Authentic8 Blog Author: Scott Petry

Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

DOD Looks to the Cloud for Browser Security

Illustration: DOD Looks to the Cloud for Browser Security - Authentic8 Blog

The US Department of Defense just published its cloud browser strategy. What's yours?

*

On June 5, 2018, the Defense Information Systems Agency released an unclassified request for information (RFI) outlining its intent to procure a cloud browser for 3.1 million Department of Defense (DOD) employees.

The operators of the most-targeted network in the world have concluded that they'd be more secure and efficient if they kept all public web code off the department's network.

This is significant for the entire cybersecurity market, not just the DOD. With this RFI, an arguably niche, disruptive security solution becomes mainstream. Cloud browsers are now something any organization concerned with online security must consider.

DOD personnel use the web for mission-related activities, support and logistics functions, and morale and well-being. With more than 4 million users worldwide, and with many people operating out of sensitive government facilities, the DOD is also a compelling target for cyberattack. The volume of attacks the department must deal with

Fed Up? Fire Up This Cloud Browser.

Illustration: Fed Up? Fire Up This Cloud Browser. - Authentic8 Blog

The Facebook/Cambridge Analytica fiasco did not happen overnight or by “mistake”, as Facebook wants users to believe. The price of “free” services and apps online means the loss of data protection, privacy and transparency.

This isn’t a new phenomenon, it’s not limited to Facebook, and it should not be a surprise to anyone. Venture investment in companies building businesses around “eyeballs” and “clicks” had to convert to hard cash at some point, and that point is the monetization of user data.

In contrast, Authentic8’s cloud browser Silo was built on the trust of its users. How do we honor that trust? We think you have a right to know what we do with your data. But first, some background.

*

So Mark has admitted “mistakes” on behalf of Facebook. As did Marissa before him, for Yahoo. And don’t forget Richard (who?), who apologized - kinda, sorta - for Equifax. And so on…

Did it change anything that these

Silo Browser Beats Google Chrome, Georgetown Study Finds

Illustration: Silo Browser Beats Google Chrome, Georgetown Study Finds - Authentic8 Blog

Security Without Compromise, Better for Enterprise Productivity

A new study by Georgetown University researchers confirms: Silo, the secure browser delivered as a cloud-based service by Authentic8, provides enterprise users with a higher level of protection against malware threats than Google’s Chrome browser.

*

The tests were conducted at the Security and Software Engineering Research Center at Georgetown University (S2ERC). Their results, now published in the S2ERC Productive Browser Report [PDF], cast a new light on browser security in the enterprise space.

One of the most telling outcomes of the study concerns a fundamental difference between a local browser - in this case, Chrome, often considered the most secure among “regular” browsers - and a cloud browser like Silo.

When the S2ERC researchers exposed their testing environment running Chrome to 54 malicious files on the web, the machine running Chrome was infected by eight of them. The infection rate of the computer running Silo? Zero.

In short, approximately 1/7 of the malicious

The Long Con: Antivirus and Your Data

Illustration: The Long Con: Antivirus and Your Data - Authentic8 Blog

Officials and security researchers have named antivirus (AV) vendors as the new weak link in enterprise and government networks. They claim that sensitive files of the U.S. National Security Agency, the Republic of Korea Armed Forces and U.S. companies were targeted and exfiltrated thanks to the software that should be protecting the endpoint.

Antivirus solutions have been around since the mid-1980s. We gave them file system permissions to scan every file. Then we allowed access OS processes to scan active code. Then we allowed vendors to take our data to the cloud for “enhanced” security.

Now, as with many other services, our trust is used against us. The same AV tools that were supposed to help us fight malware are used as a backdoor to steal sensitive information and stage cyber attacks. This feels like a long con perpetrated by the antivirus industry.

Which vendors can you trust?

The irony is that for years we’ve been paying vendors to

So Much Leaking.

Illustration: So Much Leaking. - Authentic8 Blog

In the wake of the devastating WannaCry and NotPetya ransomware campaigns, it was hard to imagine that things could get more embarrassing for the IT profession.

That double whammy was possible because IT administrators left firewall ports 445 and 139 open, which allowed the ExternalBlue exploit to take hold. Thousands of companies around the world paid the price for IT's negligence.

Despite all the attention, many organizations still haven’t taken the simple step to close the obviously open ports.  Once they get hit, regulators and litigators will likely have a field day. Nobody can say IT wasn’t warned.

And now, just a few short weeks later, we learn that security researchers have discovered numerous preventable data leaks that exposed personal, sensitive data of hundreds of millions of users.  Where did they find this data?

On Amazon - where else?  The go-to web service for storing large amounts of data. Impacted organizations include: