Time to Change the Game Plan on DLP

I was at a customer event recently and was party to a discussion on the ‘disappointment’ or disillusionment in deploying Data Loss Prevention and comments like ‘well, it just doesn’t do what it’s supposed to do’ or ‘it’s too tricky to deploy’. Well, the truth is DLP technology is not something that comes off the…

Living Under Watchful Eyes as a Fraudster

The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached. It can be said because Global Payments isn’t the first one to be breached, either. Other processors – large processors – have already…

Be Secure, Be Confident in the Cloud

Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads. image credit: videocentric.co.uk The Intel TXT (Trusted Execution Technology) concept has been talked about for a few years…

Man-in-the-Middle For Hire

By Limor S Kessem, Cybercrime and Online Fraud Communications Specialist, RSA Discussion and buzz about the burgeoning Fraud-as-a-Service (FaaS) trend in the cybercrime economy is as constant and as progressive as it gets. New FaaS offerings are only limited to the imagination of the dubious actors who offer them, and as such, are often creative…

Time to Push the Reset Button?

By Rob Sadowski – RSA Director, Marketing, Payment Solutions Payment security is back in the public eye with the recent disclosure of a cardholder data breach at a leading US payment processor. While initial reaction to this latest incident has been unfortunately predictable, characterized by plenty of uninformed speculation, outrage, and a general lack of…

EU Data Privacy Regulations – Are Modern Security Approaches Legally Permissible?

By Matthew Gardiner, Sr. Manager, RSA In a previous blog I introduced the idea that SOC analysts need to be the IT security “eyes and ears” for their entire enterprise, no matter how large or global the enterprise.  Implied in this is the assumption that the analysts can actually use their digital “eyes and ears”…

Gone Phishing and Mining! Phishers leverage Web Analytics to Refine Attacks

By Mor Ahuvia, RSA FraudAction Research Lab Phishers, botmasters and underground vendors are increasingly adapting business models and tools for their nefarious ventures. Botmasters are creating and selling blacklists to ward off research and shutdown attempts by infosec experts and law enforcement. Underground vendors transact with buyers using in-house or publicly available escrow services, and…

Trusting Your Crowd Sources

Earlier this week I was at the MIT Media Lab for a meeting with my colleagues in EMC technical leadership. While there, we took a tour of the Media Lab, including talking with a couple of grad students and professors. One the projects we were introduced to is called Place Pulse, “a website that allows…

By Hook and by Crook – Citadel Trojan Isolates Bots from AV and Security

The Citadel Trojan was first introduced for sale to cybercriminals in the Russian-speaking underground in February 2012. The Trojan, which was initially based on the Zeus Trojan’s exposed source code, is already at its second upgrade release, version 1.3.3.0, which was shared with its customer-base on March 15th. One of the features included in the…

SOC Analysts: The IT Security Eyes and Ears of their Organizations

By Matthew Gardiner, Sr. Manager, RSA In my previous blog, The Future of the SIEM and the SOC, I argued that SIEMs are changing to meet the evolving security needs of Security Operations Centers (SOCs).  Advanced Persistent Threats (APTs) in particular are really pushing SOCs to step up their defensive game.  The ever repeating cycle…