RSA Blog - May 2017

  • 5/31/2017 - Chances are your account has been breached When it comes to protecting personal data, there are three types of people in the world: Those who go to great lengths to protect their personal information, using unique passwords and trying to remain un-breached. Those who are ignorant or ambivalent to the impact of breaches and the personal security risk they entail. Those who...
  • 5/19/2017 - What Really Led to WannaCry? Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts...
  • 5/17/2017 - Metrics (Not Just Fun Facts!) Are key to driving a Business-Driven Security Strategy Dave Gray & Azeem Aleem “What’s Measured Improves” Peter Drucker It’s mid-2017 and we have already witnessed the conundrum across organizations as the pressure of building a more efficient business creates loopholes for cyber criminals to gain an advantage. In a previous blog we talked about the traditional perimeter melting away and how the “not...
  • 5/17/2017 - The Business Value of RSA Archer Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is...
  • 5/16/2017 - What Your Business Can Learn from WannaCry The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in...
  • 5/16/2017 - Failure to Communicate: Why SOCs Fail! I’ve had the privilege of working in a few different SOCs at various maturity levels ranging from the stony shores of regulatory compliance – “Yes, we have a security solution”, to the deep shark-infested waters of a global enterprise under frequent attack by nation state-sponsored attack groups. Throughout all of these different engagements, I’ve worked...
  • 5/15/2017 - New Survey: Consumers Increase Security Expectations in Wake of Password Breaches Several years ago, I was talking to an organization which had recently deployed risk-based authentication on its online customer portal. Based on their business model, I was especially curious to learn why they had selected to add consumer authentication to their website.  The answer was simple, “It is a competitive advantage for us.” Fast forward...
  • 5/15/2017 - Six Keys to Successful Identity Assurance - Flexible Authentication So far, we’ve discussed the first five keys to a successful identity assurance: business context, anomaly detection, machine learning, broader ecosystem, and consistent experience. Let’s close the series with an important topic for both end users and administrators: flexible authentication. Administration Flexibility When we think of providing flexibility for administrators, we focus on the authentication...
  • 5/11/2017 - The Next Generation in Consumer Authentication and Fraud Prevention Fraud risk management has become a burden in recent years, and not just because the attackers have gotten better at their game. The tools and technologies used to detect and mitigate fraud events are better, but they are also plentiful. A recent RSA survey found that 57% of organizations use between 4 – 10 different tools...
  • 5/10/2017 - How Ransomware uses TMP files and the Temp folder In my previous blog, Why Malware Installers Use TMP files and the Temp folder, I discussed the advantages malware can have by using atomic writes instead of simply copying the malware to the intended location. In this blog, I discuss how ransomware uses the same technique for its purpose and how it is different from...
  • 5/9/2017 - Your Cell Phone has a dirty little secret it does not want to tell you If you are a fan of the CBS Show 60 Minutes  you may have seen a couple of well-done episodes around the espionage and intrigue of spies hacking cell phones. The problem is that these episodes don’t go far enough informing the average user as to the extent of the vulnerabilities. Inter-telco communications leverages a protocol...
  • 5/9/2017 - Authentication Your Way: Have Your Security and Convenience, Too Your diverse, dynamic user base demands fast, convenient authentication and access—no matter where they are or what devices they are using. But you need authentication to be secure above all, with visibility across all applications and resources (cloud to ground),the assurance that your users are who they say they are and entitled to the access...
  • 5/5/2017 - Risk Is a Reality, Make Sure Rewards are Too Return on investment. Total cost of ownership. Productivity gains. Payback period? What am I – a financial wizard or a risk professional? If you are in the risk management profession today, you have to be both. Being a top notch security guru that can navigate SQL injection code or rattle off the NIST 800-53 control...
  • 5/4/2017 - Yin and Yang: Two Views on IAM - Nature or Nuture By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris...
  • 5/3/2017 - SuperCMD RAT On April 8th, an interesting DLL was uploaded from Canada to VirusTotal. What makes it interesting is that the detections on VirusTotal are mostly heuristics and do not settle on a single family. The malware is also configured to beacon to an RFC1918 internal IP address, however, the name 816db8a1916201309d2a24b4a745305b.virus indicates it was picked up...
  • 5/3/2017 - Six Keys to Successful Identity Assurance - Consistent Experience In previous blog posts in this series, we talked about many ways to intelligently determine the right level of assurance for users gaining access to specific resources. While much of the goal is to minimize interruptions in the user experiences for authentication, there are many times when the user needs to interact in some way...
  • 5/2/2017 - RSA Identity Governance and Lifecycle: An Executive View from KuppingerCole When one of the leading independent analyst organizations in the identity space weighs in favorably on your approach to identity governance, that’s news worth sharing. In the KuppingerCole Report “Executive View: RSA® Identity Governance and Lifecycle,” analyst John Tolbert gets at the heart of RSA’s belief in the effectiveness of an integrated, comprehensive, end-to-end approach:...
  • 5/1/2017 - Chasing the Rabbit: Cybersecurity Through the Camera Lens Azeem Aleem and Dave Gray Nothing will work if you are not serious about it – Sam Abell This blog is intended to take a different perspective (pun intended) of how we view our security platforms and how to go about rationalizing our Business-Driven Security™ decisions about cyber threats and mitigation strategies. It all comes...