Posts

Georgetown Security and Software Engineering Research Center Tests Cloud Browser Security for Enterprise IT Networks

S2ERC’s Productive Browser Project reveals Authentic8 Silo virtual browser
delivers greater malware protection than Google Chrome desktop model

Washington, DC –  The Security and Software Engineering Research Center at Georgetown University (S2ERC) today released results from its Productive Browser Project that shines new light on the importance of security in the enterprise IT browser space. The study found that Silo, the secure cloud-based browser from Authentic8, provides enterprise users a higher level of protection from malware threats than Google Chrome (Chrome).  A full report of the testing results can be found here (S2ERC Productive Browser Report).

S2ERC researchers conducted a series of rigorous security tests to measure the capabilities of the Authentic8 and Chrome browsers to defend against many of the typical malware threats encountered by enterprise users.

The goal of the S2ERC Productive Browser Project was to determine whether a virtual browser could provide sufficient security against malicious malware threats with minimal impact on the productivity of a typical enterprise end user. The project focused on validating security properties hypothesized as a result of isolating the web browser through virtualization technology. The research initiative studied the security capabilities of virtualized, cloud-based browsers in enterprise network environments.

“The goal of this project is to research the impact that virtual browsers can have on the security of computers in corporate IT network environments,” said Paul Brigner, S2ERC Managing Director. “Not only did we want to compare virtual browsers’ security against conventional desktop browsers but also test their capabilities while supporting a typical workload of enterprise applications to ensure there is minimal impact on users’ productivity.”

Browsers are often a high-value target and attack vector for criminals and nation states who can exploit their vulnerabilities as a gateway into cloud applications and the enterprise network. By doing so, cybercriminals can compromise the security of these software as a service (SaaS) business applications in the cloud while also being able to penetrate the on premises enterprise network itself.

TESTING APPROACH

To determine the practical security benefits of a virtual browser, S2ERC researchers first cataloged a set of typical attacks. The testing team compiled a list of websites containing malicious malware code using databases from security watchdog organizations malc0de.com and vxvault.net.  After verifying that these sites contained malware.  The S2ERC team attempted to download infected files using these websites using both Silo and Chrome on two identically configured laptop PCs that also had a standard enterprise antivirus software installed on them.

The S2ERC team attempted to download 54 files, eight of the data successfully infected the machine running Chrome while none of the sites reached the computer running Silo. In short, approximately a seventh (1/7) of the malicious sites visited by Chrome experienced a successful download while Authentic8 Silo virtual browser prevented downloads in all cases.

A further examination of the results found that Silo did allow sandboxed downloading of 13 files, or about a quarter of the sample. The sandboxing – or software isolation – of these files still provided protection from direct exposure to hardware systems.

When Silo downloaded a file, the browser sandboxed the file in cloud storage. Upon exiting the browser, the files were deleted. As such, these files never reached the test laptop nor reached the local enterprise network.

While sandbox downloading occurred in Silo with many of the malicious sites, many of those were blocked on Chrome by either the PC’s anti-virus program or Google itself. Thirty-six sites were blocked by the PC’s anti-virus programs, meaning three-fifths of the malicious sites were blocked by the cybersecurity add-on. An additional four sites were blocked by Chrome.

Still, the files that Chrome did download were able to successfully infect the computer. This allows for possible security breaches in an enterprise setting. While the anti-virus software should eventually find the malware, the ability for viruses to reach the computer posed a serious security threat to the users.

S2ERC PRODUCTIVE BROWSER PROJECT

The S2ERC Productive Browser project marks the second and final phase of its multifaceted virtualization research project exploring benefits of a virtual browser for secure Internet use by enterprises networks. The first phase of the research evaluated the performance of virtual browsers versus conventional desktop browsers on desktop PC and MAC computers.

“It was a goal of this project to explore and test whether an isolated cloud browser can be a mechanism for improving the security and compliance of enterprise networks and data,” added Brigner. The Productive Browser study validated that virtual browsers like Authentic8’s Silo help enterprises improve the security of their networks and data.”

About the Security and Software Engineering Research Center at Georgetown University
The Security and Software Engineering Research Center at Georgetown University (S2ERC) is a National Science Foundation (NSF) sponsored research center working on the safety, security, and stability of today’s communications networks.  S2ERC uses applied and basic research to address the technology, policy, regulatory, legal, governmental, and business issues impacting secure networks.  S2ERC research results create solutions to technical issues and enable vendors and service providers to offer products and services that real enterprises need and can deploy. Learn more at https://s2erc.georgetown.edu/.

Media Contact
For S2ERC: John Gates, Elevate Communications
o: 617.861.3651, c: 617.548.8972, john@elevatecom.com

Snom Expands Lineup with New M325 DECT Phone Bundle

Snom Deliver Advanced Mobile Calling Capabilities with Rich Features, Enhanced
Range, and Seamless Integration with Hosted VoIP and IP PBX Solutions

Berlin and Londonderry, NHSnom Technology AG, headquartered in Berlin, the world’s first and leading brand of professional and enterprise VoIP telephones, have introduced a new mobile solution to its wireless IP phone portfolio with the launch of the Snom M325 DECT phone package.

Comprised of the M300 base station and one M25 handset, this single cell DECT package forms the basis of a uniquely powerful and expansive mobile telephony solution. The M325 offers businesses a robust, reliable single-cell DECT phone solution with high quality voice and superior coverage.

“The Snom M325 single-cell package gives business users an affordable cordless VoIP solution that integrates easily providing a highly affordable business-class mobile solution that fits into the business’ existing VoIP system,” said Tom Ostrander, President of Snom North America.

The bundle can support up to 20 users and can easily expand its range to up to 2000 ft without requiring complex or costly changes to the existing LAN infrastructure.

The Snom M325 DECT solution bundle is part of the new wave of innovative business communications products Snom is bringing to the market. Like all Snom handsets, the Snom M25 boasts an elegant design and a highly intuitive interface. It also features an illuminated keypad, TFT color display, and menu-driven graphical user interface providing easy access to the unit’s broad array of advanced features.

The Snom M325 bundle’s standard features include a hands-free mode and caller identification as well as typical mobile phone features, such as an on-board address book, calendar, calculator, and alarm. Advanced features include single-cell to multi-cell calling by pairing the M25 handset with the M700 base station, IPv6 support, voice encryption, pre-installed security, and color picture caller ID.

Suggested MSRP for the Snom M325 DECT bundle is $219.

Snom desktop and DECT solutions are available to resellers through its partner network of North American distributors.

###

About Snom Technology AG
Founded in 1996 and headquartered in Berlin, Germany, Snom is a German multinational corporation and the world’s first and leading brand of professional and enterprise VoIP telephones. Snom operates wholly owned subsidiaries in the United States, the United Kingdom, France, Italy, and Taiwan.

Snom’s German engineering is globally renowned for its robust, high quality, feature-rich business telephones designed exclusively for trained, certified professional IT and PBX installers. All of Snom’s products are universally compatible with leading PBX platforms operating under the SIP standard with over four million end-point installations globally. Snom products are sold through distributors to over 25,000 Snom Value-Added Resellers around the world. For more information, please visit www.snom.com.

Media Contacts
Snom – North America John Gates, Elevate Communications, +1 (617) 861-3651, john@elevatecom.com
Snom – Global Gabriele Horcher, Möller Horcher Public Relations GmbH, +49(0) 69-2724-7569, gabriele.horcher@moeller-horcher.de