Speaking of Security - The RSA Blog and Podcast » Sam Curry

Adaptive IAM: On the Front Lines of Cyber Security

Sam Curry — Mon, 13 May 2013 13:00:43 +0000

Like most technologies, Identity and Access Management (IAM) has been challenged by new business and IT trends that are causing serious disruptions in how we approach information security. The exponential growth of digital identities coupled with the increasing use of software as a service and mobile and cloud platforms have made the traditional perimeter all but disappear. As a result, legacy IAM tools that have been a security mainstay for decades are simply failing to keep up.

The post Adaptive IAM: On the Front Lines of Cyber Security appeared first on Speaking of Security - The RSA Blog and Podcast.

Transforming Identity Assurance Through Risk-Based Authentication

Sam Curry — Mon, 04 Mar 2013 17:54:32 +0000

Risk-based authentication is one of the simplest security technologies to understand while at the same time being one of the most intelligent and adaptable. The concept of risk-based authentication is very similar to the risk decisions we make in our daily life – from how we drive our car to where we invest our money.

The post Transforming Identity Assurance Through Risk-Based Authentication appeared first on Speaking of Security - The RSA Blog and Podcast.

Realizing all the Promises of Mobility

Sam Curry — Thu, 31 Jan 2013 14:00:54 +0000

The SBIC has produced a new report that is mobile centric called “Realizing the Mobile Enterprise.” The council builds on data. In this case, it builds on a fascinating series of online polls that show a rapid litmus-like test of the mobile landscape and, in particular, the degree to which “the enterprise” (an interesting notion...

The post Realizing all the Promises of Mobility appeared first on Speaking of Security - The RSA Blog and Podcast.

Security and Big Data: a match made in Heaven

Sam Curry — Tue, 30 Oct 2012 16:27:25 +0000

Big Data in security happens when you get the mathematicians to find patterns in data and then true that up with the security experts and then turn that into a meaningful set of tools and then set about improving it. The tools, from analysis and predictive tools to machine learning and response tools have to become intuitive and transparent to end users: as I've said before in a few places we have to focus on the task and not on the tools themselves. We need to be able to jump from the findings of a tool to another tool without stopping to think about interoperability and without a cool off period that winds up doing nothing but cooling our passion when pursuing the bad guy through a network.

The post Security and Big Data: a match made in Heaven appeared first on Speaking of Security - The RSA Blog and Podcast.

Adapt or Die: Even Passwords Can Get Tougher

Sam Curry — Tue, 09 Oct 2012 07:58:35 +0000

We can reinforce them with other form factors and can use multi-factor authentication in many places, but we have passwords all over the place and that is basically not going to change for the foreseeable future. Something must be done to beef up the security of passwords in general (and of other credentials) to force the bad guys to ever greater costs and difficulty (and lower likelihood of success), and that is the spirit behind RSA's announcement today of RSA Distributed Credential Protection. But before diving into that, let's talk about the landscape and the problem scope.

The post Adapt or Die: Even Passwords Can Get Tougher appeared first on Speaking of Security - The RSA Blog and Podcast.

The Advent of Adaptive IAM: Security in Motion

Sam Curry — Wed, 12 Sep 2012 13:00:25 +0000

“Opportunities multiply as they are seized” -Sun T’zu, the Art of War “It is difficult to understand the universe if you only study one planet” -Miyamoto Musashi, Book of Five Rings Go Rin No Sho, Source RSA announced today a new solution to help customers ensure trusted identity and access management across enterprise and...

The post The Advent of Adaptive IAM: Security in Motion appeared first on Speaking of Security - The RSA Blog and Podcast.

This Too Shall Pass

Sam Curry — Tue, 28 Aug 2012 15:59:48 +0000

As I’ve said before, the best practical measure of security that I can think of is “cost-to-break.” It’s a good reflection of the relative difficulty that someone has to go through to overcome a particular measure or control. It also helps to deal in “currency” as a consistent unit (for a given economy) for a lot of modeling purposes, and of course you can even factor in things like “windows” of opportunity and risk with a financial-model for defining security.

The post This Too Shall Pass appeared first on Speaking of Security - The RSA Blog and Podcast.

Brevity is the Soul of Wit – a Security Haiku

Sam Curry — Thu, 16 Aug 2012 16:30:09 +0000

A friend of mine is giving a security address and has 5 minutes to talk about “Security and the Cloud.” I tried this once for a partner of mine’s customer dinner…and I was awful at it. In my defense, I had the same subject and only 3 minutes.

The post Brevity is the Soul of Wit – a Security Haiku appeared first on Speaking of Security - The RSA Blog and Podcast.

Call to Arms: it’s time to make multi-factor authentication commonplace

Sam Curry — Fri, 10 Aug 2012 16:30:12 +0000

If you are a criminal, rogue state, rebellious activist organization or “non-state actor”1 and aren’t hacking, then you are stupid and destined for obscurity. The risk (:) reward ratio for “going cyber” is simply too big to ignore2. The attack on Wired writer Mat Honan is just one instance of the trend to progressively more-and-more motion by the chaotic and misdirected actors in our civilization to the Internet. If you haven’t read it, then read it now; and then look at your accounts and services and demand more. More authentication3. It’s time for multi-factor authentication to become the new normal.

The post Call to Arms: it’s time to make multi-factor authentication commonplace appeared first on Speaking of Security - The RSA Blog and Podcast.

Malware…there’s an app for that!

Sam Curry — Wed, 25 Jul 2012 13:05:14 +0000

As with the advent of Spyware and Adware, the world of Malware has grown in new directions. While viruses and worms abound and are becoming increasingly (even exponentially) more common, we are still dealing with the personal, social and corporate implications of "Greyware"…and it's exploding in an entirely new area around the exciting and largely wide-open world of mobile devices and services.

The post Malware…there’s an app for that! appeared first on Speaking of Security - The RSA Blog and Podcast.