RSA Blog - August 2017

  • 8/31/2017 - TLS Security and Data Center Monitoring: Searching for a Path Forward Protocols are evolving to meet the demands of the future. We must continue to strengthen the security of these protocols to keep pace with the threat landscape. As such, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet.
  • 8/29/2017 - Big Hearts lead to Big Cybercrime Watching the news over the weekend has revealed a global outpouring of support for people impacted by the latest hurricane. These are the times when humanity shines and many corporations look beyond their bottom line, offering both money and employees to help. However, what brings out the best in humanity also brings out the worst in cybercriminals. They know any time there is a natural disaster many of us are desperate to help and so they play on our emotions – and wallets.
  • 8/29/2017 - 7 Steps to a GRC Risk Management Framework-5: Residual Risk Of the many challenges managing information risk, perhaps the greatest is knowing where to focus risk management resources. If you don’t have a clear understanding of the risk associated with the information in your organization, you may end up misdirecting scarce resources.
  • 8/23/2017 - A Security Decision – Build or Buy We are sometimes asked to compare our threat detection and response solutions to those custom assembled by security experts using various open source products. With a wide array of quality point solutions available, it’s natural to consider whether a combination of best-of-breed open source solutions can be a better option for a particular organization...
  • 8/22/2017 - 7 Steps to a GRC Risk Management Framework-4: Evaluate Risk Treatments Continuing our journey through the seven steps to build a risk management framework for information leads us to evaluating the risk treatments available to you. In evaluating risk treatments, as in the previous steps, documentation is key.
  • 8/21/2017 - My Summer Defending the Digital Universe In RSA’s quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O’Connor as a summer intern on my team. During her exit interview I asked her what she didn’t realize about cybersecurity and fraud prevention prior to her internship and what advice she would now give.
  • 8/17/2017 - Addressing Identity Risk Factors Mobile and Cloud have raised the stakes for security in general and for identity-related security challenges in particular. But while identity-related risk has grown tremendously, in many ways, the risks themselves are ones we’ve long recognized – such as orphaned accounts, segregation of duties (SoD) violations and privileges following users to new roles, among others.
  • 8/15/2017 - 7 Steps to a GRC Risk Management Framework-3: Assess Risk We’ve talked in this space about the seven steps to building a risk management framework for information, starting with identifying information to protect and determining the characteristics of that information. In step three we assess the inherent risk associated with the information.
  • 8/14/2017 - Demystifying the Black Box of Machine Learning Nowadays, it is common to use machine learning to detect online fraud. In fact, machine learning is everywhere. Due to its independent nature and human-like intelligence qualities, machine learning does, at times, seem like an inexplicable “black box.” But truth be told, machine learning doesn’t have to be like that. Here is what you should know if you decide to give “computers the ability to learn without being explicitly programmed.”
  • 8/9/2017 - Skills Shortage: The Intelligent Application of Force Multipliers Many organizations struggle to staff and maintain security operation teams due to a serious shortage of skilled security analysts. The struggle isn’t just about filling open roles; it is equally hard to drive the needed productivity of the resources already in house to make sure the alert that matters doesn’t go unnoticed.
  • 8/9/2017 - Enterprise Network Security at the Black Hat 2017 NOC Standing up a complete enterprise Network Operations Center (NOC) in two days is no small feat, but doing so for one of the biggest security conferences – Black Hat 2017 - is truly daunting. But it’s not just setup, it’s also running the NOC and giving tours. Providing unified log management, network capture and dashboarding for the many tours and media events is an involved process putting analysts’ skill to the test. Creativity is required … appliances but no rack? No problem! Moving carts work just fine in a pinch.
  • 8/8/2017 - 7 Steps to a GRC Risk Management Framework-2: Locate Data In our first post on the seven steps to building a GRC-based risk management framework for information, we talked about step 1: identifying information that is important enough to warrant protection. Once you’ve identified information important enough to be protected, within its business context, you can move on to determining whether you actually have any...
  • 8/3/2017 - Turbocharge your Threat Detection and Response with Endpoint Data Logs are important – no doubt – but, unfortunately, this log-centric approach tends to ignore other technologies and data sources that can act as force multipliers to add powerful business context, provide important data correlation, and help reduce inefficiencies.
  • 8/1/2017 - 7 Steps to a GRC Risk Management Framework-1: Identify Information Managing information risk can be a paralyzing challenge, given the amount of data and information that comes pouring in daily. It’s hard to know what information needs to be protected, let alone the most effective way to do it. RSA has developed a practical seven-step methodology for building a risk management framework for information. Derived...