Sekant Web Security

80% of user time is spent in the browser, which is why 44% of cyber attacks involve them. It's time to re-think the security of your browser.

Sekant secures the browser using embedded runtime models to detect threats in real-time. It covers 4 major use-cases, with more in the works:
1) Phishing Detection
2) ClickFix Prevention
3) Unsafe Downloads Blocking
4) Shadow AI Monitoring

Phishing Detection:
5 ML/AI models work together to generate a phishing verdict (Suspicious or Unsafe). The 5 models cover -- URL, Content, Reputation, Brand, Vision. The Vision model uses a deep-learning model, so the extension embeds a runtime engine for evaluating this models.

Remediation options can be configured when suspicious or unsafe sites are identified, ranging from reporting to admin console, warning the user or blocking the page. Advanced users can click on the "Further Investigation" page to do a look up on threat intelligence sites.

ClickFix Prevention:
All clipboard copy & cut events are analyzes them for potential malicious Powershell / Shell scripts. If malicious scripts are detected, it will generate a detailed report in a new tab that explains the threat. Again, remediation options can be configured to just report or warn the user.

Block Unsafe Downloads:
An embedded rule engine (YARA compatible) scans critical sections of the file in real-time—canceling unsafe downloads before they ever touch the operating system. Admins can customize the rules utilized based on company policy or threat research (e.g. block executables/scripts from unfamiliar sites, block executables with two file extensions, block encrypted zip files etc).

Shadow AI Monitoring:
Usage of AI chatbot pages can be monitored, with the ability to log user prompts, data paste events and file uploads. Admins can customize remediation to just report or warn users when they paste data or upload files. An experimental feature also tries to detect new AI chatbot pages based on page behavior.

----

Enterprise features:
* Telemetry Collection: Sekant can be configured to send highly enriched, event telemetry (e.g. phishing site detected) to a backend server for monitoring and forensic purposes.
* Fleet wide configuration: Sekant can be configured with common options across the fleet
* Rule Customization: Sekant can be configured with custom download rules, using YARA-compatible rules for content scanning and enhanced Sekant context for metadata evaluation
* Remediation Customization: Sekant can be configured with individual remediation options per risk type (do nothing / report / warn / block [some cases])