Authentic8 Blog Category: Compliance

Authentic8 Completes FedRAMP ‘In Process’ Authorization Milestone

Authentic8, the maker of Silo, the leading web isolation platform for commercial and government organizations, announced today that it has completed all requisite steps and is formally “In Process” for FedRAMP authorization.

What Is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide certification program that standardizes the security, reliability, and integrity of cloud products and services. FedRAMP certification aims to ensure consistent compliance across all federal agencies and streamlines approval and procurement processes.

Authentic8 began working with government organizations in 2015. With more than 160 federal, state, and local agencies relying on Silo cloud browsing and web investigation solutions to execute their most important missions, Authentic8 is the largest provider of isolation technology to US government organizations.

“Something as simple as going online presents significant risk to any organization, and government data is a particularly sweet target for cybercriminals and nation states,” said Justin Cleveland, Head of Authentic8’s government business. “Achieving FedRAMP authorization will help us expand

JavaScript: How NPM Maintainer Accounts Amplify Risk

20 compromised JavaScript package “maintainer” accounts - that’s all it takes to bring down the global digital supply chain through malicious code executed in the browser.

*

Attackers need to target only 20 specific maintainer accounts to reach more than half of the entire JavaScript npm ecosystem, security researchers warn. With regular browsers on the receiving end, ready to indiscriminately execute code from affected web pages, this can trigger a disastrous chain reaction.

More than 800,000 free and reusable software packages are available through the npm (“node package manager”) software package registry. Should an attacker breach one of these at-risk accounts, it could bring down the digital supply chain worldwide, the findings of the Technical University of Darmstadt (TU Darmstadt) in Germany indicate.

In their report for Usenix, Small World with High Risks: A Study of Security Threats in the npm Ecosystem, Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel shine a light on the widespread use of npm packages

Ideas That Become Obvious In Hindsight

Interview: Authentic8 Co-founder and CEO Scott Petry on Leo Laporte's TWiT.tv

Were you excited when Apple presented the Newton mobile device to the world, a glimpse into a future starring the iPhone? Or perhaps relieved when the email Spam Wars were won by Postini, a Silicon Valley startup later bought by Google, where it became the core of Gmail?

The ideas and concepts that drove both breakthrough innovations initially faced ridicule (in the case of Newton) and skepticism. What they have in common is that today, they are obvious in hindsight.

What they also share is a name: Scott Petry. His career took him from Apple's Newton team to founding and later selling Postini - which solved the email spam problem - to Google and from there to his current role as Co-founder and CEO of Authentic8, which pioneered remote browser isolation in the cloud.

Do we have a theme here? Leo Laporte thinks so. The award-winning tech journalist and founder

DoD's Cybersecurity Maturity Model Certification: Are Smaller Companies Prepared?

New requirements mean contractors will have to pay to play. What does this mean for small businesses in the defense industry?

The cybersecurity posture of the Defense Industrial Base (DIB) supply chain is only as strong as its weakest contractor. When considering the DIB supply chain includes 300,000 contractors with sensitive government data, and around 290,000 of them are not subject to strict cybersecurity requirements or oversight, something needs to change.

Leading that change is the Office of the Under Secretary of Defense for Acquisition and Sustainment - OUSD(A&S) - which has developed the Cybersecurity Maturity Model Certification (CMMC), an agile set of unified cybersecurity standards to ensure the security of government data on DIB networks.

Illustration for Cybersecurity Maturity Model Certification blog post: CMMS Seal

Illustration: CMMC Seal

CMMC will enable the government to verify contractors have adequate security protocols in place to protect non-public Federal Contract Information and more sensitive Controlled Unclassified Information.

How CMMC Aims to Unify Cybersecurity  

The most recent draft version of

How to REALLY Browse Anonymously

When anonymous web access becomes business-critical, the web's favorite home remedies won't help. Worse, they can harm you and our organization.

*

A few weeks ago, I was speaking with a regional bank in the Southwestern United States, where the lack of anonymity online had jeopardized a recent investigation. The bank was doing online research necessary for them to comply with Bank Secrecy Act and Anti Money Laundering (BSA/AML) regulations.

A financial fraud analyst found incriminating evidence on the web page of a business she was investigating. Imagine her frustration when she went back the next day to collect that evidence, only to find it had been removed in the meantime. What happened?

The bank suspects that the subject of its investigation was tipped off to the analyst's research because web traffic from the bank was hitting the website of the investigated business.

This happens more often than one would think, as I've learned in conversations with other financial services firms before.