Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Firefox for Enterprise

47420754de0528af69e2a5d50e74ce0f?s=47 Blue Hats
November 27, 2019

Firefox for Enterprise

Présentation faite dans le cadre de la réunion MIMO du 27 novembre 2019.

47420754de0528af69e2a5d50e74ce0f?s=128

Blue Hats

November 27, 2019
Tweet

Transcript

  1. Firefox for Enterprise GT MIMO Nov 27th 2019

  2. Agenda 2 • Mozilla • Firefox Enterprise desktop • Paid

    support offering • Open discussion (problems? needs? Opportunities?)
  3. Mozilla 3 1100 employees Offices in US, France, Germany, UK,

    China and Canada Mission driven organization: Keep the internet open and accessible to all. Revenues come from search partnerships and donations
  4. Global data 4

  5. French data 5 More public data here

  6. ESR usage per country 6

  7. A little bit of history 7 2012 - First ESR

    10 2018 - ESR 60 - Legacy add-on mitigation - Policy engine and GPO 2019 - ESR68 - MSI and pkg installers - Open in IE extension - More policies - MacOS plist management - Ability to read certs from MacOS key store Addresses needs for longer support cycles in ENterprise, education or government Tactical move to avoid loosing Enterprise users as part of the legacy add-on migration Focus on delivering unmet Enterprise users needs and start growing the ENterprise user base again
  8. 8 It’s 2019. Internet browsing is solved. ...Or is it?

  9. 9 Consumers at home... Proportion of time spent online

  10. 10 At work, it’s reversed. Proportion of time spent online

  11. The browser is a core tool for the enterprise. Cloud

    Web apps Remote Access 11
  12. Browser security is a key concern. of organizations have been

    victim to cyber attacks1 of users open email from attackers, 10% click on links2 Avg cost of a malware attack on an organization3 31% 30% $2.4M 1Source: Cisco 2Source: Microsoft 3Source: Accenture 12
  13. As is privacy. Activity tracking Company profiling Data ownership 13

  14. Safe browsing • Phishing protection • Malware protection • Powered

    by the Google Safe browsing API • ...and enabled with privacy in mind • Query string parameters are stripped from URL • Separate cookie jar used from the rest of browsing cookies • URL obfuscation Focus on security 14
  15. Updates • Rapid release channel • Product improvements every 6

    weeks • Crash fixes and security fixes when needed • Extended Support Release (ESR) channel • No product changes for 12 months • Crash fixes and security fixes when needed • Policy updates every 6 weeks • Update customization • Automatic updates • Controlled updates deployed when needed Focus on security 15
  16. Certificate management • Import roots from OS certificate store allows

    for simpler interoperability • Firefox certificate store (NSS) allows for more granular control • We do not rely on the OS cert store to make decisions Focus on security 16 Browser resiliency • Not built on Chromium • Gecko allows for platform resiliency when operating multiple browsers open to Chromium vulnerabilities
  17. Networking security • DNS over HTTPs • HTTP Strict Transport

    Security (HSTS) • Root CA verification • Preloaded public key pinning • Mixed script blocking • NTLMv2 • TLS v1.3 Isolation protections (today and beyond) Focus on security 17
  18. Across all platforms and devices. Firefox family of products fights

    for you. Quantum High performance web browser with privacy and security built in. Monitor Data breach notifications and prevention tips in a single service. Lockwise Safe, secure and simple password storage on any platform. Send End-to-end encrypted file transfer service with user controls. 18
  19. Compatible with your critical enterprise web apps. 19

  20. Legacy browser support extension • Open a predefined set of

    URLs in Internet Explorer • Switch back to Firefox when navigating to a different domain • Dedicated installers (32 and 64 bit, exe and msi) • Provisioning through IE sites list or policy Ensuring legacy web apps compat 20
  21. Firefox Kiosk mode • Ships with Firefox 72 will be

    available on the next ESR78 • Runs in full screen mode by default • All menus, awesome bar and toolbar are not visible as well as tabs • The X button is not available when you hover at the top of the screen • F11 does not work • The right-click context menu does not work • Hides the status bar at the the bottom when attempting to indicate progress • Hides the destination link when hovering over links • Available on Windows, MacOS and Linux Enabling Kiosk use cases 21
  22. A top 5 global Linux deployment • 70,000 Linux/Ubuntu and

    10,000 Windows desktops • Undisclosed number of Androïd AOSP (Secdroïd) with Firefox as default browser • 4,300 sites / 93,000 users • Why Firefox? • French government recommends its use • High level of customizability and good standards support • Freedom from Microsoft dependencies • Longer release cycles match their IT expectations • Cross platform support • Open source nature allows bringing changes Case study - French Gendarmerie 22
  23. Other organizations we supported in the last 12 months 23

  24. Competition analysis - Core features 24 *All services can be

    disabled per article **This is Chromium only, likely more on Chrome Firefox (ESR68) Chrome (76) Edge (1903) Chromium Edge OS support Windows support ✓ ✓ ✓ ✓ MacOS support ✓ ✓ ╳ ✓ Linux support ✓ ✓ ╳ ? Characteristics Open source ✓ ╳ ╳ ╳ Core platform Gecko Chromium EdgeHTML Chromium Release cadence Every 6 weeks (RR) Every 12 months (ESR) Every 6 weeks Every 6 months Every 6 weeks? Connected services 24* 53+** Undisclosed Undisclosed
  25. Competition analysis - Browser management 25 Firefox (ESR68) Chrome (76)

    Edge (1903) Chromium Edge Management Windows GPO ✓ ✓ ✓ ✓ MacOS plist support ✓ ✓ ╳ ✓ Windows MSI ✓ ✓ ✓ ✓ MacOS pkg ✓ ╳ ╳ ✓ Cloud management ╳ ✓ ╳ ╳ IE compatibility ✓ ✓ ✓ ✓ Admin console ╳ SCCM/Intune compliant ╳ SCCM/Intune compliant ╳ SCCM/Intune compliant
  26. Competition analysis - Browser security 26 Firefox (ESR68) Chrome (76)

    Edge (1903) Chromium Edge Security/Data protection Tracking protection ✓ ╳ ╳ ✓ Fingerprinting Resistance ✓ ╳ ╳ ╳ Container technology ✓ ╳ ╳ ╳ Hardware isolation ╳ ╳ ╳ ✓ Sandboxing ✓ ✓ ✓ ✓ Site isolation ╳ ✓ ╳ ✓
  27. Firefox Paid Support is best in class. FIREFOX FREE FIREFOX

    PAID SUPPORT CHROME PAID SUPPORT Self-service knowledge base ✓ ✓ ✓ Public bug submission ✓ ✓ ✓ Private bug submission ✓ ✓ Critical security bug fixes with SLA ✓ Concierge bug entry with 24h response time & 72h response ✓ ✓ Enterprise customer portal ✓ ✓ Contribute to enterprise roadmap ✓ Proactive notification on critical Firefox events ✓ SLA management tool ✓ 27
  28. 28 Quick 2020 overview Release date Release ESR June 30th

    2020 Firefox 78 Firefox 68.10; 78.0 July 28th 2020 Firefox 79 Firefox 68.11; 78.1 August 25th 2020 Firefox 80 Firefox 68.12; 78.2 September 22nd 2020 Firefox 81 Firefox 78.3
  29. 29 Quick 2020 overview • More policies (specific policies driven

    by user demand) • Kiosk mode ships on ESR • Client authentication using certificates provided by OS • Firefox monitor pro • Private update and telemetry solution • Master OFF switch for external services
  30. 30 Feedback collection Current issues? Feature requests?

  31. Questions? Please contact: Romain Testard romain@mozilla.com 31

  32. Appendix 32

  33. A modern browser Privacy and security is in our DNA.

    Includes everything you’ve come to expect from a modern Enterprise browser. • Phishing and malware download protection gives employees a safe environment to browse • Security Sandboxing makes use of child processes as a security boundary preventing malicious web pages activities • Frequent Security updates help ensure users remain protected • HSTS, TLSv1.3, NTLMv2, root CA verification and mixed script blocking The web is safe again with Firefox Quantum. Innovate for good More features than Chrome to keep you safe. • First party isolation • Fingerprinting resistance • Memory safety • Container technology • PRIO-based telemetry • CRLight • Deterministic builds • Proxy obedience • Encrypted SNI Firefox on your side Support now available with concierge-like services. • Public & private bug submission • Critical bug fixes with SLAs • Enterprise portal for key communications, deployment and set up assistance • Enterprise roadmap suggestions 33
  34. Easy to install In just a few minutes, you can

    protect your entire enterprise. • MSI Installer for Windows • pgk bundle for Mac • Release channel options: Rapid Release (every 6 weeks); Extended Support Release (annual update with security & policy updates every 6 weeks) Deployment and management are a cinch. Fully customizable • GPO support for Windows • Configuration Profiles & plist support for MacOS • Flexible update management • Open in IE extension for IE redirects 34
  35. Competition analysis - Browser support 35 Firefox (ESR68) Chrome (76)

    Edge (1903) Chromium Edge Technical Support Deployment/Configuration questions ✓ ✓ ✓ ✓ Software bug resolution support ✓ ╳ ╳ ╳ Contribute to roadmap ✓ ╳ ╳ ╳
  36. Choice Firefox Quantum is fast, performant, across desktop and mobile,

    on all platforms. • Rapid Release and Extended Support Release cycles (major updates once a year with regular security updates) • Web extensions • Intelligent page loading & WebRender The right browser for your enterprise. Safety Browser features and online services keep you safe, with security updates, sandboxing & more. • Firefox Monitor (breach alerts) • Firefox Send (encrypted file sharing) • Firefox Lockwise (password storage) Control Browser configuration options that best suit your enterprise. • Policy Management • Group Policy on Windows • Configuration profiles on macOS • Update management • Legacy Browser Support (Windows) Privacy Your data is your business, and never sold. Period. • Truly open source • Anti-tracking policy • Enhanced Tracking Protection (blocked tracker listing) • DNS over HTTPS 36
  37. Thank you