Five Endpoint Security Resources Every IT Leader Should Know

Posted by Gerd Meissner

Aug 9, 2016


Endpoint security tops the priority list for many enterprise IT leaders this year, across a wide range of industries. One main reason: “2016 is shaping up as the year of ransomware - and the FBI isn’t helping” (Los Angeles Times).

Ransomware, distributed by criminals via automated phishing email campaigns and large-scale infections of web servers, infiltrates the networks of hospitals, law firms and energy utilities alike, encrypting stored data, and demanding payment to unlock the victim’s data.

Data breaches at major law firms and healthcare data providers have already reached record numbers in the first half of this year. In many cases, the organization’s use of regular, non-secure browsers - which fetch and process code from the web on the local computer, including malware - opened the door for outside attackers.

Topics: Security

No More Ransom? Activism Won’t Prevent Ransomware.

Posted by Gerd Meissner

Aug 1, 2016

Illustration: Thumbnail No More Ransom (screenshot)SECURITY, NEWS

The European Cybercrime Centre (EC3) of Europol, the European law enforcement agency, is driving a new public/private initiative that, according to the Washington Post, “may offer a glimmer of hope for victims” of ransomware.

No More Ransom, is the campaign’s motto. As nice as that would be, I think the slogan and the site promote a false sense of security.

I’d call it feel-good activism. Here’s why:

Silo Underscores Integral Role in Enterprise Web Security

Posted by Gerd Meissner

Jul 26, 2016


New Enhancements Integrate With IT Infrastructure and Enable Seamless Access

(MOUNTAIN VIEW, CA -- Jul 26, 2016) - Authentic8, maker of Silo, the cloud-based secure browser for business, introduced today new enterprise capabilities for its flagship product aimed at seamless deployment within the enterprise and added convenience for end users.

Silo now includes synchronization with Microsoft Active Directory (AD) services, integration with Identity Provider (IDP) solutions for federated authentication, and enhancements to the Silo Access Portal to streamline secure access to the web.

By synchronizing Silo with AD, an organization's traditional methods of managing users, enabling application access and defining policies can be used as the basis for deploying and managing Silo for secure access to the web.

For organizations that rely on federated authentication systems, such as Microsoft ADFS or other commercial identity provider (IDP) services that are based on the standard Security Assertion Markup Language (SAML), Silo deploys without requiring users to perform further authentication steps. Once the user is registered on the network, use of Silo is seamless.

Topics: Corporate News

Malware Targeting Energy Utilities                        Avoids AV Products

Posted by Scott Petry

Jul 14, 2016

Illustration: Thumbnail: Critical Infrastructure: Malware Targeting Energy Utilities Avoids 400 Windows-based AV ProductsSECURITY, NEWS

…and so should we.

At least that’s my take after looking into various reports about a particularly aggressive malware that is targeting specifically energy utilities that operate Windows-based Industrial Control Systems (ICS).

So far, malware of the “Furtim” variety - as analyzed in-depth by IT security vendor Sentinel One - has breached the security perimeters of at least one European energy provider. Add this to the long list of (often web-borne) attacks against ICS that are covered in Booz Allen Hamilton’s recent Industrial Cybersecurity Threat Briefing.

In my recent post Industrial Control Systems Under Attack, I commented on the documented threats that critical infrastructure providers have been exposed to recently, in many cases due to their continued use of regular browsers.

So you could say I’ve thinking about how ill-prepared utilities are to deal with that kind of threat. But the new findings regarding Furtim (Latin, meaning “Stealth”) - and what they could mean for the U.S. utility sector - are prompting me to follow up with a postscript.

Topics: Security

Personal Email at Work - the "Hillary Factor"

Posted by Scott Petry

Jul 7, 2016

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.

Topics: Security, Policy

Industrial Control Systems Under Attack: Secure Browser, Anybody?

Posted by Scott Petry

Jun 28, 2016

Illustration: Blog Post Industrial Control Systems Under Attack - Secure Browser, Anybody?SECURITY, NEWS

The primary threats against Industrial Control Systems (ICS), the computing infrastructure at the heart of utilities and manufacturing plants, come from secret agent style espionage like you see in the movies, right? Wrong.


Remember the “Stuxnet” attack that sent the centrifuges in Iran’s Uranium enrichment plant into a self-destructive spin? In that attack, a USB stick was used to cross the security “air gap” of that unconnected computer, and drop malicious software on the (Windows-based) Siemens control units.

Now, attackers targeting critical infrastructure don’t even need to drop a USB stick in the parking lot. They can simply rely on employees opening a phishing email, or visiting a compromised website. That’s all it takes for a motivated outsider to wreak havoc, steal data or lock down critical ICS processes with ransomware.

Topics: News, Security

Must-Have Features of a Secure Virtual Browser

Posted by Gerd Meissner

Jun 21, 2016

Illustration: Whitepaper Cover - Why a Virtual Browser is Important for Your EnterpriseSECURITY, POLICY

How did the local browser become the “security sinkhole" of today’s enterprise? And, more importantly, what’s the alternative ? How can enterprise IT leaders protect their infrastructure against web-borne threats, without putting productivity at risk by restricting web access?

Topics: News, Security

Smart Nation. Dumb Move.

Posted by Scott Petry

Jun 13, 2016

Image: Singapore SkylineSECURITY, POLICY

Singapore is awesome. Since starting Authentic8, I haven’t been back, but I was lucky enough to visit regularly in previous jobs. The island city-state is known for taking care of business and of its citizens, as well as for its “Smart Nation” technology initiative.

Topics: Security, Policy

How Medical Identity Theft Works, and How it Can Impact You

Posted by Scott Petry

Jun 7, 2016

Image: Patients in Waiting Room with Chart: Indivituals Impacted by Healthcare Data BreachesIDENTITY, SECURITY

The healthcare industry currently tops the target list of cyber criminals, according to IBM’s 2016 Cyber Security Intelligence Index [PDF]. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (Ponemon Institute) reveals that 89 percent of healthcare organizations and 60 percent of their business associates experienced data breaches over the past two years.

Recently, ransomware attacks (incidents where hospital data are encrypted and only released after a ransom is paid) have dominated the headlines. But most data breaches within the healthcare industry involve an even more lucrative target: medical records and related Personal Identifiable Information (PII), like Social Security numbers.

What does this mean for you? Medical identity theft via computer comes at staggering cost to the victims. They have to pay a steep price to get their life back: on average more than $ 13,000, according to one study. To make matters worse, victims can find themselves cut off from their doctors or get misdiagnosed, due to fraud-related errors in their medical records.

How to protect yourself? 

Topics: Identity, Security

Credential Management Fail. Time to Reset.

Posted by Scott Petry

May 17, 2016

Meme: I changed my password...SECURITY

Credential management as we know it is not secure and doesn’t work. How else would we explain that weak, default or stolen passwords were used in roughly 63 percent of data breaches in 2015, as documented in a new comprehensive report?

It is time to take the human factor out of the equation.


The new Verizon Data Breach Investigations Report (DBIR) is out, providing a great amount of detail on 2,260 data breaches in 2015.

Web-based attacks were up 33% in 2015, with financial motives behind 95 percent of them. So what drives this trend?

The report shows that in most attacks, stolen or guessed credentials of legitimate users were entered in order to obtain unauthorized access. Malware, phishing and keyloggers ranked next (each of which is also related to the credential issue).

Topics: Security

The official blog of Authentic8

Blog Home
Sign up for Silo
Contact Us

Subscribe to Email Updates