Blog: RSA Point of View

Uniquely linking business context with security incidents to help organizations manage risk & protect what matters most.

  • 10/21/2019 - To Transform Your Business, You Must Transform Risk Management The nature of risk management is changing as organizations transform digitally. At RSA® Charge, ITSPmagazine talked with RSA thought leaders, partners and customers to gain insight into the risks of digital transformation, and how to manage them. Check out their conversations in this blog.
  • 10/10/2019 - The East India Company, Rockefeller and Risk Digital initiatives are changing how companies operate today and how they dream about tomorrow. The risks that are pursued and the opportunities that are uncovered rely on quantifying digital risk effectively. This includes understanding loss exposure in financial terms and the ROI and business case of the positive results as factors in a risk assessment.
  • 10/3/2019 - Are You Really Cyber Aware? Are you as prepared as you should be to manage digital risk and address new cybersecurity challenges? See what considerations you should make during National Cybersecurity Awareness Month.
  • 9/10/2019 - Experts Weigh In: The Digital Risk Challenges of a Smart City Driving towards Smart City innovation will disrupt the security of many countries. Industry experts weigh in on what challenges could be ahead and how to manage the potential digital risks.
  • 8/20/2019 - Digital Transformation: New Security Challenges & Renewed Call for Governance Despite increased investment in security, the number of large-scale breaches continues to grow. PWC's Paul O'Rourke weighs in on what organizations need to do to address the challenge of digital risk.
  • 8/8/2019 - How many C-level execs own your security infrastructure? C-Suite involvement in cybersecurity planning is essential, but you need to be organized and share responsibilities across departments and disciplines.
  • 7/31/2019 - Real-Time Observations in Security Hygiene The most recent breach is notable in that several missteps occurred. These missteps are good reminders of the importance of security hygiene in a hyperconnected world. Take a moment to review and then ask yourself if there’s anything here you can apply to your organization
  • 7/23/2019 - The New Why of Cybersecurity We talk a lot about the what and how of cybersecurity. “What we can do to leverage modern technologies?” “How can we ensure that the future is, indeed, better?” Several hundred billion dollars and a few decades in it is time to rethink the why.
  • 7/17/2019 - Taking the Lead: Addressing the Cyber Skills Gap in Asia-Pacific The cybersecurity talent shortage is a global industry struggle, but one that we can address with time, investment and – most importantly – partnerships. RSA is doing its part with the RSA Academic Alliance Programme across South East Asia.
  • 7/15/2019 - RSA Academic Alliance Programme – Plugging the cybersecurity talent gap Since 2014, RSA has been charting its course together with higher learning institutions to address the global shortage in the cybersecurity talent pool, as well as fighting off cyber threats. The RSA Academic Alliance Programme is a gradual and sure way for each country to deliver and close that talent gap. Read what some of the leading institutions in South East Asia are doing.
  • 7/9/2019 - Taking hybrid cloud security to the next level Are you managing your cloud environments with care? See three best practices for gaining control of an expanding environment and help mitigate digital risk.
  • 6/6/2019 - Extending Zero Trust to Digital Risk Management How do you establish the right level of trust in a Zero Trust world? The answer: It depends. The greater the risk associated with rogue access, the higher the level of trust you need to grant access to a resource. With the right level of visibility, you can gain the insights to accurately gauge risk and take action to protect what matters most.
  • 6/4/2019 - Risk Analysis vs. Assessment: The Real Key to Understanding Our Digital Transformation Across industries, legacy security issues persist, but investment in tech innovation also introduces new risks. See how InfoSec teams can work with business leaders to assess and analyze these risks.
  • 5/14/2019 - Managing the Security Transformation for the Truly Distributed Enterprise As your workforce spreads across the planet, you’ll need to support a new collection of devices, networks, apps and endpoints. Is your organization equipped to manage the digital risks associated with a dynamic workforce?
  • 5/6/2019 - With the Increased Adoption of Advanced Technologies, Can Digital Risk Be Far Behind? Digital transformation results in many organizations using robotics and artificial intelligence (AI). This, in turn, raises issues about privacy, cybersecurity and other digital risks; and now regulations may be on the way. Here’s a look at what’s happening and how to be prepared.
  • 4/16/2019 - Third-Party Risk: The Soft Underbelly of Cybersecurity Security vulnerabilities and risk brought on through third-party partners will grow as organizations undergo digital transformation. Here’s how you can begin to manage the risk.
  • 3/26/2019 - Understanding the Trust Landscape As the pace of digital transformation quickens, managing digital risk has become essential to maintaining trust in essential systems.
  • 3/19/2019 - Thinking about Digital Risk? Learn from Others While challenges in digital business operations are like well-known technology risks, there are nuances to today’s world that require a new perspective. We can certainly look to lessons learned by others to deal with emerging risks related to digital transformation.
  • 3/14/2019 - Digital Risk Management: Where do I start? The fast moving, high stakes of digital business takes a new perspective. Knowing where to start clearing out the blind spots will help you understand what exposure there is and create an integrated strategy that enables innovation while managing risk.
  • 3/10/2019 - The Trust Landscape Better. The 2019 RSA Conference theme celebrates our successes and urges us to continue improving the security of our digital world. This year's RSA keynote took us on a fictional journey, but also presented many key truths. There are actions we can take now to help bring about our better digital world -- our Bio-Digital era where we win with Trust.
  • 3/8/2019 - An Open Letter to the Cybersecurity Industry on International Women’s Day When we come together, we have the power to do remarkable things that have a significant positive impact across the globe. In our mission to help our customers and communities thrive in today’s high-risk world, it means making sure we are looking at problems from new perspectives. Not just technology issues, but people issues.
  • 3/5/2019 - Why You Shouldn’t Worry about Risk Risk professionals use the age-old question ‘What keeps you up at night?’ to identify an executive’s biggest concern. But worry is about fear and your executives shouldn’t be afraid in today’s world. They should have informed concerns. And you – as the security or risk person in the room – should be feeding insights to raise their visibility of the likelihood of events and diminish their distress on the negative impacts.
  • 1/22/2019 - Data is the New Currency - Own Your Data or Someone Else Will National Data Privacy Day reminds us how important it is to be empowered to take ownership to protect our privacy, control our digital footprints and advocate for the protection of privacy and data.
  • 1/3/2019 - Sleepless in Security: Sensor-y Overload A recent gas line explosion is a reminder that in an era of wireless sensors, the protocols used to communicate, and the software that manages them are potentially vulnerable to digital risk.
  • 12/13/2018 - A Theoretical Riskicist's Guide to the Universe Risk has so many variables it is really overwhelming to investigate the future and predict how risk management will transform. When thinking about the future of risk management, it must be approached much like we approach another really, really complex concept... the universe. The Riskicist's Guide leads you through the complexity and come out the other side with a better understanding of how best to manage risk in your organization.
  • 12/10/2018 - Build a Global Anti-Fraud Operations Center in Five Steps Fighting global cybercrime is not an easy job, but someone must do it. As organizations undergo digital transformation, the opportunity for attack expands creating unwanted exposure, challenges and vulnerabilities. The RSA Anti-Fraud Command Center has been fighting cybercrime for 15 years with over two million cyber attacks shut down. Learn how they started and the five steps needed to build a world-class anti-fraud operations center.
  • 12/4/2018 - 7 Security Trends to Watch in the New Year In time for the New Year, David Strom shares seven things security professionals need to be thinking about and how they could impact their organization.
  • 11/15/2018 - Santa's Little Helpers? The Surge of Seasonal Workers Brings Additional Risk Learn how to quickly onboard temporary holiday staff without over entitled access and avoid abandoned accounts upon their departure.
  • 11/1/2018 - How Secure is Your Digital Presence? Hacking is now big business for criminals. With the creation and availability of data exploding, it’s time to look at how we got here, and what we can do to secure our identities.
  • 10/25/2018 - Will you miss your favorite passwords? We rely on passwords to reach our digital destinations, much like we once relied on printed maps to get from point A to B. Technology, like Global Positioning Systems (GPS), made printed maps virtually extinct. Now, with new technology from Microsoft, could passwords finally go the way of the dinosaur, or at least become an endangered species?
  • 10/22/2018 - Three Ways to Ensure We Win the AI Cyber Arms Race Artificial Intelligence and Machine Learning are considered by many to be the next evolution of the cybersecurity mousetrap. However, the security community must first proactively work together to win the AI cyber arms race and keep what could be our greatest ally from becoming our greatest enemy.
  • 10/9/2018 - The Other Cyber Skills Gap: Educating Tomorrow’s CISOs While the cyber skills gap discussion has focused on educating the next generation to fill critical practitioner-level roles in cyber defense, few talk about how education will play a significant role in helping the current generation to take their place in that future fight as senior security executives at the board and briefing room tables.
  • 10/4/2018 - Experts Speak Out: Managing Digital Risk During NCSAM – and Beyond In today’s threat landscape, risk is everywhere. See what tips and best practices top industry experts share for protecting yourself, your family and your organization from fraud or a cyberattack.
  • 10/1/2018 - Practice Cybersecurity Every Day, Not Just October After a year of several high-profile attacks, remember that demonstrating good cyber hygiene should be done year-round, not just during National Cybersecurity Awareness Month.
  • 8/27/2018 - RSA and NIST Partner to Reduce E-Commerce Fraud Risk In partnership with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST), RSA and other industry leaders have partnered to develop a framework to help retailers reduce the risk of online fraudulent purchases. Learn more about the recommendations for multi-factor authentication and how your organization can provide public feedback.
  • 8/21/2018 - Ready or Not, Here Comes the Next Big Digital Attack The recent ATM hack that netted cybercriminals $13.5 million from a bank in India happened just days after the FBI warned it was coming. Consider this the latest reminder about the importance of being ready for attacks before they happen, not after they’re already imminent.
  • 8/17/2018 - Leave the Stone Age (and Spreadsheet) Behind People have been using spreadsheets for all sorts of applications, regardless of whether they were appropriate or not. Including using them for risk management. At the RSA Archer Summit 2018 this week, a mention of replacing spreadsheets by product manager Emily Shipman got some cheers from the audience.
  • 8/8/2018 - Digital Transformation, Opportunity and Risk: How Will You Manage? There’s a lot to like about digital transformation and the opportunity it creates, but there’s also a lot to lose, if you don’t manage the risk it brings. Today, digital risk extends to every part of the organization, and you need a well-constructed risk framework to manage it. Here’s what you should know—and do—if you want to come out ahead.
  • 8/1/2018 - New Ways to Manage Digital Risk Read why adaptive authentication and SIEM are essential tools to better detect changes in user behavior – fundamental to digital risk management.
  • 7/19/2018 - GDPR and Data Governance: Take Advantage The EU GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management – not just protecting personal data. Take advantage of the connection between GDPR and Data Governance to evolve your digital risk management strategy.
  • 7/12/2018 - Evolving the Way Businesses Work in a Post-GDPR World The EU GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management – not just protecting personal data. Take this opportunity to evolve your digital risk management strategy.
  • 6/28/2018 - Rallying the Troops for GDPR The EU GDPR continues to drive organizations to change their processes. No where is this more apparent than in the risk assessment piece. It’s a new risk-based approach.
  • 6/13/2018 - RSA's CTO: Bullish on Security, Bearish on Blockchain RSA Chief Technology officer discusses the practical applications of blockchain. Find out more about the distributed ledger technology’s potential and limitations.
  • 6/7/2018 - Making Sense of Tomorrow’s Cybersecurity Trends RSA and Secureworks Chief Technology Officers, Dr. Zulfikar Ramzan and Jon Ramsey, discuss next-gen technologies and how taking a risk-based approach is critical as businesses face an evolving threat landscape.
  • 6/5/2018 - What Are My Options? Session Encryption Protocols Looking Forward TLSv1.3 is a game changer for some enterprises and data centers, what if I can’t switch to end-to-end and need a transition phase or alternate solution? This provides some options as well as some possibilities for design and development work *if* there is motivation from industry.
  • 6/4/2018 - They Are Looking At WHAT? Service Provider Monitoring At the start of an adoption curve there is much apprehension. This is true of TLSv1.3 and those managing enterprise networks and data centers. The IETF working group spent much time listening to operators and their concerns in order to better address and improve adoption.
  • 5/31/2018 - Network Monitoring is Dead… What Now? TLS, QUIC and Beyond Recent conference discussions revealed much about what is top-of-mind for decision makers as they look towards session encryption and when and where to adopt TLSv1.3.
  • 5/24/2018 - Unintended Consequences as Marketing and New Data Privacy Regulations Collide Marketing leaders must anticipate the unintended consequences of data privacy regulations as they may be highly disruptive and potentially stall your program execution. Learn more about these consequences on the eve of the latest in data privacy regulation.
  • 5/21/2018 - Secure Payments of the Future Protecting the safety and integrity of the U.S. payment system is a top priority and the responsibility of all stakeholders in the payments industry. Learn more about how the Secure Payments Task Force is enabling stronger, safer payments and the challenges and opportunities that come with a secure payments infrastructure.
  • 5/18/2018 - Yanny or Laurel? Integrated Risk Management or GRC? The debate rages on – Yanny or Laurel? Which do you hear? This isn’t the only dispute blistering across media. While not featured on Ellen or The Today Show, risk management has its own version of Yanny and Laurel.
  • 4/23/2018 - Cybersecurity Silver Linings Cybersecurity must pay attention not just to the technology of defense, but the psychology of defense. The spirit of the defender matters as much as the shield she or he wields. For years we have motivated ourselves by the fear of what happens if we fail. Lets inspire ourselves with the glory of what we enable when we are successful.
  • 4/16/2018 - "Pain and Progress" in Managing Digital Risk Recently, RSA® commissioned the Cybersecurity and Business Risk Survey, executed by Enterprise Strategy Group (ESG), to learn more about the challenges and priorities of IT security and business risk professionals. “Pain and Progress: The RSA Cybersecurity and Business Risk Study” provides a glimpse into the minds of security and risk leaders.
  • 4/10/2018 - Here’s to FIDO Alliance: In Praise of Authentication Protocols How many types of authentication are enough? The simple answer is: as many as the organization needs to be sure users really are who they say they are. That’s what the relationship between RSA and the FIDO Alliance is all about.
  • 4/5/2018 - How RSA’s Acquisition of Fortscale Acts as a Force Multiplier for the SOC and IAM Teams For years, the industry has thought of the SOC and IAM as separate teams and capabilities, but they’re really two sides of the same coin. RSA’s acquisition of Fortscale enables customers to leverage UEBA capabilities as a force multiplier for both disciplines.
  • 3/1/2018 - Cybercrime Operations: Where Will Fraudsters Go Next? The recent takedowns of several major underground marketplaces have forced fraudsters to move their cybercriminal operations to new platforms. Some newly favored options include social media platforms, websites hosted on the blockchain, and perhaps even your refrigerator.
  • 2/27/2018 - What’s It Take To Be Tomorrow’s CISO? A new Security for Business Innovation Council (SBIC) report explores both the incremental and transformational skills required for current and future CISO success. Learn which fundamental technology and security capabilities matter most and which unexpected skills CISOs will need to acquire to drive business success.
  • 2/26/2018 - Bridging the Gap of Grief with Business-Driven Security A lack of coordination and alignment between security and business risk can cause a “Gap of Grief.” The solution is to combine visibility, insight, response and context to put security details into business context and protect what matters most. This white paper details the RSA® Business-Driven Security approach supporting the convergence of security and risk in the enterprise and elsewhere.
  • 2/15/2018 - Take The GDPR Benchmark Survey The Forrester GDPR Benchmark Survey, a companion piece to the Forrester leadership paper reporting on the survey results of U.S. and EU organizations GDPR readiness, is now available. The Forrester GDPR Benchmark Survey tool lets you know where you stand with your GDPR approach.
  • 2/15/2018 - Account Takeover Surge Results from Mass Data Breaches and Phishing Account takeover attacks are increasing due to mass data breaches and phishing attacks which have exposed billions of usernames, email addresses and passwords. Learn more about this growing threat and why automated attacks are so difficult to spot.
  • 2/6/2018 - EU GDPR Readiness Study Forrester Consulting conducted a recent study of the readiness of organizations in Europe and the United States to comply with the EU General Data Protection Regulation (GDPR). Based on the results of a large survey in both regions, Forrester provides details, not only about the level of readiness, but the steps organizations are taking to ready themselves.
  • 1/30/2018 - Financial Fraud in the Digital Banking Age Banking-as-a-service will allow customers to transact with their financial institution more often and from more channels. This is expected to drive significant challenges as it pertains to fraud management. Hear how financial institutions can embrace the changes and what the role of trusted identity might look like in the future.
  • 1/26/2018 - If You Collect It – You Must Protect It National data privacy day reminds us how important it is to be empowered to take ownership to protect our privacy, control our digital footprints and advocate for the protection of privacy and data.
  • 12/11/2017 - 3 Ways Proximity Authentication Is Revolutionizing Access Proximity authentication for Microsoft Windows Hello protects access at the first stop a user makes on the way to a multitude of resources: the desktop. It’s a major step toward eliminating the need for passwords, making multi-factor authentication more consumable and, ultimately, enabling continuous authentication wherever users go.
  • 11/30/2017 - Are You a Regulation Rebel or a Regulation Realist? In a new report by the Security for Business Innovation Council (SBIC), security executives and thought leaders from Global 1000 enterprises share advice for organizations looking to minimize the burden of legislation that may impact their security postures, as well as offer three strategies to handle what’s ahead in the security landscape.
  • 11/29/2017 - Firewall Meets MFA: Secure Access at the Network Level You can count on your next-generation firewall to protect your network against attacks. But when intruders come with seemingly legitimate credentials, a firewall alone can’t keep them out. For that, you need multi-factor authentication (MFA)—and an easy way to integrate it with the firewall.
  • 11/27/2017 - 2018 Cybercriminal Shopping List When you hear that another organization has been hit by a data breach, your first reaction might be relief it wasn’t yours. But the credentials stolen during that breach could be used to target your organization with account takeover and new account fraud. Here is what you can do to protect your customers.
  • 11/15/2017 - Ready, Set, Shop: Practical Tips To Avoid Cyber Monday Fraud Holiday shopping season brings great opportunities for revenue growth, but it also brings great risks of chargebacks, fraud losses and brand damage. Consider these simple tips to help your organization minimize those risks.
  • 11/15/2017 - Translate Consumer Authentication into Happy Customers and Increased Revenue Consumer authentication can be so much more than a simple check of the box on your next compliance audit. Learn how risk-based authentication actually increased revenue by 20% through improved customer experience, increased transactions, and reduced fraud losses.
  • 11/13/2017 - 3D Secure 2.0: An Outlook on Merchant Adoption 3-D Secure 2.0 promises to eliminate many of the customer experience issues that plagued early implementations and deliver better fraud detection through rich data collection. But are merchants ready for adoption?
  • 10/31/2017 - Reflections on Risk Management from RSA Charge 2017 RSA Charge – the premier RSA customer event – gives us a broad perspective across today’s risk, security and compliance programs. I share some random thoughts from a week of immersion into this broad and deep pool of amazing, talented professionals.
  • 10/26/2017 - Roca: Blaming Infineon Is the Easy Way Out ROCA isn’t about a weakness in the RSA® algorithm, nor is it about Infineon’s implementation of the algorithm. The problem lies within the method Infineon used to generate the prime numbers for key material.
  • 10/19/2017 - Fitting Privacy into Your Risk Management Program While Privacy is one key risk to be managed, some organizations may view Privacy and Risk Management as separate programs. Integrating these strategies can result in efficiencies and added-value.
  • 10/19/2017 - Yin and Yang: Two Views on IAM - IT-Based and Business-Driven IAM projects are among the most visible IT initiatives, but what’s the best approach to take? RSA identity experts review two different approaches to your next IAM project: IT-based and business-driven.
  • 10/12/2017 - Yin and Yang: Two Views on IAM - Success with Roles Role-based access is supposed to make access request and approval easier, simplify provisioning, and improve governance and auditing. But, are roles necessary and when is the best time to implement them?
  • 10/2/2017 - Mind Blowing Cost of Cybercrime Every 60 Minutes While the security industry strives to bring attention to cyber threats, there remains a lingering question: what is the financial impact? Combining RSA’s real world daily insight into fraud and cybercrime events, as well as some of the top sources in the industry, we have created a new tool to answer these questions.
  • 9/22/2017 - Making Access More Secure and More Convenient with Facial Recognition Flexible authentication is one of the keys to successful identity assurance. With its careful balance of high security and low friction for users, facial recognition technology seems poised to become an important component in any program of flexible authentication.
  • 9/19/2017 - Top 5 Authentication Trends in 2017 The increased popularity of enterprise mobile applications only heightens the need for a consumer-simple experience—one that provides access control commensurate with the risk of a given transaction. MFA, SSO, authentication standards, biometrics and smartphones will each continue to play a role as the market moves toward risk-aware authentication.
  • 9/18/2017 - In the Wake of Recent Breach It’s Time to Revisit Your Fraud Strategy In light of the recent mega breach, where over 143 million U.S. citizens were impacted, it is critical for organizations to pause for a moment and reflect on critical steps they must immediately focus on to align information security and fraud strategies to mitigate risk.
  • 9/12/2017 - Yin and Yang: Two Views on IAM - Security vs. Convenience Debate: When looking at the identity risk vector and the constant attack level capabilities advancing every day, it may be time that we strike a balance more towards caution than convenience. Or do we find ways to balance security and convenience by leveraging risk and context to eliminate the friction that added security can create?
  • 9/12/2017 - 7 Steps to a GRC Risk Management Framework-7: Provide Visibility This last step in the process involves providing visibility into and reporting on risk. Remember, in creating the framework, you’re examining business processes and outcomes that can introduce risk to the organization. For business leaders to make informed decisions to manage that risk, they need easily visualized, timely information about it.
  • 9/5/2017 - 7 Steps to a GRC Risk Management Framework – 6: Enterprise Risks & Controls Enterprise-wide documentation is a vital step because if you want to exert control over activities that create risk—such as unauthorized persons accessing information categorized as important and at risk—you have to be able to identify those activities. And documenting information-related business processes is how you do that.
  • 8/31/2017 - TLS Security and Data Center Monitoring: Searching for a Path Forward Protocols are evolving to meet the demands of the future. We must continue to strengthen the security of these protocols to keep pace with the threat landscape. As such, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet.
  • 8/29/2017 - 7 Steps to a GRC Risk Management Framework-5: Residual Risk Of the many challenges managing information risk, perhaps the greatest is knowing where to focus risk management resources. If you don’t have a clear understanding of the risk associated with the information in your organization, you may end up misdirecting scarce resources.
  • 8/22/2017 - 7 Steps to a GRC Risk Management Framework-4: Evaluate Risk Treatments Continuing our journey through the seven steps to build a risk management framework for information leads us to evaluating the risk treatments available to you. In evaluating risk treatments, as in the previous steps, documentation is key.
  • 8/15/2017 - 7 Steps to a GRC Risk Management Framework-3: Assess Risk We’ve talked in this space about the seven steps to building a risk management framework for information, starting with identifying information to protect and determining the characteristics of that information. In step three we assess the inherent risk associated with the information.
  • 8/14/2017 - Demystifying the Black Box of Machine Learning Nowadays, it is common to use machine learning to detect online fraud. In fact, machine learning is everywhere. Due to its independent nature and human-like intelligence qualities, machine learning does, at times, seem like an inexplicable “black box.” But truth be told, machine learning doesn’t have to be like that. Here is what you should know if you decide to give “computers the ability to learn without being explicitly programmed.”
  • 8/9/2017 - Skills Shortage: The Intelligent Application of Force Multipliers Many organizations struggle to staff and maintain security operation teams due to a serious shortage of skilled security analysts. The struggle isn’t just about filling open roles; it is equally hard to drive the needed productivity of the resources already in house to make sure the alert that matters doesn’t go unnoticed.
  • 8/8/2017 - 7 Steps to a GRC Risk Management Framework-2: Locate Data In our first post on the seven steps to building a GRC-based risk management framework for information, we talked about step 1: identifying information that is important enough to warrant protection. Once you’ve identified information important enough to be protected, within its business context, you can move on to determining whether you actually have any...
  • 8/1/2017 - 7 Steps to a GRC Risk Management Framework-1: Identify Information Managing information risk can be a paralyzing challenge, given the amount of data and information that comes pouring in daily. It’s hard to know what information needs to be protected, let alone the most effective way to do it. RSA has developed a practical seven-step methodology for building a risk management framework for information. Derived...
  • 7/25/2017 - Don't Miss RSA at Black Hat USA 2017 Wondering where you’ll find RSA at Black Hat? Where won’t you find RSA is more like it. In addition to hosting our Business Hall booth, where we’ll be showcasing the latest version of RSA NetWitness® Suite, you’ll find us in the Black Hat Network Operations Center (NOC), as well as in speaking sessions on some...
  • 7/24/2017 - Swinging for the Fences Did you know only approximately one in 200, or about 0.5%, of high school senior boys playing interscholastic baseball will eventually be drafted by an MLB team?  That includes all levels of professional baseball.  Only a small percentage of players drafted actually make it to the Major Leagues.   The competition to make it to the...
  • 7/18/2017 - Threat Hunting and the Cloud - A Dynamic Tension In the 1920s, fitness innovator Charles Atlas developed and introduced the Dynamic Tension exercise method. The essence of Dynamic Tension is that it pits muscle against muscle, with a workout intensifying proportionally for both muscles as force increases. As generations of comic book fans have learned since, nobody kicked sand in Charles Atlas’s face after...
  • 7/17/2017 - Nip Those Incidents in the Bud! I’m dating myself here, but I used to love to watch the Andy Griffith Show. I liked Andy’s calm demeanor as he tried to raise little Opie. Barney Fife was his neurotic sidekick. I enjoyed this exchange between the two of them as they discussed raising kids: Barney Fife: Well, today’s eight-year-olds are tomorrow’s teenagers....
  • 7/10/2017 - The Myth of the Easy Button Approach to Information Security By: Wes Riley and Erik Heuser In twenty plus years navigating the complexities of the information security (InfoSec) industry a common theme emerges: the fascination with creating the digital panacea, or Easy Button. Marketing departments highlight their product in the best light possible and tell you it will solve all your InfoSec headaches. Years of...
  • 6/27/2017 - Yin and Yang: Two Views on IAM - Global Risk Standards or States & Nations Policies By Steve Mowll and Chris Williams POINT: Chris Williams – Advisory Architect, RSA Identity In our last blog, I stated the following about why we most commonly engage in security practices. And these two items were represented: We embrace identity projects because we need to satisfy compulsory mandates. We need to provide competitive protective services...
  • 6/20/2017 - Protecting PingFederate Users with RSA SecurID Access It’s 10 o’clock. Do you know where your users are? Believe it or not, there was once a time when this question was easy to answer. If “Steve” was logged into the corporate network, there was a very high-level of certainty you would find him sitting in his cube, on the 4th floor of building...
  • 6/19/2017 - Protecting VMware Workspace ONE Users with RSA SecurID Access While 1999 brought us the Breitling Orbiter 3, Warner Bros. sci-fi thriller “The Matrix,” and Britney Spears mega-hit “Baby One More Time,” it was also a banner year in cybersecurity. During the last twelve months of the millennium, we witnessed the advent of Microsoft’s Windows 98 release, the arrival of the American Express “Blue” card...
  • 6/13/2017 - Yin and Yang: Two Views on IAM - Active Directory Automation, Success or Failure? By Steve Mowll and Chris Williams Point: Effective identity management strategies are business-based, and should rise above technical limitations. Steve Mowll, Identity Architect, RSA True point, but in order to have effective strategies, they must be directed towards a desired outcome. Let’s take a look at this idea using Active Directory (AD) projects as an...
  • 6/12/2017 - Completing the Puzzle In a previous blog I reviewed the real world pay back for being a risk leader.  Let’s say your company gets it, they know that good risk management increases the likelihood objectives will be fulfilled and profits improved, and now you’ve been given the assignment to start the risk management program to make your organization a...
  • 6/7/2017 - Defining Your Cyber Risk Appetite When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to...