Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
With the increase in effectiveness of attackers and the corresponding decrease in more traditional defense techniques, IT and Security staff are looking for “game changing” components to bring the battlefield back into their control or at least make it more favorable. What Sun Tzu might have referred to as choosing your terrain and, when that doesn’t work, cheating!
RSA announced the availability of Authentication Manager Express. This is a breakthrough for SMBs for simplicity, affordability and efficiency. Get the results with an optimal use of resources and little to no overkill*.
Let’s start with Authentication “pre-history”: username/password was king, and they weren’t particularly sophisticated in their size or complexity. If security (as I’ve suggested) is best reflected in “cost to break,” the cost was cheap and rapidly became cheaper still. As ease of access and exposure grew, especially with the rise in distributed computing, something new was needed: it had to increase the complexity (and therefore the cost to break) sufficiently to have business impact where it counted – secrets would stay secret!
The focus of a strong authentication strategy should not be on the actual authenticator, instead it should be on the tool that allows you to manage the authentication process. This is the authentication manager.
The news: there is a smartcard / symmetric key vulnerability that potentially affects RSA SecurID® 800 Authenticator. This was first discovered by a group of third-party security researchers; and to be clear, it only affects symmetric keys (not digital certificates) and it only affects a specific type of symmetric key. To date, there are no known instances of breach or loss of data (and no other RSA authenticators affected), and there is a non-disruptive fix (software only – no hardware / firmware changes) available through RSA SecurCare Online.
