Secure Virtual Browser Can Now Seamlessly Authenticate With Existing Enterprise Gateway Proxies
Network traffic from traditional browsers and local applications is controlled via PAC (Proxy Auto-Config) rules that IT has implemented to route web traffic through specific proxies.
However, Silo users don't run a browser locally or connect to the Internet directly. Instead, the Silo client connects securely to a remote browser via an alternate port and interacts with the browser via an encrypted display protocol. In the Silo model, the browser runs on infrastructure outside of the corporate network environment, shifting the attack surface away from the corporate environment area to the cloud. While this solution creates a perfect insulation layer between the user's device and the Internet, it bypasses the corporate control infrastructure.
With this release, the Silo Windows client is now PAC file capable, and it can also perform authentication against proxy gateways using Windows domain tokens. Mac and Linux platform support will follow.
"Our enterprise customers have been asking to integrate these features, pointing to the inherent vulnerability of the traditional browser and the shift by information security teams away from threat identification to isolation," said Ramesh Rajagopal, co-founder and Head of Product at Authentic8. "Some of the most sophisticated organizations in the world with the most crucial information security requirements are adopting Silo, and we need to fit with their existing infrastructure."
Seamless access to existing network infrastructure can also, depending on the proxy platform, allow URLs clicked in a local environment to render within Silo. The Silo client registers itself with the local system as a handler for any URL encoded with an A8:// prefix. With proxy capability to re-write URLs on the fly, a common feature supported in leading platforms, users can have website content automatically render within Silo.
While Silo is a secure and private browsing environment, organizations still need to ensure that their users maintain compliance with corporate policies. Authentic8 can be configured to restrict access to particular websites, control data transfer and to store detailed log data on device access details, site activity and content posted to forms. This log data is encrypted with a customer-supplied encryption key and can be extracted via authenticated API for decryption.
These features are available immediately, and at no additional cost, as part of Silo. Supported network proxy architectures include popular open source solutions, such as Squid, and mainstream commercial vendors, such as Websense, Bluecoat, and Zscaler and other platforms that support kerberos and NTLM.