“Traditional endpoint controls like EDR focus on the OS level and miss in-session browser activity, while network tools like firewalls can’t inspect HTTPS-encrypted sessions or user actions within apps. They lack visibility into browser telemetry, shadow IT, malicious extensions, and data flows, leaving gaps that attackers exploit via phishing, session hijacking, and zero-days,” said Amit Jaju, global partner/senior managing director – India at Ankura Consulting. He added that web browsers pose risks even in controlled environments because they inherently process untrusted internet code, enabling zero-day exploits, malicious extensions acting as supply chain attacks, and credential theft that bypasses perimeter defenses.
CrowdStrike said the Seraphic acquisition will allow it to extend the Falcon platform deeper into in-browser activity. With Seraphic, the company aims to transform the SOC by correlating trillions of endpoint signals with deep, in-session browser telemetry. This will allow the Falcon platform to understand user intent, application context, and data flow in real time.
“Seraphic’s true USP lies in its ability to make the browser session itself a governable security surface, rather than treating the browser as a passive extension of the endpoint,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “Most enterprise security stacks stop at device health and identity validation. They confirm who logged in and from what device, but they lose visibility once the user begins interacting inside SaaS applications. Seraphic addresses this by enforcing policy inside the live browser session, covering user actions, session behaviour, and data movement that never touches disk and never triggers network anomalies. When integrated into CrowdStrike Falcon, it moves from detecting threats around user activity to governing behaviour during it.”
