Netskope Global Technical Success (GTS)
How to Restrict Website Access on Brave Browser
Netskope Cloud Version - 121
Objective
Block access of all websites when access is attempted from Brave browser
Prerequisite
Netskope Secure Web Gateway License is required
Context
Organisations might have requirements to allow usage of specific browsers within the organisation. As a result, free source browsers need to be blocked for security reasons. This article will demonstrate the process to block brave browser.
Do You Know?
- Netskope acknowledges Brave as a Cloud Application that provides internet security tools such as browsers and search engines
- However, there is no dedicated connector specifically for Brave browser which users can use to block traffic originating from Brave Browser
- This article will guide you through the process of blocking access of any websites from Brave browser
Why consider blocking Brave Browser?
Organizations may block Brave Browser for several security and operational reasons:
- Bypassing Content Filters: Brave's built-in ad and tracker blockers can interfere with monitoring or filtering solutions, allowing users to bypass organizational policies.
- Privacy Features: Enhanced privacy tools (like Tor integration) can obscure user activity, complicating compliance with monitoring requirements or security policies.
- Potential Data Exfiltration: Brave's focus on decentralized tools, such as IPFS or cryptocurrency integration, might introduce unknown vectors for data transfer or malware.
- Limited Control: The browser's design reduces visibility into user behavior, which might conflict with IT governance standards in enterprises.
Lab Recreate
- Brave browser has a unique search pattern that utilises “search.brave.com” in every search match happening on the browser’s search bar
- We will leverage this logic to define a regex that will look for “search.brave.com” on the browser’s search box and then create a Real time protection policy to block all traffic when this regex matches.
- To validate the regex you can use Regex Tester Tools. Please note that Netskope’s URL list regexes use a specific format. Learn more about the same using this link
- Realtime protection policy:
Step 1: Create a custom URL list to match “search.brave.com” on the search engine panel
Path: Netskope Tenant UI >>> Policies >>> Profile --- URL List >>> New URL List
Step 2: Now Create a custom category using the Custom URL list created in Step 1
Path: Netskope Tenant UI >>> Policies >>> Profile --- Custom category >>> New Category
Step 3: Now go to the Real time protection policy page under Policies - Real Time protection policies - Web and create a Real time protection policy as shown below:
Path: Netskope Tenant UI >>> Policies >>>Real-time protection >>> New Policy
Verification
When a user tries to access any site from brave browser, the access will be blocked
Note - The above template can be customized as demonstrated in this link
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- Netskope Engineering is continuously working on product enhancements. In the future, additional controls may become available to address some of the limitations mentioned earlier. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
What to Read Next? | |
User Notification - User Alert for Non-Sanctioned Application | |
Setting up keyword based blocking on search engines | |
How to block parent domain while allowing sub-domains |