You wake up and want to know the day’s weather. So you point your browser to weather.com and it gives you the weather forecast. Simple. But you never typed provided any information about where you are and the website somehow knew your location. How did it know?
When you visit a website, your computer sends information about its identity. Your IP address is a key part of that information that is passed behind the scenes from your browser to the website. Visit a site like whatismyip.com, and you will see where your web traffic is originating from geographically. Used legitimately, this information can be used to deliver relevant content that provides a unique, tailored browsing experience.
What led to the development of a feature allowing you to hide your location?
Unfortunately, not all users are legitimate. Malicious website developers can use your IP address information to adjust content based on traffic’s origin. For example, a malware payload may specifically target users in Germany while users in any other region could visit the same webpage and get harmless content. In the example above, a researcher at a security company would want to make sure they looked like they are in Germany in order to get the malicious content.
Before Silo, an organization would need to use a commercial VPN solution, access these sites via the Tor network, or configure and deploy proxies in various locations for their users. In order to do that, they would need to build, maintain, and more importantly, pay for the infrastructure needed to keep these up and running. This can cost thousands of dollars and require physical server space in each region where you need a proxy.
Silo, Authentic8’s cloud-based virtual browser solution, has always obscured the clients’ IP addresses. Since the IP address the website sees is ours, not the client address, we’ve provided a layer of anonymity. But InfoSec researchers, malware analysts, and incident response teams need more. They need tools that allow them to view malicious sites securely and to visit them, virtually, from multiple locations - all while obscuring or even mis-attributing their identity. To do that, we’ve deployed a network of Silo Exit Nodes that live in data centers around the world.
What does this network of Silo Exit Nodes do?
This new functionality allows the browser execution as well as the egress location for the web data to be configured by a researcher. A virtual browser session can be defined to have the execution of the browser stack, complete with a virtual file system, to live in one region, but have the traffic routed around the world and exiting to the Internet from another location. A researcher can run multiple, isolated virtual browser sessions simultaneously, with each session exiting from another location - Sao Paulo, Tokyo, Dubai, Berlin, Moscow. Today, users can choose from 13 countries covering every continent of the world (except Antarctica), with more Exit Nodes to come. All traffic routing from the client, to the browser in the cloud (RDP data only), to the Silo Exit Node (HTTP/S data) transits over Authentic8’s private and secure network.
Combine this ability to route traffic specific to a need with the ability to swap the user agent string for each browser session and you have a powerful, isolated and fully mis-attributed browsing environment for InfoSec research.
How would a customer use Silo with various Exit Nodes?
Let’s say that a brand integrity manager based in the United States finds out that a malicious website developer in Brazil is malvertising on their website to distribute malware to users in Brazil based on their IP address. The company starts to get complaints from users in Sao Paulo that their computers are getting infected, and, as a result, the brand is starting to get a bad reputation in South America. The brand integrity manager is responsible for investigating the cause of these complaints and figuring out how to correct the brand’s image. He visits the website from his office and, because he’s visiting from a U.S.-based IP address, gets a clean, safe webpage.
Using Authentic8’s Exit Nodes, with one click, the manager can mimic a Brazilian IP address from his computer in the U.S. and have the same web browsing experience that the Brazilian users are having. The researcher can then capture and analyze the content, and even upload it to additional resources without exposing their device, network or identity. This gives him insight into the end user’s experience and the root of the complaint. As a result, he is able to take appropriate action.