Blog, Page 2

Risk Is a Reality, Make Sure Rewards are Too

Return on investment. Total cost of ownership. Productivity gains. Payback period? What am I – a financial wizard or a risk professional? If you are in the risk management profession today, you have to be both. Being a top notch security guru that can navigate SQL injection code or rattle off the NIST 800-53 control…

YIN AND YANG: TWO VIEWS ON IAM – NATURE OR NURTURE

By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris…

SuperCMD RAT

On April 8th, an interesting DLL was uploaded from Canada to VirusTotal. What makes it interesting is that the detections on VirusTotal are mostly heuristics and do not settle on a single family. The malware is also configured to beacon to an RFC1918 internal IP address, however, the name 816db8a1916201309d2a24b4a745305b.virus indicates it was picked up…

Six Keys to Successful Identity Assurance – Consistent Experience

In previous blog posts in this series, we talked about many ways to intelligently determine the right level of assurance for users gaining access to specific resources. While much of the goal is to minimize interruptions in the user experiences for authentication, there are many times when the user needs to interact in some way…

RSA Identity Governance and Lifecycle: An Executive View from KuppingerCole

When one of the leading independent analyst organizations in the identity space weighs in favorably on your approach to identity governance, that’s news worth sharing. In the KuppingerCole Report “Executive View: RSA® Identity Governance and Lifecycle,” analyst John Tolbert gets at the heart of RSA’s belief in the effectiveness of an integrated, comprehensive, end-to-end approach:…

Chasing the Rabbit: Cybersecurity Through the Camera Lens

Azeem Aleem and Dave Gray Nothing will work if you are not serious about it – Sam Abell This blog is intended to take a different perspective (pun intended) of how we view our security platforms and how to go about rationalizing our Business-Driven Security™ decisions about cyber threats and mitigation strategies. It all comes…

Six Keys to Successful Identity Assurance – Broader Ecosystem

Earlier in this blog series, we discussed anomaly detection and machine learning focusing primarily on examples that included information you could expect to be available from the system that provides your identity assurance. It’s likely, however, that there is much more data that can be leveraged for making system access decisions in your current IT…

Is the cyberworld doomed to be unsafe forever?

Before seeking an answer, let’s question the question. I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great…

GET TO THE CHOPPAH

A new variant of this tool, previously reported in 2013 by TrendLabs, was submitted to VirusTotal from the Philippines on March 27th, 2017. Its original filename, 2017.exe, was prescient since it has the ability to exploit CVE-2017-5638 and other previous Apache STRUTS vulnerabilities. File Details File Name: 2017.exe File Size: 107008 bytes MD5:        …

Yin and Yang: Two Views on IAM – HR vs Identity Management

By Steve Mowll and Chris Williams POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data! Steve Mowll, Systems Engineer, RSA Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is…