RSA Blog - June 2016

  • 6/30/2016 - Identifying Fraud Faster with Intelligence Feeds - Web Threat Detection v6 Online fraud remains as much a part of digital life as URLs. Fraudsters are constantly devising new ways to separate consumers from their money, login credentials, Personally Identifiable Information (PII), healthcare data and anything else that can be monetized. Even more, they are doing it with speed and sophistication, but most damaging, they do it...
  • 6/28/2016 - Behind the Glass Walls of the Black Hat NOC 2016: RSA Takes the Challenge Every year, the increased sophistication of threat actors and the expanding attack surface makes it more challenging for the Black Hat NOC security teams to maintain a highly functional environment that is safe and secure but doesn’t stifle productivity and learning. When you have an assembly of the best and most advanced security experts, hackers,...
  • 6/24/2016 - Privacy and the Smart Grid Although much of the focus in the SPARKS project, for which I’m the technical director, has been on cybersecurity’s role in minimizing the risks and costs of power disruption, the project has also been concerned with identifying and mitigating risks to privacy that may be entailed by the deployment of Smart Grid.  One of the...
  • 6/22/2016 - Consumer Security vs. User Experience in a Mobile World Most people have had to go through the slow, and sometimes frustrating, process of standing in an airport security line at least once in their life. While not convenient for frequent flyers, we understand that although it is time consuming, it is vital to ensure security for people’s lives. However, this is not how customers...
  • 6/16/2016 - RSA Via Lifecycle and Governance Named a 'Leader' in 2016 Forrester Wave: Identity Management and Governance Report RSA is happy to announce that RSA Via Lifecycle and Governance has been recognized as a ‘Leader’ in The Forrester Wave™: Identity Management and Governance Q2, 2016 report!  (View and download the report here) Forrester evaluated 9 of the most significant Identity Management and Governance providers across 17 criteria, and recognized RSA Via Lifecycle and...
  • 6/14/2016 - Beginning the Journey to Cybersecurity Maturity RSA just released results of our second annual RSA Cybersecurity Poverty Index. We’re really excited about the results, but it may not be for the reasons you think. We’re excited because of the number of respondents (more than double the 2015 Index), the breadth of industries and governments represented, and the amount of time organizations...
  • 6/14/2016 - Announcing RSA Archer GRC 6.1 RSA Archer GRC 6 (6.0) was launched in November 2015 under the theme “Inspire Everyone to Own Risk.”  GRC 6 focused on providing organizations with an industry leading GRC platform to transform risk management by engaging everyone within an organization in the risk process. Today, organizations must implement the “three lines of defense,” making risk...
  • 6/13/2016 - Current State of Cybercrime in 2016 The bon mot that “crime doesn’t pay” certainly predates the advent of cybercrime. Today, these digital hold-ups against businesses are highly profitable.  Let’s face it: if cybercrime was a publicly traded stock, realizing the return on investment, we’d all be on the phone with our respective broker begging for them to include it in our...
  • 6/13/2016 - Building rockstars in SOC What makes detection most effective? I know you are thinking technology. However, if you have been in the security operations domain for long, you know the answer. It’s the “people” who use the technology. As a infosec leader/member for your organisation, you should continuously look for methods and tools that make your teams better and...
  • 6/10/2016 - How to Speed Up Incident Response Having an incident response plan in place is key if you want the ability to speed up your company’s reaction to security incidents. However, a recent survey by the Security for Business Innovation Council (SBIC) found that just 30 percent of large organizations have an incident response plan, and of those that do, 57 percent...
  • 6/9/2016 - "I am an imposter." I was invited to give a keynote at the Cloud Security Alliance (CSA) Congress in Dublin recently, on behalf of my EMC colleague Said Tabet. Two years before, I had spoken at the CSA Congress in Rome about the EU-funded SPECS and SPARKS projects and their relevance to cloud in terms of GRC and security analytics....
  • 6/8/2016 - Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise In April, I wrote two blogs (How Hungry… and Appetite and Exercise) on the concept of risk appetite. I highlighted the fact that organizations must take on risk to drive growth within the business. That risk must be balanced with activities to manage the risk within a tolerance that is acceptable to the organization. Some...
  • 6/7/2016 - Identity for Modern IT: A New Appreciation for User Experience The following is a simple analysis that puts into perspective the user experience of modern IT that organizations typically require their users to endure: Imagine a midsize enterprise with 1,000 users, each of whom has between one and three devices that connect to the enterprise infrastructure. Each user has installed between 25 and 100 applications...
  • 6/3/2016 - Two-Factor Authentication Is a Must for Mobile For the past few decades, two-factor authentication has been used by businesses to enforce entitlements to access sensitive corporate applications and data. It provides an extra layer of security beyond username-and-password authentication mechanisms, which are notoriously insecure and burdensome for users to remember. Now, as the use of mobile devices in the workplace increases, this...
  • 6/2/2016 - Governance is the Center of the Universe We all know by now that granting access to our sensitive applications introduces all sorts of “what-ifs” in an organization. What if my accounts payable admin, disgruntled and upset, decides to abuse her access to my payment system to funnel funds outside of the company? Or what if she decides to plug in her USB...