Posts

Georgetown Security and Software Engineering Research Center Tests Cloud Browser Security for Enterprise IT Networks

S2ERC’s Productive Browser Project reveals Authentic8 Silo virtual browser
delivers greater malware protection than Google Chrome desktop model

Washington, DC –  The Security and Software Engineering Research Center at Georgetown University (S2ERC) today released results from its Productive Browser Project that shines new light on the importance of security in the enterprise IT browser space. The study found that Silo, the secure cloud-based browser from Authentic8, provides enterprise users a higher level of protection from malware threats than Google Chrome (Chrome).  A full report of the testing results can be found here (S2ERC Productive Browser Report).

S2ERC researchers conducted a series of rigorous security tests to measure the capabilities of the Authentic8 and Chrome browsers to defend against many of the typical malware threats encountered by enterprise users.

The goal of the S2ERC Productive Browser Project was to determine whether a virtual browser could provide sufficient security against malicious malware threats with minimal impact on the productivity of a typical enterprise end user. The project focused on validating security properties hypothesized as a result of isolating the web browser through virtualization technology. The research initiative studied the security capabilities of virtualized, cloud-based browsers in enterprise network environments.

“The goal of this project is to research the impact that virtual browsers can have on the security of computers in corporate IT network environments,” said Paul Brigner, S2ERC Managing Director. “Not only did we want to compare virtual browsers’ security against conventional desktop browsers but also test their capabilities while supporting a typical workload of enterprise applications to ensure there is minimal impact on users’ productivity.”

Browsers are often a high-value target and attack vector for criminals and nation states who can exploit their vulnerabilities as a gateway into cloud applications and the enterprise network. By doing so, cybercriminals can compromise the security of these software as a service (SaaS) business applications in the cloud while also being able to penetrate the on premises enterprise network itself.

TESTING APPROACH

To determine the practical security benefits of a virtual browser, S2ERC researchers first cataloged a set of typical attacks. The testing team compiled a list of websites containing malicious malware code using databases from security watchdog organizations malc0de.com and vxvault.net.  After verifying that these sites contained malware.  The S2ERC team attempted to download infected files using these websites using both Silo and Chrome on two identically configured laptop PCs that also had a standard enterprise antivirus software installed on them.

The S2ERC team attempted to download 54 files, eight of the data successfully infected the machine running Chrome while none of the sites reached the computer running Silo. In short, approximately a seventh (1/7) of the malicious sites visited by Chrome experienced a successful download while Authentic8 Silo virtual browser prevented downloads in all cases.

A further examination of the results found that Silo did allow sandboxed downloading of 13 files, or about a quarter of the sample. The sandboxing – or software isolation – of these files still provided protection from direct exposure to hardware systems.

When Silo downloaded a file, the browser sandboxed the file in cloud storage. Upon exiting the browser, the files were deleted. As such, these files never reached the test laptop nor reached the local enterprise network.

While sandbox downloading occurred in Silo with many of the malicious sites, many of those were blocked on Chrome by either the PC’s anti-virus program or Google itself. Thirty-six sites were blocked by the PC’s anti-virus programs, meaning three-fifths of the malicious sites were blocked by the cybersecurity add-on. An additional four sites were blocked by Chrome.

Still, the files that Chrome did download were able to successfully infect the computer. This allows for possible security breaches in an enterprise setting. While the anti-virus software should eventually find the malware, the ability for viruses to reach the computer posed a serious security threat to the users.

S2ERC PRODUCTIVE BROWSER PROJECT

The S2ERC Productive Browser project marks the second and final phase of its multifaceted virtualization research project exploring benefits of a virtual browser for secure Internet use by enterprises networks. The first phase of the research evaluated the performance of virtual browsers versus conventional desktop browsers on desktop PC and MAC computers.

“It was a goal of this project to explore and test whether an isolated cloud browser can be a mechanism for improving the security and compliance of enterprise networks and data,” added Brigner. The Productive Browser study validated that virtual browsers like Authentic8’s Silo help enterprises improve the security of their networks and data.”

About the Security and Software Engineering Research Center at Georgetown University
The Security and Software Engineering Research Center at Georgetown University (S2ERC) is a National Science Foundation (NSF) sponsored research center working on the safety, security, and stability of today’s communications networks.  S2ERC uses applied and basic research to address the technology, policy, regulatory, legal, governmental, and business issues impacting secure networks.  S2ERC research results create solutions to technical issues and enable vendors and service providers to offer products and services that real enterprises need and can deploy. Learn more at https://s2erc.georgetown.edu/.

Media Contact
For S2ERC: John Gates, Elevate Communications
o: 617.861.3651, c: 617.548.8972, john@elevatecom.com

Ride-Sharing Service For Women Debuts in Boston

Safr Launches with a Mission to Empower Women Through Ride-sharing

Boston, MA – Safr, an innovative new ride-sharing platform for women, today announced the premiere of an invitation-only launch in Boston, with a broader consumer roll out in the Boston market planned for March 1, and market introductions in major U.S. cities to come later this year.

As a service connecting female drivers exclusively with female riders, Safr’s mission is to empower women to participate more fully in the ride-sharing economy. Since its debut, the ride-sharing economy has rapidly transformed into an $9 billion industry that has experienced unprecedented annual growth, yet women currently account for fewer than one quarter of drivers on existing ride-sharing platforms and make on average 34% less than their male counterparts. Furthermore, fewer women use ride-sharing services as passengers as well.

“While the flexible schedule and added income would be a great option for many women, they have been reluctant to become ride-sharing drivers because of their concerns about safety,” said Stephanie Sonnabend, former CEO and president of Sonesta Hotels, co-founder of 2020 Women on Boards and Safr board member. “Safr wants to change the paradigm in ride-sharing with a platform of women driving women, creating a safe and empowering opportunity for all women.”

Core to its commitment to empowering its drivers, Safr debuts with a variety of benefit programming in place. The service offers an equity program to its drivers with drivers gaining an increased stake in the company commensurate with their hours of driving and number of driver referrals, relative to their fellow drivers. In an unprecedented act of its commitment, Safr is also offering their first 1000 drivers a 10% company commission lock rate for life, less than half the commission rate for other ridesharing companies.

Safr also plans to roll out a package of financial planning and other supportive services to drivers that will further empower them to maximize their financial freedom. Safr convenes drivers for a variety of community and training events and  is the only ride-sharing company to introduce Bystander Training as part of its onboarding process as a means of empowering drivers to be a critical part of creating a safer environment for our community. As part of its invitation-only launch, Safr provides early adopter drivers the opportunity to earn enhanced benefits by providing feedback which will be integrated into the Safr service-model, enhancing the experience for both drivers and passengers.

With proprietary technologies, Safr strives to ensure the door-to-door security of passengers as well as drivers. Safr’s best-in-class safety features include a prominent SOS Button for both passengers and drivers, a Color Matching feature that helps passengers and drivers confirm they have connected with the right person before initiating a ride, and a Command Center that tracks rides in real-time to guard against deviation from a designated route. Safr will also conduct the most thorough and comprehensive driver background checks as are permitted by law.

Additionally, Safr is committed to giving back to the communities it serves by donating a portion of proceeds to charitable organizations of importance to its community of drivers and passengers.

Safr has recruited L.A.-based actresses Alex Kapp and Tricia O’Kelley, who starred on CBS’The New Adventures of Old Christine, to serve as ambassadors for the brand. As Heads of Client Engagement and Experience, Kapp and O’Kelley will represent Safr to external constituencies, educate new drivers and passengers about the service through video content and inform the brand user experience. Both single mothers of two daughters, the actresses are advocates for the safety and empowerment the Safr platform provides.

“We are thrilled to be a part of empowering women to take full advantage of the income-generating opportunities and convenient travel that ride-sharing can offer,” said Kapp. “Safr eliminates some of the sense of unease women may feel using existing platforms, and provides drivers and passengers a sense of community unmatched by other apps.”

The concept, which has evolved from Chariot for Women to Safr, has been in the research and development phase focused on the development of the leadership team, app features and driver benefits to bring to market.

The new platform will be available for download in the App Store and Google Play the beginning of next week, and is available for use via invitation only until March 1. For more information on becoming a Safr driver, interested parties should email community@gosafr.com.

###

About Safr
Safr is a transportation technology platform that empowers women to participate fully in the ride-sharing economy. Launching in 2017, the service will offer ride-sharing exclusively for women. The platform features best-in-class safety features including driver-passenger Color Matching, an SOS Button and a real-time Command Center, as well as rigorous driver background checks. Safr will debut in Boston with plans to expand nationwide. For more information, visit www.GoSafr.com

Media Contacts
Lucy Muscarella, Elevate Communications: office: 617-312-6411, cell: 858-353-1359, lmuscarella@elevatecom.com
Joanna Humphrey Flynn, Safr: 617-549-1718, joanna@gosafr.com