Enterprise browser acquisitions plug the hole in security platforms
Every aspiring security platform needs a secure browser component, because it delivers the holy quaternity of enforcement:
Identity - These can integrate with IAM tools to inherit security policies and access controls
Network - It handles most network traffic from end user devices, so you can enforce policies, and filter ingress/egress internet and corporate traffic
Data - sees data at rest and in-transit, including source code and post-webpage rendering. It can obfuscate sensitive data based on categories, Restrict uploading to emails, third-party storage services, etc.
Process - can detect and block processes from executing such as malicious scripts and keyloggers
And obviously AI, which would be particularly cool if detection and enforcement lives in the browser, but I reckon most solutions still require some proxying, which is why its not in the above list.
We see the biggest security players either acquiring or partnering with enterprise browsers. Mainly because folks don’t like managing EDR agents and there are no other inline appliances to shove into SASE.
With the browser, you get local enforcement on a piece of software everybody is already using!
So here is a quick classification on how big security wants to add browser to their product:
But if you're either looking for
a standalone browser because you don't want a whole platform, or
a vendor to buy or partner with
You’ve got a great lineup of options, from the likes of Conceal, Keep Aware, Mammoth Cyber, HERE, Acium Browser Security, or Red Access.
Palo Alto Acquires Talon (2023)
Palo Alto Networks Alto Acquires Talon (by Palo Alto Networks) (2023)
PAN leads the way by integrating Talon into the SASE portfolio, to extend Prisma Access to unmanaged devices, but also ensures consistent security and deeper visibility into device usage.
Fortinet Acquires Perception Point (2024)
I can't for the life of me figure out where Perception Point went into the Fortinet portfolio. Granted, there's more to perception point than just the browser, like email security, but i'm lost in the taxonomy forest.
Concentic AI Acquries Swift Security (2025)
Not your usual security play, but nonetheless this is a solid genAI-based DSPM solution that makes sense to have its browser component front-facing
Check Point Partners with SURF (2025)
Check Point uses SURF's browser to extend SASE’s enforcement to the end-user device. The partnership with Surf transforms the browser into a proactive security control extending Check Point’s SASE’s comprehensive security and networking capabilities.
Crowdstrike Acquires Seraphic (2026)
CrowdStrike was already an investor in Seraphic so they really just topped up their investment.
This is AFAIK different from the other ones, with Seraphic having a cool agentless+extension combo, while CrowdStrike mixing this together with SGNL continuous authorization technology for a rather novel identity security strategy.
Zscaler Acquires SquareX (2026)
Zscaler now has a browser extension to extend its zero trust security policies to unmanaged devices. With SquareX, Zscaler will extend the same level of uncompromising security to unmanaged devices, enabling organizations to secure users within their preferred browser - such as Google Chrome and Microsoft Edge - without the need for a full agent or the limitations of a separate, third-party browser.
Sophos Partners with Island (2026)
When Island has >$5bn valuation, it's hard to acquire, which makes it a great candidate for partnerships, giving us Sophos ZTNA + Browser for control over app usage, local data controls, and web filtering.