Authentic8 Blog Category: Presentations

Interview: HTTPS Interception, TLS Fingerprinting, and the Browser

Use HTTPS, they said. Make sure your browsers shows that green padlock, they said. You’ll be safe, nobody can eavesdrop, they said.

IT security teams and threat hunters, who are familiar with the inherent security weakness of the web’s underlying protocols, know better.

The problem with HTTPS internet connections is similar to the problem with VPN. Or, as Larry Loeb put it in his post HTTPS: Beware the False Sense of Security on this blog: “[U]sers think that it does more than it actually does.”

For starters, a basic HTTPS connection gets established when the browser (client) connects directly to an origin server to send requests and download content protected by TLS-based  encryption. Still, this communication is vulnerable to interception.

The reason is simple. Often, the browser doesn’t connect directly with the web server serving the website. Instead, data gets routed through a proxy or middlebox, a.k.a. "monster-in-the-middle" (MITM). HTTPS interception, for benign or malign reasons,

Webinar: Cloud-based Research Platform for Threat Hunters

One of the most important applications of a cloud browser is investigating threat intelligence. Information security analysts can get quickly overwhelmed with data, from potential risks to false leads. Providing context for threat intelligence is critical for any security operations team.

Investigating leads from threat intelligence can be time-consuming and expensive for an already over-taxed function. Imagine having thousands of alerts, and no way to tell which ones are legitimate and which ones are benign.

Cloud-based technologies make infosec analysts more productive by doing much of the grunt work for them. Instead of slogging through thousands (or millions) of alerts, analysts rely on threat intelligence services like Recorded Future for in-depth and high-speed analysis to bring that down to a manageable number. And a cloud browser like the Silo Research Toolbox gives analysts a safe and efficient way to perform deep analysis on legitimate threats.

Illustration: Silo Research Toolbox - the cloud browser for analysts, researchers and investigators (screenshot)
Silo Research Toolbox on the Dark Web

Authentic8 and Recorded Future are presenting a cloud-based research platform

Authentic8 performing on Broadway (sort of)

2015-07-28_Collabity

PRESENTATIONS

While we're still looking for backers for our production of the world's first musical about a misunderstood InfoSec professional who lives in the drop-ceiling of a datacenter, we are heading to the Microsoft Technology Center in Times Square as a sponsor of Collabity's Data, Cloud & Disruptive Technologies event on July 28th.

One of our users asked if we'd participate in this event, which brings together IT executives from a variety of industries, including: higher education, state and federal government, legal, healthcare, and real estate. When our customers speak, we listen.

A growing concern of IT managers is unfettered access to the Web. With the rise of web apps and cloud services, the browser has become the single most important application used by businesses today. But that same browser is based on technology that's decades old. Even if users are running the latest version of their local browser, they are still vulnerable to attacks via the OS or network or plug-ins.