![The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)](https://isc.sans.edu/images/logos/isc/large.png)
THIS guest diary by Varun Murdula discusses the enforcement gap in Cloud Access Security Brokers (CASBs) due to the QUIC protocol, which runs over UDP and is not visible to traditional CASB traffic inspection, primarily designed for TCP. The article highlights how this security issue allows unauthorized web traffic, potentially exposing sensitive data, especially with the rise of generative AI.
It explains the importance of testing CASB policies across multiple browsers and provides strategies for organizations, including blocking QUIC traffic and regularly comparing CASB log entries with endpoint telemetry to ensure comprehensive policy enforcement. Key recommendations stress the need to treat CASB event counts as a minimum and to implement browser-native DLP tools for improved coverage.