Authentic8 Blog Category: Security

Webinar: Cloud-based Research Platform for Threat Hunters

One of the most important applications of a cloud browser is investigating threat intelligence. Information security analysts can get quickly overwhelmed with data, from potential risks to false leads. Providing context for threat intelligence is critical for any security operations team.

Investigating leads from threat intelligence can be time-consuming and expensive for an already over-taxed function. Imagine having thousands of alerts, and no way to tell which ones are legitimate and which ones are benign.

Cloud-based technologies make infosec analysts more productive by doing much of the grunt work for them. Instead of slogging through thousands (or millions) of alerts, analysts rely on threat intelligence services like Recorded Future for in-depth and high-speed analysis to bring that down to a manageable number. And a cloud browser like the Silo Research Toolbox gives analysts a safe and efficient way to perform deep analysis on legitimate threats.

Illustration: Silo Research Toolbox - the cloud browser for analysts, researchers and investigators (screenshot)
Silo Research Toolbox on the Dark Web

Authentic8 and Recorded Future are presenting a cloud-based research platform

81% of CIOs and CISOs Defer Critical Updates or Patches

New research indicates that eight out of ten CIOs and CISOs refrain from adopting an important security update or patch, due to concerns about the impact it might have on business operations.

*

More than half (52%) said they have done so on more than one occasion. What about in your organization?

The Global Resilience Gap study, commissioned by security software firm Tanium, polled 500 CIOs and CISOs in the United States, United Kingdom, Germany, France and Japan, in companies with 1,000+ employees. Its goal was to explore the challenges and trade-offs that IT operations and security leaders face in protecting their business from a growing number of cyber threats and disruptions.

Infographic: CIOs/CISOs Holding Off on Patches and Updates (Source: Tanium Report)

Source: Tanium

The Problem: “Lack of Visibility and Control”

The report identifies “[l]ack of visibility and control across networks” as the main cause behind such missed or delayed updates.

80% of respondents reported they found out that a critical update or patch they thought had been deployed had not

Meet Frankie Keyes, the Most Trusted Expert in Cybersecurity

Frankie… who? No April Fool’s joke: Francis (“Frankie”) Archibald Keyes, Esquire, a fictitious figure you likely have never heard of, enjoys significantly higher trust among IT professionals than most real-life cybersecurity vendors or experts, according to new survey results from this year’s RSA Conference in San Francisco.

Of those surveyed in our Cybersecurity Approval Poll at RSA, a total of 88% stated that they trusted the made-up Mr. Keyes “much more”, “slightly more” or “about the same” as “other cybersecurity vendors and experts.”

If these results don’t instill much confidence in the industry’s ability to protect its customers from data breaches, malware attacks, and online election meddling, that is the whole point.

Frankie Keyes, a self-proclaimed Mr. Fix-it played by a professional actor, served as the face of F.A.K.E. Security, a make-believe company (website, Twitter handle and all) made up by Authentic8.

Fake Security, Real Survey

F.A.K.E. Security had its own booth

Financial Services: How to Minimize Vendor Risk Online in One Step

Here’s a quick tip for CISOs and compliance officers in banks, credit unions, investment or wealth management firms who worry about cybersecurity threats that emanate from vendors and third-party apps:

Disconnect from the web.

Sounds radical? You may be surprised to learn that this process is well underway in some of America’s largest banks and investment firms. Let me explain.

IT security researchers agree that almost 80 percent of data breaches and malware incidents are web-borne and in some way browser-related. The regular browser has become the main gateway for attacks on the local IT infrastructure of firms (not only) in the financial sector.

Locally installed browsers – including those labeled “secure” by their makers – indiscriminately process all code from the web on the user’s computer or mobile device. The browser opens the door for data exfiltration and for malicious code to infiltrate the corporate network, for example through infected vendor websites or compromised third-party business apps.

The finance sector’

VPN: A Big Misunderstanding?

Most VPN services fail to provide a level of data protection and anonymity that would pass professional-level muster. Part 3 of our VPN miniseries shows how confusion about this 20+ years old technology and its complexities has added new risks and threats.

*

In the first two posts, we focused on the “online privacy” promise of VPN, and on how misconceptions about VPN impact IT security and productivity in the enterprise in general.

In this post, we’ll address the most common misunderstandings about VPN and their ramifications one by one.

A VPN service creates a secure connection (often described as a “tunnel”) between two computers, say between an executive’s laptop at home or on the road and a company server.

This can provide protection, for example when going online via public WiFi networks or consumer-grade home broadband connections. Many services encrypt much of the data transmitted from point to point within the VPN. Others - and that’s the bad news