Authentic8 Blog Author: Scott Petry

Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Silo Browser Beats Google Chrome, Georgetown Study Finds

Illustration: Silo Browser Beats Google Chrome, Georgetown Study Finds - Authentic8 Blog

Security Without Compromise, Better for Enterprise Productivity

A new study by Georgetown University researchers confirms: Silo, the secure browser delivered as a cloud-based service by Authentic8, provides enterprise users with a higher level of protection against malware threats than Google’s Chrome browser.


The tests were conducted at the Security and Software Engineering Research Center at Georgetown University (S2ERC). Their results, now published in the S2ERC Productive Browser Report [PDF], cast a new light on browser security in the enterprise space.

One of the most telling outcomes of the study concerns a fundamental difference between a local browser - in this case, Chrome, often considered the most secure among “regular” browsers - and a cloud browser like Silo.

When the S2ERC researchers exposed their testing environment running Chrome to 54 malicious files on the web, the machine running Chrome was infected by eight of them. The infection rate of the computer running Silo? Zero.

In short, approximately 1/7 of the malicious

The Long Con: Antivirus and Your Data

Illustration: The Long Con: Antivirus and Your Data - Authentic8 Blog

Officials and security researchers have named antivirus (AV) vendors as the new weak link in enterprise and government networks. They claim that sensitive files of the U.S. National Security Agency, the Republic of Korea Armed Forces and U.S. companies were targeted and exfiltrated thanks to the software that should be protecting the endpoint.

Antivirus solutions have been around since the mid-1980s. We gave them file system permissions to scan every file. Then we allowed access OS processes to scan active code. Then we allowed vendors to take our data to the cloud for “enhanced” security.

Now, as with many other services, our trust is used against us. The same AV tools that were supposed to help us fight malware are used as a backdoor to steal sensitive information and stage cyber attacks. This feels like a long con perpetrated by the antivirus industry.

Which vendors can you trust?

The irony is that for years we’ve been paying vendors to

So Much Leaking.

Illustration: So Much Leaking. - Authentic8 Blog

In the wake of the devastating WannaCry and NotPetya ransomware campaigns, it was hard to imagine that things could get more embarrassing for the IT profession.

That double whammy was possible because IT administrators left firewall ports 445 and 139 open, which allowed the ExternalBlue exploit to take hold. Thousands of companies around the world paid the price for IT's negligence.

Despite all the attention, many organizations still haven’t taken the simple step to close the obviously open ports.  Once they get hit, regulators and litigators will likely have a field day. Nobody can say IT wasn’t warned.

And now, just a few short weeks later, we learn that security researchers have discovered numerous preventable data leaks that exposed personal, sensitive data of hundreds of millions of users.  Where did they find this data?

On Amazon - where else?  The go-to web service for storing large amounts of data. Impacted organizations include:

WannaCry? Cry Over Too Much Complexity

Illustration: WannaCry? Cry Over Too Much Complexity - Authentic8 Blog

There’s plenty of blame to go around for WannaCry (a.k.a. Wcry, Wanna Decryptor), the ransomware that hit more than 200,000 organizations in 150 countries. Let’s focus on a driver behind this malware campaign that hasn't been widely discussed: complexity.


WannaCry encrypted files on Windows computers in hospitals, train stations, shipping hubs, automotive manufacturing plants and power companies (among others), then demanded a ransom - payable in BitCoin -  to unlock the files on the victim’s PC.

Once delivered to a Windows machine, this ransomware exploits a security hole in the file transfer protocol used in Microsoft networks. For in-depth information, I recommend the  Wcry US-CERT Alert and Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware on Troy Hunt’s blog.

Who’s behind it? We still don’t know. As for who’s to blame, let the finger pointing begin:

ISPs & Privacy: Why it Matters, and How to Cover Your A$$

Illustration: ISPs & Privacy: Why it Matter, and How to Cover Your A$$NEWS, POLICY

Both the US Senate and the House of Representatives have cleared the way to remove privacy rules for internet service providers (ISPs) like AT&T, Charter, Comcast and Verizon. The President  signed the executive order to repeal these rules, which were originally put in place by the FCC in 2016 to protect consumers on the web. 

While the nation’s largest ISPs have pushed hard for this move, most internet users in the U.S. are only now learning that their entire web browsing history may be collected, sold, and/or used for marketing purposes - no  “opt-in” or other permission required.

This is a good time to take a step back and assess what it all means. The privacy rules were fairly recent and had not yet been enacted.  And, it's not back to the old state - the lawmakers went a step further, issuing a joint resolution that aims to ensure that the FCC will be barred