Authentic8 Blog Category: Security

Silo Browser Beats Google Chrome, Georgetown Study Finds

Illustration: Silo Browser Beats Google Chrome, Georgetown Study Finds - Authentic8 Blog

Security Without Compromise, Better for Enterprise Productivity

A new study by Georgetown University researchers confirms: Silo, the secure browser delivered as a cloud-based service by Authentic8, provides enterprise users with a higher level of protection against malware threats than Google’s Chrome browser.


The tests were conducted at the Security and Software Engineering Research Center at Georgetown University (S2ERC). Their results, now published in the S2ERC Productive Browser Report [PDF], cast a new light on browser security in the enterprise space.

One of the most telling outcomes of the study concerns a fundamental difference between a local browser - in this case, Chrome, often considered the most secure among “regular” browsers - and a cloud browser like Silo.

When the S2ERC researchers exposed their testing environment running Chrome to 54 malicious files on the web, the machine running Chrome was infected by eight of them. The infection rate of the computer running Silo? Zero.

In short, approximately 1/7 of the malicious

Financial Services: How Remote Browser Isolation Gives Anti-Fraud/AML Teams a Leg Up On the Web

Illustration: Financial Services: How Remote Browser Isolation Gives Anti-Fraud/AML Teams a Leg Up On the Web - Authentic8 Blog

By Richard Steinhart

Research shows that financial services firms encounter 300 times more [PDF] cybersecurity incidents - most of them browser-related - than companies in other industries.

Web-borne threats pose a particular challenge for due diligence researchers, fraud analysts and anti-money laundering (AML) specialists, whose web activities frequently put them at high risk. How can financial firms protect their teams better online?

Due to a steadily increasing caseload and a rapidly changing threatscape, approaches like setting up a “dirty box” somewhere in a corner or relying on a slow and hard to maintain Virtual Desktop Infrastructure (VDI) have reached their limits. This is why more banks are now outsourcing the risk - with compliance-ready remote browser isolation.


Financial services organizations face escalating and evolving risk due to cyber attacks, online fraud and money laundering schemes. This has led to increased scrutiny and pressure from regulators.

At the same time, cybersecurity teams in the financial sector are stretched thin as a result of

GDPR: A Deadline You Can’t Afford to Ignore

Illustration: GDPR: A Deadline You Can’t Afford to Ignore - Authentic8 Blog

by Steve Durbin, Managing Director, Information Security Forum

If your U.S.-based business deals with customers, employees or contractors in the European Union, the clock is ticking for you. On May 25th, the EU’s General Data Protection Regulations (GDPR) goes into effect.

It will affect you no matter if you have an actual presence in Europe or not.

At the Information Security Forum (ISF), we consider GDPR to be the most extensive overhaul of global privacy law in decades. It fundamentally redefines the scope and application of EU data protection legislation.

GDPR compels organizations worldwide to comply with its requirements — or face stiff fines and penalties. The regulation affects any organization that handles the personal data of European Union (EU) residents, regardless of where the data is processed.

Many US-based organizations are obliged to comply with the new standards. Given the global nature of e-commerce, cloud services, and communications platforms, few organizations will be able to completely avoid the requirements.

Local Browser Wins Olympic Gold for Worst Security

Illustration: Local Browser Wins Olympic Gold for Worst Security - Authentic8 Blog

by Amir Khashayar Mohammadi

Nearly every web browser comes equipped with a built-in password manager. Combined with all its other inherent vulnerabilities, this makes the local browser an even more attractive target for automated attacks. The bad guys would love to gain access to the container that keeps track of the keys to your online bank. Given the browser’s weak security underpinnings, how hard could it be?

Not too hard. This was confirmed, once again, by news that broke earlier this week. A new piece of malware, dubbed "Olympic Destroyer" by security firm Talos, does just that. Its purpose was to target a network of non-critical systems at this year's Winter Olympics in PyeongChang, South Korea.

Cybersecurity researchers pointed out that Olympic Destroyer was designed to take computers offline by erasing critical system files. But that was not the whole story. Olympic Destroyer also features two critical methods of stealing credentials.

One technique targets those credentials stored in the

10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage

Illustration: 10 IT Weak Spots Hit Hardest by the Cybersecurity Talent Shortage - Authentic8 Blog

by Larry Loeb

About 350,000 IT positions that require cybersecurity knowledge and skills remain currently unfilled. What impact does the acute talent shortage have on critical day-to-day IT security tasks?


According to Bloomberg BNA, 2017 was the Year of the Data Breach. Major institutions and organizations suffered from damaging hack attacks and data leaks.

No wonder that in 2018, many CISOs are growing even more concerned about the acute talent and skills shortage in cybersecurity.

Critical areas and attack vectors go uncovered, due to a lack of personnel. Will more major trouble like last year’s Equifax hack be the result?

By 2022, industry observers expect a shortfall of 1.8 million infosec professionals. The effects of not having the right people in the right slots are varied, but one outcome seems certain: essential tasks will be left undone.

Which IT security to-dos are too easily missed?

A lack of awareness exacerbates the resulting risk for the organization’s overall cybersecurity