On January 13, 2026, CrowdStrike announced plans to acquire browser security company Seraphic. In 2022 and 2024, Forrester highlighted how the simple browser has become just another endpoint within your enterprise and needs to be configured, secured, and monitored to ensure that threat actors can’t compromise your business and get to your data. One of the reasons we know this approach is crucial is because even leading endpoint protection (EPP), endpoint detection and response (EDR), and extended detection and response (XDR) platforms have limited insight regarding activity within the browser itself without requiring the deployment of an additional component (usually an extension) into that browser. These EDR/XDR endpoint agents can’t see HTML smuggling or browser-in-browser attacks, and while secure web gateway and secure access service edge (SASE) solutions can reduce access to untrusted or compromised websites, they can’t see all the traffic and can’t regulate all aspects of data security management without more tools deployed on the endpoint … and even those miss many attacks.

Wasn’t there another browser security acquisition by a large cybersecurity vendor?

In late 2023, Palo Alto Networks acquired enterprise browser vendor Talon Cyber Security, and we stated at the time that this was a positive move for businesses in showing the importance of gaining better control of the browser to help regulate access to applications and data, including reducing threat exposure. Palo Alto chose to pair the browser to its SASE solution, Prisma Access. While that provided a more robust, controllable, and secure endpoint for user access than standard browsers, no matter what the physical endpoint was, if the customer already had a competing SASE solution, they’d shy away from utilizing this powerful enterprise browser. CrowdStrike’s acquisition, which follows another planned acquisition of identity security provider SGNL, expands the use cases and can apply to wherever the user may be (home, office, or a coffee shop) while they visit customers, targeting the browser as just another endpoint to secure.

Seraphic leverages the JavaScript engine (JSE) — a core component of every browser — to control virtually all browser activity, providing unique prevention and detection capabilities that are a valuable complement to CrowdStrike’s existing endpoint security. It also enables CrowdStrike to address some SASE use cases without needing to build out points of presence and implement traffic steering capabilities using Falcon (or another agent). Because much of the “secret sauce” resides in JSE, Seraphic can support conventional browsers and desktop apps built using web technologies such as Slack and Teams. It also means that there are a variety of deployment options, ranging from a browser extension to dedicated instances of commercial browsers, enabling organizations to support fully managed installs, as well as bring-your-own-device or third-party contractor deployments where it’s difficult, undesirable, or impossible to manage the user’s chosen browser.

How is this helpful for something like data security management?

Forrester’s data from 2024 and 2025 shows that over two-thirds of business users are doing the majority or all of their work within the browser today. They are sending invoices to customers, downloading spreadsheets from public accountants, using generative AI platforms to assist in business processes, and entering all types of client data into SaaS applications. The browser is one of many surfaces where data loss prevention controls are available today. As a part of a larger platform with additional data control capabilities, customers should watch for how they can enable consistent policy enforcement across multiple channels of data loss such as endpoint, cloud, and browser.

There is only so much insight and control that network-based security tools can provide regarding the data being sent through the browser. By moving the security controls and monitoring into the browser itself, IT and security operations will gain more insight into how users are interacting with the data, can watch for and prevent violations of acceptable use policies (including the use of AI platforms), and can monitor for any embedded threats in documents before they reach the physical endpoint. For security analysts, this last-mile insight into the browser can complete the picture for how malicious scripts were downloaded to a physical endpoint, including what sites they originated from, what the user clicked to access them, and what happened just before or after the download.

Forrester is continuing to research and provide reports on the importance of securing the modern endpoint that is the humble browser, and we’d love to talk with our customers more about what they can do to enhance security there, so please click here to schedule a guidance session with us to dive deeper.