Red Cup IT - Blog
  • 👋Welcome to Red Cup IT: Navigating the Modern Cybersecurity Landscape Together
  • ☄️Browser Security
    • Enhancing Security with the TalonWork Enterprise Browser and Okta for Sensitive Data Protection
      • How to Log into Office.com on Your Tesla and Check Azure Sign-In Logs for User Agent Version
    • Enhancing Web Security: The Case for Blocking JavaScript in the Omnibox
  • 👩‍💻IT & DevOps Security
    • Github
      • GitHub Cybersecurity Best Practices Checklist for Startups
      • Github Authentication with Passkeys
      • What is GitHub Domain Verification?
      • Essential GitHub Practices: Managing Member Privileges
    • Atlassian Jira
      • Understanding the New Atlassian Jira and Confluence External User Security Policy
    • Okta
      • Enhancing Authentication Security with Okta Identity Engine Factor Sequencing
  • 📨Domain Security
    • Importance of Secure SPF Records for Email Security
    • Strengthening Domain Registrar Security: Essential Strategies
    • Elevate Your Brand's Email Trust with BIMI and VMC: A Comprehensive Guide
    • The Critical Role of DNSSEC in Enhancing Business Domain Security
  • 🔐MSP Supply Chain Security
    • Leveraging Talon Browser's File Scanning Engine for Enhanced Security in MSP Environments
  • 🔎Real Time Threat Detection and Response
    • SentinelOne
      • SentinelOne and Okta Integration: Elevating Zero Trust Security in Okta
      • 🕵️‍♀️SentinelOne and Microsoft Entra ID Integration: Elevating Zero Trust Security in Azure AD
  • macOS Setup Guide for Software Engineers and Developers
    • Essential Tools and Software for macOS Developers
      • How to Install Homebrew on an Apple Silicon macOS Computer
      • Linking Visual Studio Code to GitHub on macOS: A Guide to Signed Commits
        • Choosing the Right GnuPG Key Type: A Guide to Secure Encryption
      • How to Enable Touch ID for sudo on macOS Sonoma (14.x) and Beyond
      • Enhance Your macOS Security with YubiKey as a PIV Card for Login and Terminal Access
Powered by GitBook
On this page

Was this helpful?

  1. Browser Security

Enhancing Security with the TalonWork Enterprise Browser and Okta for Sensitive Data Protection

PreviousWelcome to Red Cup IT: Navigating the Modern Cybersecurity Landscape TogetherNextHow to Log into Office.com on Your Tesla and Check Azure Sign-In Logs for User Agent Version

Last updated 1 year ago

Was this helpful?

At Red Cup IT, we are dedicated to providing top-tier security solutions to protect sensitive data, including Okta API secrets, AWS Secret keys, Azure keys, PEM certificates, and more. Our approach leverages the advanced capabilities of TalonWork Enterprise, coupled with Okta's trusted network feature, to offer unparalleled protection for our clients' digital assets.

Leveraging Talon's Proxy IPs for Enhanced Access Control

TalonWork Enterprise's proxy IP feature plays a crucial role in our security strategy. By routing all browser traffic through Talon's proxy IPs, we can enforce strict access controls, ensuring that sensitive admin consoles and Single Sign-On (SSO) applications are accessible only through the Talon browser. This level of control effectively prevents these critical resources from being accessed via unmanaged browsers like Chrome, Firefox, Edge, and Safari, which significantly reduces the risk of unauthorized access and data breaches[1].

Okta's Trusted Network Feature for Secure Authentication

In conjunction with Talon's proxy IPs, we utilize Okta's trusted network feature to further secure access to sensitive admin consoles. By designating Talon's proxy IPs as trusted within Okta, we ensure that authentication requests originating from outside this trusted network are denied. This means that attempts to access resources like the AWS Console from unsecured devices or unconventional browsers, such as those on TVs, cars, or smart refrigerators, are effectively blocked, providing an additional layer of security[2]. These IoT and smart devices are typically running very outdated versions of browsers with known zero-day exploits.

Comprehensive Data Protection Features

Our security solution encompasses several key features designed to protect sensitive data:

  • Data Masking and Watermarking: TalonWork Enterprise obscures sensitive information displayed within the browser and applies digital watermarks to deter and trace unauthorized data sharing[3].

  • Blocking Printing and Screenshots: To prevent data exfiltration, TalonWork Enterprise restricts printing and screenshot capabilities within the browser environment[3].

  • Clipboard Control and Copy-Paste Limitations: We enforce strict control over clipboard operations, including copy-paste actions, to prevent sensitive data from being moved to unauthorized applications or web pages[3].

  • URL and Application Access Restrictions: Policies can be defined within TalonWork Enterprise to restrict the copying or pasting of sensitive data to only approved URLs or applications, ensuring that data remains within a secure environment[3].

Conclusion

By integrating TalonWork Enterprise's advanced security features with Okta's trusted network capabilities, Red Cup IT delivers a robust solution for protecting sensitive data against the evolving threats of the digital age. Our approach not only secures Okta API secrets, AWS Secret keys, Azure keys, and PEM certificates but also establishes a comprehensive defense mechanism that restricts access to critical resources to authorized environments only. With Red Cup IT, businesses can confidently navigate the complexities of cybersecurity, knowing their most valuable digital assets are safeguarded with cutting-edge technology and expert care.

Check out the next page for a how-to guide on how to find out what User Agent your IoT browsers are using!

Citations:

Palo Alto Networks. (n.d.). Web Proxy. Retrieved from

Okta. (n.d.). About Single Sign-On (SSO). Retrieved from

Talon Security. (n.d.). Zero Trust for Web Applications. Retrieved from

Talon Security. (n.d.). MITRE ATT&CK. Retrieved from

Okta. (n.d.). Overview of Managing Apps and SSO. Retrieved from

Microsoft. (n.d.). Tutorial: Azure Active Directory integration with Talon. Retrieved from

Computerworld. (n.d.). Start-up emerges with an enterprise browser. Retrieved from

Okta. (2021, February). What is Single Sign-On (SSO)?. Retrieved from

Talon.One. (n.d.). SSO with Okta. Retrieved from

Omdia. (n.d.). On the Radar: Talon offers endpoint and web security with an enterprise browser. Retrieved from

Okta Support. (n.d.). Okta authentication on trusted network from different domain/local account. Retrieved from

Talon Security. (n.d.). Talon Mobile. Retrieved from

Palo Alto Networks. (n.d.). What is a Proxy Server?. Retrieved from

Okta Developer. (n.d.). Build a SAML2 Integration. Retrieved from

Talon.One. (n.d.). SSO with Google. Retrieved from

SiliconANGLE. (2023, November 5). Palo Alto Networks reportedly acquires enterprise browsing startup Talon for $625M. Retrieved from

Okta Developer. (n.d.). Configure Native SSO. Retrieved from

Talon Security. (n.d.). Talon Enterprise Browser. Retrieved from

SourceForge. (n.d.). TalonWork Alternatives. Retrieved from

Okta. (n.d.). Employee SSO to Apps. Retrieved from

Talon Security. (n.d.). Talon and Microsoft Solution Brief. Retrieved from

AIMultiple. (n.d.). Enterprise Proxy. Retrieved from

Okta. (n.d.). Zero Trust with Okta: A Modern Approach to Secure Access. Retrieved from

☄️
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/web-proxy
https://help.okta.com/oie/en-us/content/topics/apps/apps-about-sso.htm
https://talon-sec.com/solutions/zero-trust-for-web-applications/
https://talon-sec.com/mitre-frameworks/mitre-attack/
https://help.okta.com/en-us/content/topics/apps/apps_overview_of_managing_apps_and_sso.htm
https://learn.microsoft.com/en-us/entra/identity/saas-apps/talon-tutorial
https://www.computerworld.com/article/3648597/start-up-emerges-with-an-enterprise-browser.html
https://www.okta.com/blog/2021/02/single-sign-on-sso/
https://docs.talon.one/docs/dev/tutorials/sso-with-okta
https://omdia.tech.informa.com/om029817/on-the-radar-talon-offers-endpoint-and-web-security-with-an-enterprise-browser
https://support.okta.com/help/s/question/0D54z00008SJew1CAD/okta-authentication-on-trusted-network-from-different-domainlocal-account?language=en_US
https://talon-sec.com/product/talon-mobile/
https://www.paloaltonetworks.com/cyberpedia/what-is-a-proxy-server
https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/
https://docs.talon.one/docs/dev/tutorials/sso-with-google
https://siliconangle.com/2023/11/05/palo-alto-networks-reportedly-acquires-enterprise-browsing-startup-talon-625m/
https://developer.okta.com/docs/guides/configure-native-sso/main/
https://talon-sec.com/product/talon-enterprise-browser/
https://sourceforge.net/software/product/TalonWork/alternatives
https://www.okta.com/solutions/employee-sso-to-apps/
https://talon-sec.com/resources/solution-brief/talon-and-microsoft-solution-brief/
https://research.aimultiple.com/enterprise-proxy/
https://www.okta.com/resources/whitepaper/zero-trust-with-okta-modern-approach-to-secure-access/
Authentication Policy for the Okta Admin Console requires the TalonWork Browser with a Default Deny Catch-all rule. This is in addition to our Global Session policy which requires Beyond Identity and a phishing-resistant MFA.
Zero Trust in action, Cato Networks SASE is required in additon to the Talon Enterprise Browser
You can see the watermarks here, which deter someone from taking a picture of the screen with their mobile device.
Example of an AI/LLM policy that prevents users from inputting sensitve data into OpenAI's ChatGPT
Screenshot of the browser DLP policy in action, with a helpful tooltip that shows the end user what actions are allowed.
We've configured Talon Browser's Typing Guard to block user input of a Social Security Number (SSN) into ChatGPT.