RSA Blog - April 2017

  • 4/26/2017 - Six Keys to Successful Identity Assurance - Broader Ecosystem Earlier in this blog series, we discussed anomaly detection and machine learning focusing primarily on examples that included information you could expect to be available from the system that provides your identity assurance. It’s likely, however, that there is much more data that can be leveraged for making system access decisions in your current IT...
  • 4/24/2017 - Is the cyberworld doomed to be unsafe forever? Before seeking an answer, let’s question the question. I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great...
  • 4/21/2017 - Get to the Choppah A new variant of this tool, previously reported in 2013 by TrendLabs, was submitted to VirusTotal from the Philippines on March 27th, 2017. Its original filename, 2017.exe, was prescient since it has the ability to exploit CVE-2017-5638 and other previous Apache STRUTS vulnerabilities. File Details File Name: 2017.exe File Size: 107008 bytes MD5:        ...
  • 4/20/2017 - Yin and Yang: Two Views on IAM - HR vs Identity Management By Steve Mowll and Chris Williams POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data! Steve Mowll, Systems Engineer, RSA Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is...
  • 4/20/2017 - What's Really at Risk With Reputation Risk When boards express anxiety about cybersecurity risk, one of the foremost fears they face is reputation risk. Why is that? Because cybersecurity failures do cause reputation damage, and reputation risk is scary. A security failure can immediately bring unwelcome headlines, hits to the share price and probing questions from business partners Security failures can also...
  • 4/17/2017 - Black Hat Asia NOC: Malware visibility By Chris Thomas and Mike Sconzo In the Black Hat Asia NOC we worked to ensure the wireless network was available for presenters and attendees. As part of our monitoring, we kept an eye open for any malware present on the network. RSA NetWitness® Suite’s Malware Detection capabilities look for network sessions containing file-types typically...
  • 4/17/2017 - Six Keys to Successful Identity Assurance - Machine Learning In our last discussion on the six keys to an identity assurance strategy, we talked about anomaly detection. In that blog, we discussed recognizing normal and abnormal behavior. Recognizing this behavior, and adapting to changes in that behavior, is where the topic of this blog starts as our next key component of an identity assurance...
  • 4/14/2017 - A Different Take on Keystroke Logging On March 29th a file was uploaded to VirusTotal containing a fake Microsoft Update Authenticode certificate. Soon thereafter, RSA Research investigated the sample based on certain artifacts that matched those present on Shell_Crew malware RSA Research previously reported on. This Windows DLL file was compiled on October 28th, 2014 at 06:35:47 GMT (Table 1). File...
  • 4/13/2017 - The Fiesta Exploit Kit - Not So Festive After All Exploit kits (EK) are a very popular with attackers to compromise a target system. The ease of use and its success rate compared to other infection vectors are among the reasons attackers are attracted to using these kits. In recent years, exploit kits were used to deliver ransomware, the most famous of which was the...
  • 4/10/2017 - Six Keys to Successful Identity Assurance Strategy: Anomaly Detection In granting access to users, understanding their behavior goes a long way towards providing frictionless security. As part of our blog series, Six Keys to a Successful Identity Assurance Strategy, we continue to explore going beyond simple two-factor (2FA) or multi-factor authentication (MFA) to create a successful identity assurance strategy for your organization. Previously, we...
  • 4/6/2017 - Resiliency and Risk Management I’m glad the world didn’t end during DRJ Spring World 2017 conference as more than 1,000 of the world’s business continuity and disaster recovery specialists were there! It was a great conference and I had the pleasure of presenting on building resiliency across the organization’s value chain, and the key relationship between business resiliency and...
  • 4/6/2017 - Why Malware Installers Use TMP files and The Temp folder when infecting Windows Ever wonder why there are too many TMP files detected on an infected system? Even if they have different names, the file are exact copies of one another, why? The first thing a malware installer (first stage of infection) does when executed on a target system – be it a dropper or downloader – is...
  • 4/6/2017 - Sydney CRO Summit: Cultivating a Resilient Risk Culture If you knew that an action you were contemplating could conceivably cost your organization billions of dollars, permanently ruin its reputation and maybe get the CEO fired for good measure, would you risk it? I’m going to go out on a limb and say you probably wouldn’t. Yet people do it all the time. Why?...
  • 4/5/2017 - Choosing a Modern Authentication Solution: 3 Key Considerations Today’s organizations need to deliver convenient, secure access for the modern workforce. Users want the ability to access systems and applications from anywhere and any device. But before providing them with this access, organizations must be able to verify that users are, in fact, who they say they are. RSA SecurID® Access is an award-winning...
  • 4/4/2017 - The evolution of a Threat Pattern In an era of agile development and digital transformation, any application is subject to ongoing enhancement and improvement. Indeed, software engineering is a complex process with many interdependent tasks where multiple functions share responsibilities to strike a balance between software quality and business objectives, regardless of the specialized nature of the teams within the organizational...
  • 4/3/2017 - The Latest From The RSA NOC At Black Hat Asia When sitting in the Network Operations Center (NOC) for one of the world’s largest hacker and security conferences, sometimes no news is good news. Here in the Black Hat Asia NOC, we anticipated and prepared for the region’s hackers to come and share a wireless network. Following initial set-up, during the training days, we observed...
  • 4/3/2017 - Driving Resiliency Through Operational Risk Management I recently had the pleasure of presenting with a panel of RSA Archer customers on the topic of “Building Resiliency Across the Value Chain” for a Disaster Recovery Journal webinar. Two key questions were posed to the attendees. The first question was: “Where is your organization on the business resilience scale?” The responses were: Recovery...