Blog, Page 2

Delivering Convenient and Secure Access to the Modern Workforce

In the relatively quick journey from don’t-even-think-about-bringing-your-own-device to please-absolutely-bring-your-own-device, identity management has experienced some dramatic transformations. And it’s still evolving now, as security policy continues to move away from limiting user options and toward expanding them. Organizations haven’t taken long to come around to thinking that giving users more ways to access the resources they…

Transaction Protection in a Human-Not-Present Age

Imagine it is 10AM and you’re sitting in a meeting at work. You gaze out the window only to see your car drive out of the parking lot, turn left at the end of the road, and disappear around the corner. Your car, having sensed it needs a change of oil and seeing today’s calendar…

Shadowfall

Over the last several months, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing. Domain shadowing is “a technique in which attackers steal domain account…

8 Authentication Pitfalls That Can Put You on the Road to Nowhere

Two-factor, multi-factor, mobile, push, tokenless, biometric: you have choices today when it comes to authentication solutions. Choose the right authentication solution, and you’ve got a straight shot to access that’s secure and convenient for users. Choose the wrong one, and you risk getting on a path that’s at best bumpy and at worst downright dangerous.…

Chances are your account has been breached

When it comes to protecting personal data, there are three types of people in the world: Those who go to great lengths to protect their personal information, using unique passwords and trying to remain un-breached. Those who are ignorant or ambivalent to the impact of breaches and the personal security risk they entail. Those who…

What Really Led to WannaCry?

Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts…

Metrics (Not Just Fun Facts!) Are key to driving a Business-Driven Security™ Strategy

Dave Gray & Azeem Aleem “What’s Measured Improves” Peter Drucker It’s mid-2017 and we have already witnessed the conundrum across organizations as the pressure of building a more efficient business creates loopholes for cyber criminals to gain an advantage. In a previous blog we talked about the traditional perimeter melting away and how the “not…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…

What Your Business Can Learn from WannaCry

The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in…

Failure to Communicate: Why SOCs Fail!

I’ve had the privilege of working in a few different SOCs at various maturity levels ranging from the stony shores of regulatory compliance – “Yes, we have a security solution”, to the deep shark-infested waters of a global enterprise under frequent attack by nation state-sponsored attack groups. Throughout all of these different engagements, I’ve worked…