RSA Blog - November 2016

  • 11/22/2016 - Conquering the Rising Threat of Malvertising The recent shift in enterprise application platforms from desktop to mobile has brought with it many exciting benefits, which organizations have recognized and leveraged to provide a more flexible and convenient workplace. Unfortunately, individuals and groups with less honorable intentions have also taken notice of this shift. In fact, a report from ISACA predicts a...
  • 11/22/2016 - The Criminal Appeal of Advanced Ransomware: How Can Companies Protect Their Files? Advanced ransomware—malicious software designed to take control of a computer system and hold it hostage until the victims pay for its release—is one of the fastest-growing areas of cybercrime. Another closely related threat is cyberextortion, where attackers threaten to cause harm to a company by releasing sensitive information to the public or sustaining distributed denial-of-service...
  • 11/21/2016 - PSD2 and the E-Commerce Ecosystem Authored by Ian Newns The European Banking Authority recently drafted the latest Directive on Payment Services II (PSD2), which serves as the legal foundation for a cross-EU payments market.  In 2016, European e-commerce sales are expected to increase 17% to €183 billion and the use of payment service providers (PSPs) is increasing significantly. Couple this with...
  • 11/13/2016 - Industrial Control Systems (ICS) Ambiguity? Authored by Gareth Pritchard, Azeem Aleem, Peter Tran From the days of Slammer, Stuxnet, Shamoon, etc., to the recent Ukrainian (black energy) Power Grid and “Panel Shock” Attacks, we are witnessing a sophisticated surge in the attack domains across industrial control systems. The shift from legacy systems towards process control networks with connectivity around enterprise...
  • 11/9/2016 - Tales from the Black Hat NOC: Are We Broken? Walking through the expo hall at Black Hat Europe was uplifting – if the vendor booths were to be believed, APT’s can be stopped in their tracks, Ransomware protection can be guaranteed, and phishing can become a term applied to lake activities again. All it requires is buying this tool! It made me wonder why people...
  • 11/7/2016 - Blues and Bridging the Gap of Grief The sound of blues flooded our ears, as approximately 2,000 information security professionals settled into the Ernest N. Morial Convention Center in New Orleans, LA, for the third annual RSA user conference, RSA Charge, from Oct 25-27. With our stomachs stuffed with local popular fare inclusive of crawfish, oysters & biegnets as we traversed Bourbon Street to...
  • 11/4/2016 - Tales from the Black Hat NOC: Finding Mr. Robot? The most significant part of Black Hat Europe 2016 finally started, and as expected – we are watching the arrival of smart security experts, who have come to the event to exchange information or show off their latest tools and products. While it’s hard to say what kind of skilled “hackers” we can expect during last...
  • 11/3/2016 - Tales from the BlackHat NOC: Fish and Chips Edition We’re in the first day of training at Black Hat Europe 2016, and once again – the RSA Black Hat NOC team is volunteering. This round, we’ll have more full packet capture, log analysis, session reconstruction, and analytics for both the wired and wireless networks provided by RSA NetWitness. Except this time, there is one difference (besides...
  • 11/3/2016 - Tales from the Black Hat NOC: Setup in London Arrival into London went without a hitch. I then took the train to Angel station and walked to the Business Design Center, which is my home for the next week, during the Black Hat Europe 2016. After walking through the doors and finding my way I was greeted by a room full of boxes. Time to...
  • 11/3/2016 - 3D Secure 2.0 - The New Sheriff in Town We are thrilled about the release of 3D Secure 2.0 and feel that the revised protocol has the potential to significantly reshape the fraud landscape in the card not present space
  • 11/2/2016 - Revisiting the SOC Structure Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are...
  • 11/1/2016 - Stirring Up GRC Ghosts at RSA Charge 2016 We held RSA Charge 2016 in New Orleans, the week prior to Halloween, in the “most haunted city in America” – and what a phenomenal turnout! We were thrilled to have more 2,000 attendees register and join us in person to share best practices for GRC, security and business risk management.  The conference proved again...