Opinion: RSA - Maximising customer harm
When news of the major RSA breach broke about two months ago I complained that the company was not being all that upfront in telling customers what the breach might mean to them.
When news of the major RSA breach broke about two months ago I complained that the company was not being all that upfront in telling customers what the breach might mean to them.
Apple, Microsoft, Google and others are givens for being among the top newsmakers of 2011. Others will no doubt surprise us as we go along.
EMC today announced it has acquired NetWitness, which makes the NextGen visibility monitoring system to detect electronic threats and malware-based attacks. EMC says NetWitness will operate as part of RSA.
Industry rumor is building this week that RSA, the <a href="http://www.networkworld.com/topics/security.html">security</a> division of EMC, is poised to acquire NetWitness, a privately-held company whose flagship product is used by U.S. government agencies and in the enterprise to detect and analyze security threats.
Does the RSA SecurID two-token authentication system include a back door that was built in at the request of the U.S. government in exchange for letting RSA export SecurID?
Just a few years ago, the media was publishing daily stories about website defacements or even bank theft. How I wish for those halcyon days. Now APT (advanced persistent threat) attacks are grabbing media attention on a near-weekly basis -- and IT security teams must take heed and prepare.
The APT attackers are not stealing money or passwords, even when they break into banks. They are stealing information. In a nutshell, APT attackers aim to take all valuable intellectual property from the victim and transfer it to their home safe harbor country, either to use for competitive advantage or for profit.
Equal-opportunity threat
IDC has posted a set of essential guidance following the disclosure by EMC/RSA of a breach to their core SecurID system. You can find the guidance at the following URL.
RSA's revelation that its network had been breached and information relating to its SecurID one-time password technology stolen has left customers and industry experts with more questions than answers.
With the theft of sensitive data about RSA's SecurID technology, large businesses should reassess the risks to the assets the two-factor authentication deployment is supposed to protect, a risk management expert advises.
The annual RSA Conference, <a href="http://www.networkworld.com/news/2011/020311-rsa.html?hpg1=bn">now in its 20th year</a>, will be rocking this month as the <a href="http://www.networkworld.com/topics/security.html">security</a> industry gathers in the weeklong extravaganza of product introductions and security experts arguing cloud and mobile computing security issues.
This marks the 20th year since the first <a href="http://www.networkworld.com/community/blog/attention-rsa-conference-lets-not-dwell-cloud">RSA Conference</a>, an annual meeting that has witnessed major technology shifts, aired significant controversies and undergone a name change on its way to becoming the largest <a href="http://www.networkworld.com/topics/security.html">security</a> conference in the world.
IT security practitioners typically greet vendor-based studies with scepticism because they come off as a sales pitch for whatever products that vendor sells. People become especially leery when a study leads to the predicted death of a particular security tool. But when looked at cumulatively, such studies offer small snapshots of why companies are making certain security decisions.
Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth's online driving exam scheduling system.
EMC, Intel and VMware are joining forces to improve security and regulatory compliance in cloud computing with a proof of concept to be demonstrated at this week's RSA Conference in San Francisco.
At this year's RSA Conference earlier this month, there were fewer sessions and displays devoted to NAC than at previous conferences, but interest in the technology still seemed to run high among 2008 attendees.