RSA Blog - August 2016

  • 8/31/2016 - Recent Breach Highlights Differences in IDaaS Approaches As I talk to customers who are looking into leveraging cloud Identity services and are thinking about issues around how and where user data is stored and processed, I sometimes come across a customer who throws up their hands and says something like “the identity data is already in the cloud anyway –at the service...
  • 8/30/2016 - Information Assets: Knowledge is Power Sir Francis Bacon is attributed with the quote, “Knowledge is Power”.  There have been many variations on this phrase but I want to add one more twist around information assets. I presented at a conference last week where the session was dedicated to discussing the risks and remedies of ransomware, which are the practices and technologies used by...
  • 8/29/2016 - The Perils of Consumer Single Sign-On From social media to gaming sites, every headline of a new breach makes me groan, “Time to change my password.”  It’s a begrudging task, but I still have not been pwned.  Aside from the risks associated with the common problem of password recycling among consumers, there are far too many online websites that enable consumers...
  • 8/24/2016 - How do you create a Zero Day vulnerability every day? The answer is easy, don’t correctly manage the people you let into your business! I have been working in Identity and Access Management for over 10 Years, both as the leader of the Identity Services team at JP Morgan Chase and as an Identity Management Architect at RSA. I’ve had countless discussions with customers about...
  • 8/22/2016 - Context in Risk-Based Threat Patterns Risks come from various sources that are not always possible to identify and subsequently prevent and mitigate in advance. With the growth in cloud, social, mobile and “bring your own device” computing, the size of the attack surface is greater than ever. Many attack scenarios are possible mainly due the complexity of the network’s topology and...
  • 8/20/2016 - Major Events and Hacktivism #OpOlympicHacking Introduction As anyone who tracks attacks on the internet can tell you, Activists using hacking activity, aka “Hacktivists”, have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses. With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see...
  • 8/19/2016 - Playing Pokemon Go? Read this. Hands up those who would leave their front door unlocked and all their personal information like passports, identity cards, bank details, their children’s details and even passwords left out for cybercriminals to exploit? Not many of you? Well, you will be surprised because that’s exactly what Pokemon Go players are doing.  If you sign up...
  • 8/18/2016 - Tales from the BlackHat NOC: Learning from the right people The week I spent in the BlackHat NOC was great exposure to both new and evolving technology and new people. As a team member of the RSA team in the BlackHat NOC I tried to approach my time there by learning as much as I could about not only the data on the network, but how our products function...
  • 8/17/2016 - Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 2) In Part 1 of “Tales of the Black Hat NOC: The Stages of Security Adolescence,” I discussed the maturation process of the Black Hat NOC, and security strategies in general.  In the blog post below – you can see the adjustments we made and additional steps we took towards optimizing our NOC at Black Hat. ...
  • 8/15/2016 - Your Step-Up Authentication Compass... NIST & SMS - Finding North An estuary is the area where a river meets the sea (or ocean), where fresh water from the river meets salt water from the sea. The fresh draft of the NIST Digital Authentication Guidance (NIST SP800-63B) has been let loose into the salt waters of the public and certainly provoked some conversation of late around...
  • 8/12/2016 - After Black Hat: Shaming is Easy (When You Don't Encrypt) During the Black Hat 2016 NOC outbrief session, Grifter, aka Neil Wyler made a counter-intuitive statement to a crowd of roughly 500 attendees, eager to see which of their online activities would be exposed center stage: “I look forward to the day when I can’t see anything you’re doing on the Black Hat network”. Wait… what?...
  • 8/11/2016 - A New Generation of Hackers Target the Gaming Industry Hackers love a crowd. That’s true when it comes to social media networks, government system websites, financial institutions, retailers, and, based on recent headlines, gaming sites.  For an industry projected to be worth nearly $100 billion in 2016, gaming offers a lucrative industry for cybercriminals.  Last year, gaming accounted for 1 in every 50 e-commerce fraud transactions,...
  • 8/10/2016 - Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 1) RSA's Scott Carter asks: How do you secure a rapidly changing environment that you don't understand?
  • 8/5/2016 - Tales From The Black Hat NOC: Chaos So Organized, Even a T-Rex Can Do It By Wednesday morning, the traffic profile switched from compartmentalized, per-classroom monitoring, to a chaotic sea of conference wireless...
  • 8/4/2016 - Tales from the Black Hat NOC: What's In Your Classroom? Hanging in the NOC that last couple of days has confirmed one thing.  Creation of content to support an information security program is an ongoing process.  
  • 8/3/2016 - Tales from the Black Hat NOC: Attendee Attacks, Loud and Proud We are approaching the end of Black Hat‘s training days. It’s an interesting time when the expo floor still sits quiet, but the Black Hat network is as noisy as ever – as seen by the RSA volunteers working inside the Black Hat NOC. The majority of this noise is being generated by teachers and students, demonstrating...
  • 8/1/2016 - Tales from the Black Hat NOC: Data in the Clear I started my day by reading an article about how to stay safe during Black Hat and DEF CON.  There were suggestions like – don’t bring a laptop, not to bring your smartphone, to leave your wallet at home, and only carry cash.  Why would such recommendations be made?  Black Hat and DEF CON attract security professionals, as well...