Authentic8 Blog Category: Cloud Browser

Ideas That Become Obvious In Hindsight

Interview: Authentic8 Co-founder and CEO Scott Petry on Leo Laporte's TWiT.tv

Were you excited when Apple presented the Newton mobile device to the world, a glimpse into a future starring the iPhone? Or perhaps relieved when the email Spam Wars were won by Postini, a Silicon Valley startup later bought by Google, where it became the core of Gmail?

The ideas and concepts that drove both breakthrough innovations initially faced ridicule (in the case of Newton) and skepticism. What they have in common is that today, they are obvious in hindsight.

What they also share is a name: Scott Petry. His career took him from Apple's Newton team to founding and later selling Postini - which solved the email spam problem - to Google and from there to his current role as Co-founder and CEO of Authentic8, which pioneered remote browser isolation in the cloud.

Do we have a theme here? Leo Laporte thinks so. The award-winning tech journalist and founder

What’s the ROI of Threat Hunting?

How can IT security threat hunters measure success? That is one of the core questions raised by the new SANS 2019 Threat Hunting Survey, which was co-sponsored by Authentic8.

*

The  answer may lie in a strategy and tool selection that avoids mission and  cost creep, and results in measurable effects - and savings - to prove  it.

That’s our main takeaway from this year’s Threat Hunting Survey. Co-authors Mathias Fuchs and Joshua Lemon capture the different  needs and challenges within organizations that are just starting their cyber threat hunting program, versus those who are honing their skills and programs.

Definitions of Threat Hunting

What is threat hunting? The SANS survey results document a wide variety of methodologies, spending  priorities, tools deployed, training needs - and opinions about what  constitutes effective threat hunting practices.

"Many organizations use an alert-driven approach to threat hunting or use indicators of compromise [IoCs] to guide their hunts," says Mathias Fuchs, a SANS instructor and threat

Operation “Shields Up”: Web Isolation in the U.S. Military

How can government organizations, private enterprises, and academic institutions minimize the cybersecurity and privacy risks associated with accessing the internet from desktop or mobile devices?

Valuable pointers come from the defense sector. A new case study, titled Shields Up: How a Military Unit Simultaneously Increased Network Access and Decreased Cyber Risk [PDF], showcases how Authentic8's remote browser isolation technology enabled a U.S. military unit to implement internet policies for personal web access, without increasing the risk of introducing any malware or malicious code into the unclassified network.

The growing need to access publicly available information (PAI) on the web and to leverage the internet for both official and personal business (check out my post on "morale browsing") is making secure access to the broader network a necessity for more military personnel.

"Shields Up" shows how remote browser isolation with Silo Cloud Browser is supporting this change process. Silo enables and secures responsible web use in organizations for which the security risks

October Is Malvertising Awareness Month

Large-scale malvertising campaigns have pushed more than a billion malware and spam-laden ads through online advertising networks onto "secure" web browsers. Ad-blocking software fails to stem the tide.

*

In case you were wondering - yes, you're right: October's official designation still is Cybersecurity Awareness Month. For bystanders, web publishers, and the victims of malicious ads, though, it turned into unofficial "Malvertising Awareness Month" rather quickly.

That's because news broke that cyber criminals had hit major browsers (Chromium/Chrome, Safari, Opera, Edge) with a broadscale malvertising campaign. Dubbed eGobbler by threat hunters, it generated more than a billion malicious advertising ad impressions over the past months.

The Mechanics: How Does Malvertising Work?

The not-so-secret sauce of malvertising campaigns is that they piggyback on legitimate online advertising networks and popular websites to push malware, such as ransomware exploit kits, onto millions of unsuspecting targets at once.

The malicious code then gets downloaded and executed by the web browser on the victim's computer. Game over.

Do You Have What It Takes to Prevent Ransomware?

Malicious software has nearly always been a factor to consider when it comes to managing the IT environment. Have we learned the right lessons?

*

I remember going on calls to a credit card company early in my career, as a then-time field engineer, to diagnose issues that had cropped up on several Dell PCs.

Back in 1991, these were basic PCs with floppy drive systems and 10MB hard disk drives - state-of-the-art desktops at the time, monochrome screens and all.

After some analysis, we concluded that the systems were infected with a virus, a rare occurrence at the time. The Michelangelo virus was just days away from executing, and our options to remove it were limited.

Only two vendors existed to clean malware, and the software had to be downloaded using a 1200 baud modem from a bulletin board. Usually, one vendor or the other would detect and remove the small number of malware samples in the wild at the time. Thankfully,