RSA Blog - March 2016

  • 3/31/2016 - The Essential Role of Forensics in Computer Security Every organization, no matter its size or line of business, should assume it has either been or will be breached. When it comes to responding to an incident, organizations need to realize that time is of the essence. For this reason, forensics in computer security is a growing discipline. However, according to a survey by...
  • 3/31/2016 - Transaction Signing, Meet Selfie Money-stealing Trojans be gone. When is the last time you logged into your online banking portal, made a payment transaction, and received a notification on your phone to validate the details of the transaction and tap approve? Better yet, when is the last time you had to use a physical hardware device to sign a...
  • 3/29/2016 - Incident Response Roundup: 5 Facets of Top Performers An Aberdeen Group analysis of current enterprise practices for managing privileged access provides a powerful illustration of how better visibility and operational forensics can not only help with more effective incident response (IR), but also point the way to high-impact improvements in specific security practices and technical controls. The Importance of Qualitative, Risk-Based Analysis In...
  • 3/29/2016 - E6 - Ghost in the Machine - Curtain Call The Hunter’s horse panted heavily and churned up dust as it raced down the dirt road towards the Frontier.  The moonlight glanced off the swirling clouds of powder in the horse’s wake.  The Hunter gritted his teeth as the horse careened around a corner. His mind raced.  He wondered if he would make it in...
  • 3/28/2016 - Threat Intelligence Sharing: Customized Solutions to Challenges Threat intelligence sharing is a hot and sometimes contentious topic. While its necessity and justifications are generally known, there are legitimate reasons why sharing information on a large scale has been met with resistance. The Argument for Sharing When sharing intelligence, it is important to establish from the outset that combining best practices for security...
  • 3/28/2016 - 3D Secure Innovations: New Analytics Dashboard Helps Improve Response to Fraud The 3D Secure protocol has been much (and somewhat unfairly!) maligned for the negative impact it has on the cardholder’s online experience. Requiring cardholders to produce their password each and every time they try to transact on a participating merchant site significantly disrupts purchase flow. Adding friction to the online checkout process leads to cart...
  • 3/25/2016 - Making Smart Choices for Identity Assurance Good news: in 2015, device makers, OS providers and authentication solution providers all picked up their momentum on initiatives tackling user authentication challenges. Cases in point: the support of fingerprint sensors in Google Android M, the proliferation of Apple Touch ID supporting solutions, Microsoft Windows 10 multi-method biometric support, Samsung’s fingerprint enabled devices, and the...
  • 3/25/2016 - Measure your Readiness - Security Monitoring Program In the previous post of this series “Measure your Readiness”, I depicted a framework to assess, shape and accelerate a Threat-Driven Incident Response program useful for all kind of organizations to enhance their response capabilities and be ready to deal with unforeseen incidents. The second post in the series aims to look at the “security...
  • 3/24/2016 - Biometric Security: Making Authentication More Secure and Convenient Concerns about biometric security, its usability, and the potential for spoofing are starting to dissapate. Fingerprint sensors are now being built into the latest smartphone models, which means more people are becoming comfortable with the technology. Although some users still cite concerns with biometric security, convenience is the main driver for its increased adoption. Biometrics...
  • 3/22/2016 - The Apple iMessage Encryption Vulnerability A team of researchers at Johns Hopkins (Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan) discovered a profound vulnerability in how Apple’s iMessage encrypts data. The flaw allows the attacker to correctly guess the cryptographic key that decrypts iMessage attachments, which enables the attacker to determine the contents of the underlying data....
  • 3/22/2016 - E6 - Ghost in the Machine - No Longer Fun and Games Dave Reinhardt, gritty, determined, wizard of MagnaCorp security, arranged his notes on the conference room table once more.   He sat alone briefly while the team took a break.  As he arranged the pages for his upcoming briefing to his fellow executives, he paused to look around the room.  The whiteboards of the breach war room...
  • 3/21/2016 - Improving Your Incident Detection & Response Maturity Just having come back from the most recent RSA Conference in San Francisco, I think I can say with confidence that the security industry has moved beyond, at least at the level of strategic planning, security strategies which are purely based on prevention. Security professionals generally agree that what is needed is a better balance...
  • 3/17/2016 - The Importance of Context in an Incident Response Plan Effective incident response is essential to minimizing the impact of a security incident and allowing the organization to return to normal operations as soon as possible. To this end, an incident response plan will ensure actions can be taken in a coordinated, controlled manner. However, a one-size-fits-all incident response plan is unlikely to be effective....
  • 3/17/2016 - Ransomware: The New Cyber Kryptonite And then, there was irony. While Apple has been able to hold out against the FBI demanding it produce a backdoor into the iPhone used in the recent San Bernardino attack, it was unable to render a similar defense against a strain of ransomware that recently, albeit briefly, infected its own Mac computers. The recent...
  • 3/16/2016 - Why Marketing, HR and Finance Should Have a Bigger Say in Your IDaaS Strategy than You May Think My colleague Darren Platt recently weighed in on the undeniable upward trend of organizations moving toward Identity as a Service, or IDaaS. While only 15% of organizations report having a cloud-based pure play for their identity solutions, more than 55% are saying they have a mix of cloud and traditional. Cloud-hosted identity solutions appear to...
  • 3/15/2016 - Improving Forensic Visibility Throughout a Complex Network Being able to determine how an intruder evaded security measures is something every organization should be concerned with. Companies spend millions of dollars on security, and when there’s a breach, they need to determine how it occurred so they can isolate the current risk and use the insights to build additional defenses and improve the...
  • 3/15/2016 - E6 - Ghost in the Machine - Phantom Tracks The Ghost exited the massive wagon nodding at the Guard as he passed. His trips to the wagon had been spaced out such that he knew each Guard had only seen him minimally. Once he had figured out the rotation of the guards’ schedules, it took only patience and time to determine the frequency and...
  • 3/14/2016 - A Tale of One Password and Unhappily Ever After for Retailers Do you recycle? I’m not talking here about paper, glass and aluminum waste. I mean online passwords.  For most consumers, password recycling is a given which exposes them to a wide variety of other identity theft risks.  However, poor identity management practices on the part of consumers also puts retailers and e-commerce merchants at risk...
  • 3/11/2016 - Privacy: THE Hot Topic at #RSAC Data privacy dominated the discourse at RSA Conference last week, unlike any hot-topic of years past. If you’re fascinated by this debate, as I am, and missed-out on some or all of RSAC this year, here is a list of talks that caught my attention. In addition to these keynote talks, the discussion spilled-out into...
  • 3/11/2016 - Phishing Lives On with New Bait The saying “Gone Fishing” on the once prosaic signs hanging from rural-based gas stations or car repair shops has evolved to mean something completely different in 2016. While phishing attacks are not growing by leaps and bounds like other types of cyber threats, it is certainly showing no signs of slowing down. Last year, RSA...
  • 3/10/2016 - Identity-Centric Management for Modern IT In today’s mobile- and cloud-driven IT infrastructure, perimeters have become much harder to define. For this reason, identity management is a key point of control. An integrated user- and identity-centric security configuration can help solve modern infrastructure challenges, including issues of access at the perimeter and the authentication and accreditation of users accessing complex resources...
  • 3/10/2016 - Reducing The Noise Today, enterprise infrastructures are borderless and are generating more data than ever. Coupled with the fact that more and more breaches are happening every year, it’s not a matter of “if we get breached”, it’s “when we get breached.” Organizations not only require a team of skilled security professionals, but also advanced security controls to detect and respond...
  • 3/9/2016 - The Defining Issue of our Time In his acceptance speech for the Lifetime Achievement Award at RSA Conference, Art Coviello once again, as so many times in the past, showed the exceptional insight and leadership that has been his hallmark throughout his career. There have been many discussions this week about the interrelationship of privacy and security, particularly in the context...
  • 3/9/2016 - Fraud Effects of Real-Time Digital Banking Payments: Is Your Bank Ready? When was the last time you read a news article about an ‘old school’ brick and mortar bank robbery?  Or perhaps even seen a new Hollywood movie about a gang of bank robbers?  I suspect the answer is……you haven’t. Online banking has facilitated a revolution in how we do our banking, with mobile pushing it even further in recent...
  • 3/8/2016 - The Envelope Please: And the Awards Go to ... RSA What do Leonardo DiCaprio and the teams at RSA have in common? Aside from the obvious — good looks and long, distinguished careers – we share one other important characteristic: We both took home heralded industry awards this past week. Leo’s Oscar might have generated a little more buzz. But, make no mistake, the two...
  • 3/8/2016 - Operational Forensics and Visibility: It's About Time The information security community is well aware of the current state of play between attackers and defenders. Attackers are quick to gain access to enterprise systems and quick to start getting enterprise data out, whereas defenders have been painfully slow to detect threats, then respond and recover. The fact-based analysis and insights that are now...
  • 3/8/2016 - E6 - Ghost in the Machine - Honey, I'm Home Greg and Marty exited the data center and made a beeline to their cubicles. Their smug looks made it apparent they were up to no good and enjoying it. They had just left their partners in crime – Erin and Carl – with a laundry list of To Dos. Erin and Carl were now busily...
  • 3/4/2016 - Ransomware Rules for Payment: Do Extortionists Have the Advantage? When an entire health system fell prey to cybercriminals and medical records were locked up by a ransomware attack in early February, there seemed no choice but to pay the sum demanded in order to avoid the impact on patient care: $17,000 in 40 Bitcoin.   And in that single moment, one hospital became the obligatory...
  • 3/3/2016 - RSA Security Analytics Adds Behavior Analytics Engine This week, RSA announced RSA Security Analytics 10.6 to help speed threat detection and response using real-time behavior analytics, enhanced detection capabilities for lateral movement and an on-demand enrichment service to provide context to speed investigations.   RSA’s focus remains on helping our customers to identify and remediate threats so that they can take action before...
  • 3/2/2016 - Authentication: One Size Does Not Fit All I’ve been coming to the RSA conference on and off (mostly on) for more than 15 years, and each year there seems to be more strong authentication vendors demonstrating new and interesting approaches to authenticating end users. At RSA, we track and test these different approaches to find the best ones for integration into our...
  • 3/1/2016 - How Organizations Think About Threat Detection: Results from the RSA Threat Detection Survey The famous British naturalist Charles Darwin believed that it isn’t the strongest or fastest who survive, but rather it’s those who are most adaptable to change. For RSA’s customers, that requires acknowledging and understanding how effective they are at detecting as well as investigating cyber threats today, and determining how they should best evolve moving...