Authentic8 Blog Author: Gerd Meissner

Gerd writes, produces, edits, and manages content at Authentic8. Before, he covered information technology and data security as a journalist and book author in the US and in Europe.

Meet Frankie Keyes, the Most Trusted Expert in Cybersecurity

Frankie… who? No April Fool’s joke: Francis (“Frankie”) Archibald Keyes, Esquire, a fictitious figure you likely have never heard of, enjoys significantly higher trust among IT professionals than most real-life cybersecurity vendors or experts, according to new survey results from this year’s RSA Conference in San Francisco.

Of those surveyed in our Cybersecurity Approval Poll at RSA, a total of 88% stated that they trusted the made-up Mr. Keyes “much more”, “slightly more” or “about the same” as “other cybersecurity vendors and experts.”

If these results don’t instill much confidence in the industry’s ability to protect its customers from data breaches, malware attacks, and online election meddling, that is the whole point.

Frankie Keyes, a self-proclaimed Mr. Fix-it played by a professional actor, served as the face of F.A.K.E. Security, a make-believe company (website, Twitter handle and all) made up by Authentic8.

Fake Security, Real Survey

F.A.K.E. Security had its own booth

VPN: A Big Misunderstanding?

Most VPN services fail to provide a level of data protection and anonymity that would pass professional-level muster. Part 3 of our VPN miniseries shows how confusion about this 20+ years old technology and its complexities has added new risks and threats.

*

In the first two posts, we focused on the “online privacy” promise of VPN, and on how misconceptions about VPN impact IT security and productivity in the enterprise in general.

In this post, we’ll address the most common misunderstandings about VPN and their ramifications one by one.

A VPN service creates a secure connection (often described as a “tunnel”) between two computers, say between an executive’s laptop at home or on the road and a company server.

This can provide protection, for example when going online via public WiFi networks or consumer-grade home broadband connections. Many services encrypt much of the data transmitted from point to point within the VPN. Others - and that’s the bad news

VPN for Secure and Private Web Access? Think Again.

Many believe a Virtual Private Network (VPN) will protect users against online privacy violations and web-borne exploits. But how far can you really trust VPN? A new report by Authentic8 provides answers that may surprise you.

*

VPN creates an encrypted data “tunnel” between the user’s computer and a secure server - on the corporate network, for example - that can also serve as a springboard to the web. Still, this secure tunnel is not sufficient. Over the more than 20 years that VPN has been around, its limitations have become obvious.

Yes, VPN can make connecting with networks and resources across the web more secure. What is often overlooked: VPN still allows web code to pass through to the locally installed web browser.

This opens the door for malware and spyware infiltration as well as data exfiltration, localization and de-anonymization by third parties. In last week’s blog post, we focused on the “online privacy” promise of VPN. We showed how

5 Must-Read Resources for Compliance and IT Leaders in Investment Firms

Regulated investment firms use the web to gather market intelligence, to access data aggregation tools and business apps, and to communicate via webmail and social media.

While many (if not most) business functions have shifted to the web and cloud apps, including IT security, the primary tool used by research analysts and investment managers remains stuck in IT’s past: the locally installed browser. A holdover from the 1990s, the local browser’s inherent weaknesses make it notoriously difficult to manage, monitor, and secure against web-borne exploits.

This has created a growing compliance blindspot for buy-side and sell-side firms. At the same time, the pressure from federal and state regulators is steadily increasing. Registered investment advisers are one example. By subjecting 17% of firms to OCIE examinations in FY 2018, the SEC already exceeded its own ambitious goal (15%) in this group alone for this year.

Chief Compliance Officers, CISOs and CTOs in the industry have been put on notice. One simple

5 Must-read Resources for SOC and Threat Intelligence Professionals

Have SOCs made enterprise IT more secure? Over the past months, multiple surveys, research reports and white papers on the success of Security Operations Centers (SOCs) and threat hunting were published that attempt to answer this question.

From various angles, researchers have gauged the impact SOCs and threat intelligence gathering (manually and automated) have on improving the IT security posture of companies in the U.S. and worldwide.

Businesses made significant investments in AI/machine learning-based automated threat detection and prevention tools over the past year. So what do they have to show for it?

If you’re planning a SOC or devising the budget plan for an existing one, check out the reports reviewed below for useful facts and actionable insights.

*

1) Security Operations Centers: Not a Success Story (Yet)

Security operations centers (SOCs) are facing critical staffing and retention issues that prevent them from realizing their full potential. This is one key takeaway from the new report The Definition of