Navy NGEN-R: New Network, Usual Suspects

Illustration: Navy NGEN-R: New Network, Usual Suspects - Authentic8 Blog

Later this year, the United States Navy intends to award a contract to upgrade their unclassified network, the Navy Marine Corp Intranet (NMCI).

The new contract, Next Generation Enterprise Network Re-compete (NGEN-R) is a multiple award contract that will absorb global networking efforts into a single vehicle that the Navy will administer. Will the Navy get the network needed to “win” in the cyber-battlespace of the future?

*

While the Navy Program Executive Office for Enterprise Information Systems (PEO EIS) has certainly “leaned forward” in its outreach to industry, it hasn’t yet moved full steam ahead into a total embrace of innovation.

By hosting traditional “Industry Days” and other familiar industry outreach initiatives, PEO EIS has ensured that Federal System Integrators (FSIs), who consistently over promise and under deliver on such large programs, will have significant influence over this procurement.

By allowing the FSIs to influence the scope of work, the Navy has ensured it won’t receive the next-gen network needed

Inside GDPR: What Does It Mean for U.S.-based Companies?

Illustration: Inside GDPR: What Does It Mean for U.S.-based Companies? - Authentic8 Blog

For our podcast “The Silo Sessions”, Authentic8 CEO Scott Petry spoke with Steve Durbin (Information Security Forum) about the ramifications of the European Union’s General Data Protection Regulation (GDPR) for U.S. organizations.

This podcast transcript has been edited for readability.

*

Scott Petry: I'm joined by a colleague in the information security space, Steve Durbin. Steve, I'll leave it to you to introduce yourself.

Steve Durbin: Hi Scott, thanks very much for having me on. I'm the Managing Director of the Information Security Forum. The ISF is headquartered in London, we’re a not-for-profit organization and we work with many of the world's leading organizations on issues of information security risk management and increasingly, of course, the subject of today's session: what all of that means from a General Data Protection Regulation standpoint.

The GDPR is coming into effect in May of this year.

Scott Petry: Yes, sooner than people expect, I think - although we've had a couple of years

Silo Browser Beats Google Chrome, Georgetown Study Finds

Illustration: Silo Browser Beats Google Chrome, Georgetown Study Finds - Authentic8 Blog

Security Without Compromise, Better for Enterprise Productivity

A new study by Georgetown University researchers confirms: Silo, the secure browser delivered as a cloud-based service by Authentic8, provides enterprise users with a higher level of protection against malware threats than Google’s Chrome browser.

*

The tests were conducted at the Security and Software Engineering Research Center at Georgetown University (S2ERC). Their results, now published in the S2ERC Productive Browser Report [PDF], cast a new light on browser security in the enterprise space.

One of the most telling outcomes of the study concerns a fundamental difference between a local browser - in this case, Chrome, often considered the most secure among “regular” browsers - and a cloud browser like Silo.

When the S2ERC researchers exposed their testing environment running Chrome to 54 malicious files on the web, the machine running Chrome was infected by eight of them. The infection rate of the computer running Silo? Zero.

In short, approximately 1/7 of the malicious

Financial Services: How Remote Browser Isolation Gives Anti-Fraud/AML Teams a Leg Up On the Web

Illustration: Financial Services: How Remote Browser Isolation Gives Anti-Fraud/AML Teams a Leg Up On the Web - Authentic8 Blog

By Richard Steinhart

Research shows that financial services firms encounter 300 times more [PDF] cybersecurity incidents - most of them browser-related - than companies in other industries.

Web-borne threats pose a particular challenge for due diligence researchers, fraud analysts and anti-money laundering (AML) specialists, whose web activities frequently put them at high risk. How can financial firms protect their teams better online?

Due to a steadily increasing caseload and a rapidly changing threatscape, approaches like setting up a “dirty box” somewhere in a corner or relying on a slow and hard to maintain Virtual Desktop Infrastructure (VDI) have reached their limits. This is why more banks are now outsourcing the risk - with compliance-ready remote browser isolation.

*

Financial services organizations face escalating and evolving risk due to cyber attacks, online fraud and money laundering schemes. This has led to increased scrutiny and pressure from regulators.

At the same time, cybersecurity teams in the financial sector are stretched thin as a result of

GDPR: A Deadline You Can’t Afford to Ignore

Illustration: GDPR: A Deadline You Can’t Afford to Ignore - Authentic8 Blog

by Steve Durbin, Managing Director, Information Security Forum

If your U.S.-based business deals with customers, employees or contractors in the European Union, the clock is ticking for you. On May 25th, the EU’s General Data Protection Regulations (GDPR) goes into effect.

It will affect you no matter if you have an actual presence in Europe or not.

At the Information Security Forum (ISF), we consider GDPR to be the most extensive overhaul of global privacy law in decades. It fundamentally redefines the scope and application of EU data protection legislation.

GDPR compels organizations worldwide to comply with its requirements — or face stiff fines and penalties. The regulation affects any organization that handles the personal data of European Union (EU) residents, regardless of where the data is processed.

Many US-based organizations are obliged to comply with the new standards. Given the global nature of e-commerce, cloud services, and communications platforms, few organizations will be able to completely avoid the requirements.