Speaking of Security – The RSA Blog and Podcast

The level and sophistication of advanced threats is a constantly moving target pitting the advantages of smart and patient attackers against security teams that often times can’t possibly know what to look for when an attacker employs specialized techniques and tools designed to cloak their movements. What happens when an attacker doesn’t have to rely on malware to infiltrate their target or when an attacker is able to successfully blend in like a legitimate insider? In this edition of the Speaking of Security Podcast, Tom Chmielarski, Practice Lead in RSA’s Advanced Cyber Defense Services shares some of the attack techniques he’s seen used in real breach cases, along with best practices used in the detection and defense of these advanced attacks.

• 

I have written about the mobile based threats, specifically mobile app-based threats before and I am writing again, because I want to highlight a couple of proof points that we have seen in the last couple of months.

• 

As I mentioned in an earlier blog, RSA is transitioning the PKCS #11 standards effort into OASIS. The call for participation for the new OASIS PKCS 11 Technical Committee has now officially gone out from OASIS leadership, describing the process for joining the TC. The new public page for the PKCS 11 TC provides information [...]

• 

RSA recently launched its latest SBIC report titled ‘Information Security Shake-up – Disruptive Innovations to test Security’s Mettle in 2013’. It introduces some interesting food for thought on what organizations should have on their ‘to do ‘list for 2013. Four key innovations are highlighted which shouldn’t come as a big surprise to anyone, I think we have all been addressing some of these in the last year but it’s time to hunker down and really start focusing on these four key innovations which will test the true grit of our security systems.

• 

All of these recommendations will require an enterprise to truly understand the nature of their BYOD estate. I fear a lot of organizations are under so much time pressure that BYOD has been implemented by stealth and not as part of the overall Security program. But the quicker you can gain control of the reigns puts you in a much stronger position to implement a comprehensive BYOD program.

• 

We are seeing a fundamental shift in the way IT is consumed, and subsequently secured, and it’s mostly driven by mobile. The recent SBIC report, “Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices,” highlights these shifts. There are a number of trends around mobility that make it a distinctly different and new security challenge to consider

• 

At RSA Conference Europe recently, the latest report from the Security for Business Innovation Council was launched entitled ‘Realizing the Mobile Enterprise’. It is really about balancing the risk and rewards for mobile devices and incorporating them in the overall enterprise Security strategy. BYOD is not a new concept and most organizations today have some [...]

• 

By Berk Veral, Senior Product Marketing Manager, RSA FraudAction and CyberCrime Intelligence According to Reuters, McDonald’s has been testing in-store fast food purchases via mobile apps in France. Why? Well, so that you can order your burger with your app on your mobile device, skip the line to order and pay as you will pay [...]

• 

I have worked on mobile security strategy for RSA for the last two years now, and during that tenure the market continues to evolve and move at a rapid pace, which no doubt is putting more stress and uncertainty into the minds of security professionals. But, just the other day I saw a graphic in Computerworld that really summed up the entire mobility movement. Take a look:

• 

With the theft of an estimated 50 million passwords from various breaches at major web site operators in 2012, the industry is ripe for a transformative approach to one of its most pressing security problems. RSA Labs Chief Scientist Dr. Ari Juels and RSA Senior Product Marketing Manager Liz Robinson join the podcast to describe the new RSA Distributed Credential Protection software, a first-of-its-kind innovation from RSA that distributes and randomizes secrets to help protect from bulk password credential loss.

•