Realizing all the Promises of Mobility

The SBIC has produced a new report that is mobile centric called “Realizing the Mobile Enterprise.”  The council builds on data.  In this case, it builds on a fascinating series of online polls that show a rapid litmus-like test of the mobile landscape and, in particular, the degree to which “the enterprise” (an interesting notion…

The Big Data Security Analytics Era Is Here

By Matthew Gardiner, Senior Manager, RSA Security Management & Compliance My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity.  In the paper Jon…

The “Switch Target” Part I – Why Me?

By Peter M. Tran, Senior Director, RSA Advanced Cyber Defense Practice  Conventional computer network defense (CND) concepts in the past 10 + years introduced practices such as adversary “beach head, pivot point, lateral traversal, command/control” analysis for passive cyber defense. If I don’t see it on my network, then I must not be a target…

Next Generation Security Operations: Telescopes for the Lookouts

In my previous blog, I introduced the idea that the concepts around security incident response need to evolve based on the threat landscape facing organizations.   The first step in heading towards this next generation of security operations is improving the visibility into what is going on with the technical infrastructure.   I used the analogy of…

Analysis Techniques: Finding Targeted Attacks Using Antivirus Logs

By Tom Chmielarski, Practice Lead – RSA Advanced Cyber Defense Practice (Americas) The RSA Advanced Cyber Defense team is focused on helping organizations improve their proactive and reactive capabilities. There are many different analysis techniques, or tricks, to finding various types of bad things in IT data and today I’m going to address an antivirus analysis technique…

The next marketing buzzword in security is…

“Whatever you put out I’m gonna buy it, so what’s your latest? I wanna try it” From “I’m a sucker for your marketing” by Sarah Jaffe   Every year we seem to have a new buzz term in security.  As someone who lives in the security product marketing world I’ve seen trends come and go.…

New name, Same Game: Red October and the Question of Attribution

Earlier this month, Kaspersky Labs announced the discovery of a new style of cyber espionage campaign.  Research on this threat campaign began in October of 2012 according Kaspersksy’s whitepaper.    I’m not convinced that it is entirely new but let’s press on and see what the boys there have to say.  The researchers there began their…

Disruptive technologies breaking down our doors in 2013

RSA recently launched its latest SBIC report titled ‘Information Security Shake-up – Disruptive Innovations to test Security’s Mettle in 2013’. It introduces some interesting food for thought on what organizations should have on their ‘to do ‘list for 2013. Four key innovations are highlighted which shouldn’t come as a big surprise to anyone, I think…

Secure Crypto: Cluster Cracker

At a recent conference, Passwords^12, Jeremi M Gosney the Founder & CEO of Stricture Consulting Group, presented his latest password cracking project. Jeremi combined 25 AMD Radeon GPUs, across eighteen cards, and across five servers in a cluster. This beast he created has the ability to make nearly 350 billion (yes, that’s 350 million million!)…

Laser Precision Phishing — Are You on the Bouncer’s List Today?

By Limor S Kessem, Cybercrime and Online Fraud Communications Specialist, RSA As we close out 2012, it’s safe to say that phishing has had yet another record year in attack volumes. The total number of phishing attacks launched in 2012 was 59% higher than the total calculated for 2011, up from 279,580 attacks to 445,004,…