RSA Blog - May 2016

  • 5/31/2016 - MySpace and Tumblr Breaches Put Other Consumer Brands on Alert With the unveiling of two more “mega breaches” this morning, the headlines and news cycles are clamoring for continued updates.  The more serious of the two involved the breach at MySpace with 427 million email addresses and linked passwords stolen.  The other involved 65 million unique emails and passwords stolen from the popular site, Tumblr. ...
  • 5/31/2016 - Advanced Detection Methods: Tips for Detecting Potential Insider Threat In the new era of information security, traditional controls designed to deter attackers and protect assets are being augmented by advanced detection methods and new capabilities for response and remediation. The fundamental idea is to monitor the activities and behaviors taking place within your organization’s systems, applications, and data, then use this information to distinguish...
  • 5/27/2016 - Security at Scale: Making Security Analytics Work for the Internet of Things This year more than 10 billion devices will connect to networks around the world. And in the next few years, that number will increase by over an order of magnitude. With the veritable explosion of smart devices, many of which connect not just to the network, but to each other, significant security concerns arise. Despite...
  • 5/27/2016 - Monitoring Assets and Vulnerabilities: Matching Data With Action Monitoring assets and vulnerabilities has become a high-priority security practice for many enterprises. As RSA President Amit Yoran said in his RSA Conference 2016 keynote, the inevitability of an attack is so well-known that it’s almost cliche. However, the increasing persistence and stealth of attacks is less cliche. Attack campaigns increasingly use multiple exploit methods...
  • 5/26/2016 - New PCI Multifactor Authentication Rules: Is it Too Late? The PCI Security Council just extended its requirements for multi-factor authentication to anyone who has access to credit card data. These requirements, which comes on the heels of the European Parliament adopting its revised Directive on Payment Services (PSD2) late last year, require strong authentication for all Internet transactions. PSD2 also introduces strict security requirements...
  • 5/24/2016 - How to Tailor a Continuous Monitoring Policy to Focus on Critical Assets Many organizations want to implement a continuous monitoring policy, which combines processes and technology to ensure security systems are working efficiently and effectively. Continuous monitoring enables IT teams to identify issues that could introduce risk or lead to compliance violations. As such, a continuous monitoring policy not only makes good business sense but is increasingly...
  • 5/23/2016 - Continuous Identity Assurance Allows You To Step Away Have you ever wondered how do applications know if “its still you” 10 minutes after you log in to the app? Suppose you have to join a conference call, leave for a meeting, or take a bio break. As far as the app is concerned, since you haven’t performed any activity for a given period...
  • 5/20/2016 - Not on My Dime: When Fraudsters Take a Phantom Ride As any parent with children in sports knows, it is simply not possible to be in two places at the same time.  I have tried to defy the laws of time and space by magically appearing at two different baseball fields when my sons’ games are conveniently scheduled at the same time on different fields...
  • 5/20/2016 - 5 Must-Read Articles on Advanced Detection and Incident Response Speed In his 2016 RSA Conference keynote, RSA President Amit Yoran explained that modern security is moving away from the traditional focus on prevention toward a mindset that includes monitoring and response as key security components. In particular, Yoran stressed that accelerating incident response speed is crucial for overcoming current known security threats and future attacks....
  • 5/19/2016 - LinkedIn Breach: The Death of Passwords Has Finally Arrived The headline screamed at me this morning when I opened my inbox, “117 million LinkedIn user credentials compromised.”  I had no reaction as I went to get my first cup of coffee.   Credentials have become a commodity to hackers and are sold widely and cheaply in different venues—both in the deep-and open-web.   Stolen credit cards...
  • 5/19/2016 - Conversations with the SBIC: How Industry Priorities Inform Security Agendas (Pt. 2) In my previous post, I shared a few of the key priorities the security leaders that comprise the Security for Business Innovation Council (SBIC) share in common. But council members’ industries span everything from manufacturing and financial services to defense and retail. And while all security issues are on their radar, it’s only natural that...
  • 5/18/2016 - Don't Settle for Less than 5 Stars Booking a vacation to the Caribbean? You would want to stay at a 5-star resort, right? Planning a celebratory dinner? A 5-star restaurant would be a great choice. So when it comes to aligning your business with a partner that can best suit your needs, why settle for anything less? CRN, part of The Channel...
  • 5/17/2016 - RSA Security Analytics Receives Common Criteria Certification Today RSA made the announcement that RSA Security Analytics has received Common Criteria certification.  The Common Criteria program is one that is relied on by governments and critical infrastructure providers globally to independently verify the security related claims of a multitude of security related products, ranging from Access Control Systems to Operating Systems. You will...
  • 5/16/2016 - How Enterprises Can Unlock the Minds of Cybercriminals Through Their Online Resumes Enterprise security teams have found themselves in a seemingly endless cat-and-mouse game with increasingly sophisticated and well-connected networks of cybercriminals. Until recently, many malicious hackers worked together in a clandestine fashion (e.g., on the Dark Web), but a new trend is emerging in which cybercriminals brazenly advertise their skills out in the open, through social...
  • 5/13/2016 - A Trip Report from RSA Conference 2016: Modern Identity Management For anyone who went to RSA Conference 2016 to get updated on the state of modern identity management technologies and practices, you undoubtedly got your money’s worth and came back to your office with plenty of ideas on how to improve your organization’s approach. Given its foundational role in information security, the topic of identity...
  • 5/12/2016 - Conversations with the SBIC: What's Top-of-Mind for Top Security Leaders? (Pt. 1) We recently had the opportunity to discuss what’s top-of-mind for the Security for Business Innovation Council (SBIC), a group of security leaders from Global 1000 enterprises including Boeing, General Electric, Walmart, SAP and ADP. If there’s one thing SBIC members agree on it’s this: security strategies that focus solely on prevention just doesn’t work in...
  • 5/10/2016 - Enabling the Advantaged Enterprise I was in my 36th floor hotel room in Las Vegas one afternoon last week, after a day of presentations at EMC World, when I was startled by something banging the side of the building above my window. A man in a rope sling winched slowly into sight, swaying from side to side, twirling slightly....
  • 5/6/2016 - Fraud Investigation: A Big Job for Small Teams RSA recently conducted a survey among security and fraud investigation professionals within the e-commerce industry to gauge the cyber threats and business challenges that plague them most.  While many interesting insights emerged, there was one that stood out: finding the source of fraud takes too long. Among the observations and conclusions: Detecting fraud/suspicious activity isn’t...
  • 5/4/2016 - Third and Fourth Party Risk Management: Access-as-a-Risk By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing...
  • 5/3/2016 - Identity for Modern IT: Balancing Provisioning and Integration in IAM With the introduction of RSA Via Lifecycle and Governance 7.0, RSA Vice President of Engineering and Product Management Jim Ducharme emphasized “make it easy” as one of the four main themes for this latest release, particularly in the areas of onboarding new users and integrating new applications. Research from the Aberdeen Group on identity and...