.com/article/3648597/start-up-emerges-with-an-enterprise-browser.htmlarrow-up-right

  8. Okta. (2021, February). What is Single Sign-On (SSO)?. Retrieved from https://www.okta.com/blog/2021/02/single-sign-on-sso/arrow-up-right

  9. Talon.One. (n.d.). SSO with Okta. Retrieved from https://docs.talon.one/docs/dev/tutorials/sso-with-oktaarrow-up-right

  10. Omdia. (n.d.). On the Radar: Talon offers endpoint and web security with an enterprise browser. Retrieved from https://omdia.tech.informa.com/om029817/on-the-radar-talon-offers-endpoint-and-web-security-with-an-enterprise-browserarrow-up-right

  11. Okta Support. (n.d.). Okta authentication on trusted network from different domain/local account. Retrieved from https://support.okta.com/help/s/question/0D54z00008SJew1CAD/okta-authentication-on-trusted-network-from-different-domainlocal-account?language=en_USarrow-up-right

  12. Talon Security. (n.d.). Talon Mobile. Retrieved from https://talon-sec.com/product/talon-mobile/arrow-up-right

  13. Palo Alto Networks. (n.d.). What is a Proxy Server?. Retrieved from https://www.paloaltonetworks.com/cyberpedia/what-is-a-proxy-serverarrow-up-right

  14. Okta Developer. (n.d.). Build a SAML2 Integration. Retrieved from https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/arrow-up-right

  15. Talon.One. (n.d.). SSO with Google. Retrieved from https://docs.talon.one/docs/dev/tutorials/sso-with-googlearrow-up-right

  16. SiliconANGLE. (2023, November 5). Palo Alto Networks reportedly acquires enterprise browsing startup Talon for $625M. Retrieved from https://siliconangle.com/2023/11/05/palo-alto-networks-reportedly-acquires-enterprise-browsing-startup-talon-625m/arrow-up-right

  17. Okta Developer. (n.d.). Configure Native SSO. Retrieved from https://developer.okta.com/docs/guides/configure-native-sso/main/arrow-up-right

  18. Talon Security. (n.d.). Talon Enterprise Browser. Retrieved from https://talon-sec.com/product/talon-enterprise-browser/arrow-up-right

  19. SourceForge. (n.d.). TalonWork Alternatives. Retrieved from https://sourceforge.net/software/product/TalonWork/alternativesarrow-up-right

  20. Okta. (n.d.). Employee SSO to Apps. Retrieved from https://www.okta.com/solutions/employee-sso-to-apps/arrow-up-right

  21. Talon Security. (n.d.). Talon and Microsoft Solution Brief. Retrieved from https://talon-sec.com/resources/solution-brief/talon-and-microsoft-solution-brief/arrow-up-right

  22. AIMultiple. (n.d.). Enterprise Proxy. Retrieved from https://research.aimultiple.com/enterprise-proxy/arrow-up-right

  23. Okta. (n.d.). Zero Trust with Okta: A Modern Approach to Secure Access. Retrieved from https://www.okta.com/resources/whitepaper/zero-trust-with-okta-modern-approach-to-secure-access/arrow-up-right

PreviousWelcome to Red Cup IT: Navigating the Modern Cybersecurity Landscape TogetherNextHow to Log into Office.com on Your Tesla and Check Azure Sign-In Logs for User Agent Version

Last updated