Authentic8 Blog Category: Remote Browser

Cloud Browser Economics 101

We could go on all day long about the high price enterprises are paying for using traditional “free” browsers in their day-to-day business. Being respectful of your time, we addressed the core points in a short webinar titled Your Browser Betrays You (What is the cost of running a “free” local web browser in your organization?)

We frequently hear from customers how Silo, the secure cloud browser provided as-a-service by Authentic8, helped them realize significant savings. Customer survey results show:

Customer Survey Results: Savings Realized with Silo Cloud Browser by Authentic8

IT savings realized with the Silo cloud browser. Source: Authentic8

Before Silo, those resources - almost automatically, quietly - went to procure, maintain and update one or more components of a bloated security stack (think AV, CASB, URL Filter…). Its components were mostly aimed at preventing and mitigating the exploit and data loss risks associated with a locally installed browser base.

Because remote browser isolation with Silo removes these risks, enterprises can stop this point-solutions drain on their IT team and budget.

Browser Security: The Worst Code Injections and How They Work

In a new report titled Malicious Injections: The Tip of the Spear for Browser Threats, researchers with security firm RiskIQ predict that browser-based attacks will be a significant portion of the threat landscape for years to come, and will continue to cause major problems.

What do these attacks all have in common? Malicious injects targeting locally installed browsers. “Internet browsers are proving an invaluable attack vector for criminals,” the report concludes.

The point of injecting malicious scripts is to have the local browser dutifully execute code on the user’s machine. Attackers aim either to inject a piece of script into a web page directly or to inject a remote script (resources) into the page.

The report documents the top six techniques that they use to achieve either direct and remote injects:

Tacking it On

This is the most common method of adding malicious code to a page and can be done by injecting a malicious script in a <script>

Webinar: Cloud-based Research Platform for Threat Hunters

One of the most important applications of a cloud browser is investigating threat intelligence. Information security analysts can get quickly overwhelmed with data, from potential risks to false leads. Providing context for threat intelligence is critical for any security operations team.

Investigating leads from threat intelligence can be time-consuming and expensive for an already over-taxed function. Imagine having thousands of alerts, and no way to tell which ones are legitimate and which ones are benign.

Cloud-based technologies make infosec analysts more productive by doing much of the grunt work for them. Instead of slogging through thousands (or millions) of alerts, analysts rely on threat intelligence services like Recorded Future for in-depth and high-speed analysis to bring that down to a manageable number. And a cloud browser like the Silo Research Toolbox gives analysts a safe and efficient way to perform deep analysis on legitimate threats.

Illustration: Silo Research Toolbox - the cloud browser for analysts, researchers and investigators (screenshot)
Silo Research Toolbox on the Dark Web

Authentic8 and Recorded Future are presenting a cloud-based research platform

Financial Services: How to Minimize Vendor Risk Online in One Step

Here’s a quick tip for CISOs and compliance officers in banks, credit unions, investment or wealth management firms who worry about cybersecurity threats that emanate from vendors and third-party apps:

Disconnect from the web.

Sounds radical? You may be surprised to learn that this process is well underway in some of America’s largest banks and investment firms. Let me explain.

IT security researchers agree that almost 80 percent of data breaches and malware incidents are web-borne and in some way browser-related. The regular browser has become the main gateway for attacks on the local IT infrastructure of firms (not only) in the financial sector.

Locally installed browsers – including those labeled “secure” by their makers – indiscriminately process all code from the web on the user’s computer or mobile device. The browser opens the door for data exfiltration and for malicious code to infiltrate the corporate network, for example through infected vendor websites or compromised third-party business apps.

The finance sector’

How Watering Hole Attacks Target the Financial Sector and Government Agencies

Websites of governments, regulatory bodies and financial authorities are preferred targets for "watering hole" attacks on finance, investment and compliance professionals. These online resources make it easy for attackers to target their victims. How do such attacks work?

*

Watering hole attack infographic

Source: GoldPhish

So-called watering hole (a.k.a. "water holing") attacks are probably the most economical of online exploits. Instead of identifying and tracking down individual targets one-by-one, the threat actors first research and identify a vulnerable website frequently sought out by key professionals in the targeted industry or organization.

In the second step, they install an exploit kit that may allow the attackers to target that site’s users even more selectively, for instance based on their IP number. Like lions hidden in the savannah grass, they then lay and lurk.

Once their prey shows up at the "water hole", the victim’s locally installed browser takes care of the rest. Because the browser is designed to indiscriminately fetch and execute code from