Blog: RSA Point of View

Uniquely linking business context with security incidents to help organizations manage risk & protect what matters most.

  • 12/13/2018 - A Theoretical Riskicist’s Guide to the Universe Risk has so many variables it is really overwhelming to investigate the future and predict how risk management will transform. When thinking about the future of risk management, it must be approached much like we approach another really, really complex concept… the universe. The Riskicist’s Guide leads you through the complexity and come out the other side with a better understanding of how best to manage risk in your organization.
  • 12/10/2018 - Build a Global Anti-Fraud Operations Center in Five Steps Fighting global cybercrime is not an easy job, but someone must do it. As organizations undergo digital transformation, the opportunity for attack expands creating unwanted exposure, challenges and vulnerabilities. The RSA Anti-Fraud Command Center has been fighting cybercrime for 15 years with over two million cyber attacks shut down. Learn how they started and the five steps needed to build a world-class anti-fraud operations center.
  • 12/4/2018 - 7 Security Trends to Watch in the New Year In time for the New Year, David Strom shares seven things security professionals need to be thinking about and how they could impact their organization.
  • 11/15/2018 - Santa’s Little Helpers? The Surge of Seasonal Workers Brings Additional Risk Learn how to quickly onboard temporary holiday staff without over entitled access and avoid abandoned accounts upon their departure.
  • 11/1/2018 - How Secure is Your Digital Presence? Hacking is now big business for criminals. With the creation and availability of data exploding, it’s time to look at how we got here, and what we can do to secure our identities.
  • 10/25/2018 - Will you miss your favorite passwords? We rely on passwords to reach our digital destinations, much like we once relied on printed maps to get from point A to B. Technology, like Global Positioning Systems (GPS), made printed maps virtually extinct. Now, with new technology from Microsoft, could passwords finally go the way of the dinosaur, or at least become an endangered species?
  • 10/22/2018 - Three Ways to Ensure We Win the AI Cyber Arms Race Artificial Intelligence and Machine Learning are considered by many to be the next evolution of the cybersecurity mousetrap. However, the security community must first proactively work together to win the AI cyber arms race and keep what could be our greatest ally from becoming our greatest enemy.
  • 10/9/2018 - The Other Cyber Skills Gap: Educating Tomorrow’s CISOs While the cyber skills gap discussion has focused on educating the next generation to fill critical practitioner-level roles in cyber defense, few talk about how education will play a significant role in helping the current generation to take their place in that future fight as senior security executives at the board and briefing room tables.
  • 10/4/2018 - Experts Speak Out: Managing Digital Risk During NCSAM – and Beyond In today’s threat landscape, risk is everywhere. See what tips and best practices top industry experts share for protecting yourself, your family and your organization from fraud or a cyberattack.
  • 10/1/2018 - Practice Cybersecurity Every Day, Not Just October After a year of several high-profile attacks, remember that demonstrating good cyber hygiene should be done year-round, not just during National Cybersecurity Awareness Month.
  • 8/27/2018 - RSA and NIST Partner to Reduce E-Commerce Fraud Risk In partnership with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST), RSA and other industry leaders have partnered to develop a framework to help retailers reduce the risk of online fraudulent purchases. Learn more about the recommendations for multi-factor authentication and how your organization can provide public feedback.
  • 8/21/2018 - Ready or Not, Here Comes the Next Big Digital Attack The recent ATM hack that netted cybercriminals $13.5 million from a bank in India happened just days after the FBI warned it was coming. Consider this the latest reminder about the importance of being ready for attacks before they happen, not after they’re already imminent.
  • 8/17/2018 - Leave the Stone Age (and Spreadsheet) Behind People have been using spreadsheets for all sorts of applications, regardless of whether they were appropriate or not. Including using them for risk management. At the RSA Archer Summit 2018 this week, a mention of replacing spreadsheets by product manager Emily Shipman got some cheers from the audience.
  • 8/8/2018 - Digital Transformation, Opportunity and Risk: How Will You Manage? There’s a lot to like about digital transformation and the opportunity it creates, but there’s also a lot to lose, if you don’t manage the risk it brings. Today, digital risk extends to every part of the organization, and you need a well-constructed risk framework to manage it. Here’s what you should know—and do—if you want to come out ahead.
  • 8/1/2018 - New Ways to Manage Digital Risk Read why adaptive authentication and SIEM are essential tools to better detect changes in user behavior – fundamental to digital risk management.
  • 7/19/2018 - GDPR and Data Governance: Take Advantage The EU GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management – not just protecting personal data. Take advantage of the connection between GDPR and Data Governance to evolve your digital risk management strategy.
  • 7/12/2018 - Evolving the Way Businesses Work in a Post-GDPR World The EU GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management – not just protecting personal data. Take this opportunity to evolve your digital risk management strategy.
  • 6/28/2018 - Rallying the Troops for GDPR The EU GDPR continues to drive organizations to change their processes. No where is this more apparent than in the risk assessment piece. It’s a new risk-based approach.
  • 6/13/2018 - RSA's CTO: Bullish on Security, Bearish on Blockchain RSA Chief Technology officer discusses the practical applications of blockchain. Find out more about the distributed ledger technology’s potential and limitations.
  • 6/7/2018 - Making Sense of Tomorrow’s Cybersecurity Trends RSA and Secureworks Chief Technology Officers, Dr. Zulfikar Ramzan and Jon Ramsey, discuss next-gen technologies and how taking a risk-based approach is critical as businesses face an evolving threat landscape.
  • 6/5/2018 - What Are My Options? Session Encryption Protocols Looking Forward TLSv1.3 is a game changer for some enterprises and data centers, what if I can’t switch to end-to-end and need a transition phase or alternate solution? This provides some options as well as some possibilities for design and development work *if* there is motivation from industry.
  • 6/4/2018 - They Are Looking At WHAT? Service Provider Monitoring At the start of an adoption curve there is much apprehension. This is true of TLSv1.3 and those managing enterprise networks and data centers. The IETF working group spent much time listening to operators and their concerns in order to better address and improve adoption.
  • 5/31/2018 - Network Monitoring is Dead… What Now? TLS, QUIC and Beyond Recent conference discussions revealed much about what is top-of-mind for decision makers as they look towards session encryption and when and where to adopt TLSv1.3.
  • 5/24/2018 - Unintended Consequences as Marketing and New Data Privacy Regulations Collide Marketing leaders must anticipate the unintended consequences of data privacy regulations as they may be highly disruptive and potentially stall your program execution. Learn more about these consequences on the eve of the latest in data privacy regulation.
  • 5/21/2018 - Secure Payments of the Future Protecting the safety and integrity of the U.S. payment system is a top priority and the responsibility of all stakeholders in the payments industry. Learn more about how the Secure Payments Task Force is enabling stronger, safer payments and the challenges and opportunities that come with a secure payments infrastructure.
  • 5/18/2018 - Yanny or Laurel? Integrated Risk Management or GRC? The debate rages on – Yanny or Laurel? Which do you hear? This isn’t the only dispute blistering across media. While not featured on Ellen or The Today Show, risk management has its own version of Yanny and Laurel.
  • 4/23/2018 - Cybersecurity Silver Linings Cybersecurity must pay attention not just to the technology of defense, but the psychology of defense. The spirit of the defender matters as much as the shield she or he wields. For years we have motivated ourselves by the fear of what happens if we fail. Lets inspire ourselves with the glory of what we enable when we are successful.
  • 4/16/2018 - "Pain and Progress" in Managing Digital Risk Recently, RSA® commissioned the Cybersecurity and Business Risk Survey, executed by Enterprise Strategy Group (ESG), to learn more about the challenges and priorities of IT security and business risk professionals. “Pain and Progress: The RSA Cybersecurity and Business Risk Study” provides a glimpse into the minds of security and risk leaders.
  • 4/10/2018 - Here’s to FIDO Alliance: In Praise of Authentication Protocols How many types of authentication are enough? The simple answer is: as many as the organization needs to be sure users really are who they say they are. That’s what the relationship between RSA and the FIDO Alliance is all about.
  • 4/5/2018 - How RSA’s Acquisition of Fortscale Acts as a Force Multiplier for the SOC and IAM Teams For years, the industry has thought of the SOC and IAM as separate teams and capabilities, but they’re really two sides of the same coin. RSA’s acquisition of Fortscale enables customers to leverage UEBA capabilities as a force multiplier for both disciplines.
  • 3/1/2018 - Cybercrime Operations: Where Will Fraudsters Go Next? The recent takedowns of several major underground marketplaces have forced fraudsters to move their cybercriminal operations to new platforms. Some newly favored options include social media platforms, websites hosted on the blockchain, and perhaps even your refrigerator.
  • 2/27/2018 - What’s It Take To Be Tomorrow’s CISO? A new Security for Business Innovation Council (SBIC) report explores both the incremental and transformational skills required for current and future CISO success. Learn which fundamental technology and security capabilities matter most and which unexpected skills CISOs will need to acquire to drive business success.
  • 2/26/2018 - Bridging the Gap of Grief with Business-Driven Security A lack of coordination and alignment between security and business risk can cause a “Gap of Grief.” The solution is to combine visibility, insight, response and context to put security details into business context and protect what matters most. This white paper details the RSA® Business-Driven Security approach supporting the convergence of security and risk in the enterprise and elsewhere.
  • 2/15/2018 - Take The GDPR Benchmark Survey The Forrester GDPR Benchmark Survey, a companion piece to the Forrester leadership paper reporting on the survey results of U.S. and EU organizations GDPR readiness, is now available. The Forrester GDPR Benchmark Survey tool lets you know where you stand with your GDPR approach.
  • 2/15/2018 - Account Takeover Surge Results from Mass Data Breaches and Phishing Account takeover attacks are increasing due to mass data breaches and phishing attacks which have exposed billions of usernames, email addresses and passwords. Learn more about this growing threat and why automated attacks are so difficult to spot.
  • 2/6/2018 - EU GDPR Readiness Study Forrester Consulting conducted a recent study of the readiness of organizations in Europe and the United States to comply with the EU General Data Protection Regulation (GDPR). Based on the results of a large survey in both regions, Forrester provides details, not only about the level of readiness, but the steps organizations are taking to ready themselves.
  • 1/30/2018 - Financial Fraud in the Digital Banking Age Banking-as-a-service will allow customers to transact with their financial institution more often and from more channels. This is expected to drive significant challenges as it pertains to fraud management. Hear how financial institutions can embrace the changes and what the role of trusted identity might look like in the future.
  • 1/26/2018 - If You Collect It – You Must Protect It National data privacy day reminds us how important it is to be empowered to take ownership to protect our privacy, control our digital footprints and advocate for the protection of privacy and data.
  • 12/11/2017 - 3 Ways Proximity Authentication Is Revolutionizing Access Proximity authentication for Microsoft Windows Hello protects access at the first stop a user makes on the way to a multitude of resources: the desktop. It’s a major step toward eliminating the need for passwords, making multi-factor authentication more consumable and, ultimately, enabling continuous authentication wherever users go.
  • 11/30/2017 - Are You a Regulation Rebel or a Regulation Realist? In a new report by the Security for Business Innovation Council (SBIC), security executives and thought leaders from Global 1000 enterprises share advice for organizations looking to minimize the burden of legislation that may impact their security postures, as well as offer three strategies to handle what’s ahead in the security landscape.
  • 11/29/2017 - Firewall Meets MFA: Secure Access at the Network Level You can count on your next-generation firewall to protect your network against attacks. But when intruders come with seemingly legitimate credentials, a firewall alone can’t keep them out. For that, you need multi-factor authentication (MFA)—and an easy way to integrate it with the firewall.
  • 11/27/2017 - 2018 Cybercriminal Shopping List When you hear that another organization has been hit by a data breach, your first reaction might be relief it wasn’t yours. But the credentials stolen during that breach could be used to target your organization with account takeover and new account fraud. Here is what you can do to protect your customers.
  • 11/15/2017 - READY, SET, SHOP: PRACTICAL TIPS TO AVOID CYBER MONDAY FRAUD Holiday shopping season brings great opportunities for revenue growth, but it also brings great risks of chargebacks, fraud losses and brand damage. Consider these simple tips to help your organization minimize those risks.
  • 11/15/2017 - Translate Consumer Authentication into Happy Customers and Increased Revenue Consumer authentication can be so much more than a simple check of the box on your next compliance audit. Learn how risk-based authentication actually increased revenue by 20% through improved customer experience, increased transactions, and reduced fraud losses.
  • 11/13/2017 - 3D Secure 2.0: An Outlook on Merchant Adoption 3-D Secure 2.0 promises to eliminate many of the customer experience issues that plagued early implementations and deliver better fraud detection through rich data collection. But are merchants ready for adoption?
  • 10/31/2017 - Reflections on Risk Management from RSA Charge 2017 RSA Charge – the premier RSA customer event – gives us a broad perspective across today’s risk, security and compliance programs. I share some random thoughts from a week of immersion into this broad and deep pool of amazing, talented professionals.
  • 10/26/2017 - ROCA: BLAMING INFINEON IS THE EASY WAY OUT ROCA isn’t about a weakness in the RSA® algorithm, nor is it about Infineon’s implementation of the algorithm. The problem lies within the method Infineon used to generate the prime numbers for key material.
  • 10/19/2017 - Fitting Privacy into Your Risk Management Program While Privacy is one key risk to be managed, some organizations may view Privacy and Risk Management as separate programs. Integrating these strategies can result in efficiencies and added-value.
  • 10/19/2017 - YIN AND YANG: TWO VIEWS ON IAM—IT-BASED AND BUSINESS-DRIVEN IAM projects are among the most visible IT initiatives, but what’s the best approach to take? RSA identity experts review two different approaches to your next IAM project: IT-based and business-driven.
  • 10/12/2017 - YIN AND YANG: TWO VIEWS ON IAM – SUCCESS WITH ROLES Role-based access is supposed to make access request and approval easier, simplify provisioning, and improve governance and auditing. But, are roles necessary and when is the best time to implement them?
  • 10/2/2017 - Mind Blowing Cost of Cybercrime Every 60 Minutes While the security industry strives to bring attention to cyber threats, there remains a lingering question: what is the financial impact? Combining RSA’s real world daily insight into fraud and cybercrime events, as well as some of the top sources in the industry, we have created a new tool to answer these questions.
  • 9/22/2017 - Making Access More Secure and More Convenient with Facial Recognition Flexible authentication is one of the keys to successful identity assurance. With its careful balance of high security and low friction for users, facial recognition technology seems poised to become an important component in any program of flexible authentication.
  • 9/19/2017 - Top 5 Authentication Trends in 2017 The increased popularity of enterprise mobile applications only heightens the need for a consumer-simple experience—one that provides access control commensurate with the risk of a given transaction. MFA, SSO, authentication standards, biometrics and smartphones will each continue to play a role as the market moves toward risk-aware authentication.
  • 9/18/2017 - In the Wake of Recent Breach It’s Time to Revisit Your Fraud Strategy In light of the recent mega breach, where over 143 million U.S. citizens were impacted, it is critical for organizations to pause for a moment and reflect on critical steps they must immediately focus on to align information security and fraud strategies to mitigate risk.
  • 9/12/2017 - Yin and Yang: Two Views on IAM - Security vs. Convenience Debate: When looking at the identity risk vector and the constant attack level capabilities advancing every day, it may be time that we strike a balance more towards caution than convenience. Or do we find ways to balance security and convenience by leveraging risk and context to eliminate the friction that added security can create?
  • 9/12/2017 - 7 Steps to a GRC Risk Management Framework-7: Provide Visibility This last step in the process involves providing visibility into and reporting on risk. Remember, in creating the framework, you’re examining business processes and outcomes that can introduce risk to the organization. For business leaders to make informed decisions to manage that risk, they need easily visualized, timely information about it.
  • 9/5/2017 - 7 Steps to a GRC Risk Management Framework – 6: Enterprise Risks & Controls Enterprise-wide documentation is a vital step because if you want to exert control over activities that create risk—such as unauthorized persons accessing information categorized as important and at risk—you have to be able to identify those activities. And documenting information-related business processes is how you do that.
  • 8/31/2017 - TLS Security and Data Center Monitoring: Searching for a Path Forward Protocols are evolving to meet the demands of the future. We must continue to strengthen the security of these protocols to keep pace with the threat landscape. As such, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet.
  • 8/29/2017 - 7 Steps to a GRC Risk Management Framework-5: Residual Risk Of the many challenges managing information risk, perhaps the greatest is knowing where to focus risk management resources. If you don’t have a clear understanding of the risk associated with the information in your organization, you may end up misdirecting scarce resources.
  • 8/22/2017 - 7 Steps to a GRC Risk Management Framework-4: Evaluate Risk Treatments Continuing our journey through the seven steps to build a risk management framework for information leads us to evaluating the risk treatments available to you. In evaluating risk treatments, as in the previous steps, documentation is key.
  • 8/15/2017 - 7 Steps to a GRC Risk Management Framework-3: Assess Risk We’ve talked in this space about the seven steps to building a risk management framework for information, starting with identifying information to protect and determining the characteristics of that information. In step three we assess the inherent risk associated with the information.
  • 8/14/2017 - Demystifying the Black Box of Machine Learning Nowadays, it is common to use machine learning to detect online fraud. In fact, machine learning is everywhere. Due to its independent nature and human-like intelligence qualities, machine learning does, at times, seem like an inexplicable “black box.” But truth be told, machine learning doesn’t have to be like that. Here is what you should know if you decide to give “computers the ability to learn without being explicitly programmed.”
  • 8/9/2017 - Skills Shortage: The Intelligent Application of Force Multipliers Many organizations struggle to staff and maintain security operation teams due to a serious shortage of skilled security analysts. The struggle isn’t just about filling open roles; it is equally hard to drive the needed productivity of the resources already in house to make sure the alert that matters doesn’t go unnoticed.
  • 8/8/2017 - 7 Steps to a GRC Risk Management Framework-2: Locate Data In our first post on the seven steps to building a GRC-based risk management framework for information, we talked about step 1: identifying information that is important enough to warrant protection. Once you’ve identified information important enough to be protected, within its business context, you can move on to determining whether you actually have any...
  • 8/1/2017 - 7 Steps to a GRC Risk Management Framework-1: Identify Information Managing information risk can be a paralyzing challenge, given the amount of data and information that comes pouring in daily. It’s hard to know what information needs to be protected, let alone the most effective way to do it. RSA has developed a practical seven-step methodology for building a risk management framework for information. Derived...
  • 7/25/2017 - Don't Miss RSA at Black Hat USA 2017 Wondering where you’ll find RSA at Black Hat? Where won’t you find RSA is more like it. In addition to hosting our Business Hall booth, where we’ll be showcasing the latest version of RSA NetWitness® Suite, you’ll find us in the Black Hat Network Operations Center (NOC), as well as in speaking sessions on some...
  • 7/24/2017 - Swinging for the Fences Did you know only approximately one in 200, or about 0.5%, of high school senior boys playing interscholastic baseball will eventually be drafted by an MLB team?  That includes all levels of professional baseball.  Only a small percentage of players drafted actually make it to the Major Leagues.   The competition to make it to the...
  • 7/18/2017 - Threat Hunting and the Cloud - A Dynamic Tension In the 1920s, fitness innovator Charles Atlas developed and introduced the Dynamic Tension exercise method. The essence of Dynamic Tension is that it pits muscle against muscle, with a workout intensifying proportionally for both muscles as force increases. As generations of comic book fans have learned since, nobody kicked sand in Charles Atlas’s face after...
  • 7/17/2017 - Nip Those Incidents in the Bud! I’m dating myself here, but I used to love to watch the Andy Griffith Show. I liked Andy’s calm demeanor as he tried to raise little Opie. Barney Fife was his neurotic sidekick. I enjoyed this exchange between the two of them as they discussed raising kids: Barney Fife: Well, today’s eight-year-olds are tomorrow’s teenagers....
  • 7/10/2017 - The Myth of the Easy Button Approach to Information Security By: Wes Riley and Erik Heuser In twenty plus years navigating the complexities of the information security (InfoSec) industry a common theme emerges: the fascination with creating the digital panacea, or Easy Button. Marketing departments highlight their product in the best light possible and tell you it will solve all your InfoSec headaches. Years of...
  • 6/27/2017 - Yin and Yang: Two Views on IAM - Global Risk Standards or States & Nations Policies By Steve Mowll and Chris Williams POINT: Chris Williams – Advisory Architect, RSA Identity In our last blog, I stated the following about why we most commonly engage in security practices. And these two items were represented: We embrace identity projects because we need to satisfy compulsory mandates. We need to provide competitive protective services...
  • 6/20/2017 - Protecting PingFederate Users with RSA SecurID Access It’s 10 o’clock. Do you know where your users are? Believe it or not, there was once a time when this question was easy to answer. If “Steve” was logged into the corporate network, there was a very high-level of certainty you would find him sitting in his cube, on the 4th floor of building...
  • 6/19/2017 - Protecting VMware Workspace ONE Users with RSA SecurID Access While 1999 brought us the Breitling Orbiter 3, Warner Bros. sci-fi thriller “The Matrix,” and Britney Spears mega-hit “Baby One More Time,” it was also a banner year in cybersecurity. During the last twelve months of the millennium, we witnessed the advent of Microsoft’s Windows 98 release, the arrival of the American Express “Blue” card...
  • 6/13/2017 - Yin and Yang: Two Views on IAM - Active Directory Automation, Success or Failure? By Steve Mowll and Chris Williams Point: Effective identity management strategies are business-based, and should rise above technical limitations. Steve Mowll, Identity Architect, RSA True point, but in order to have effective strategies, they must be directed towards a desired outcome. Let’s take a look at this idea using Active Directory (AD) projects as an...
  • 6/12/2017 - Completing the Puzzle In a previous blog I reviewed the real world pay back for being a risk leader.  Let’s say your company gets it, they know that good risk management increases the likelihood objectives will be fulfilled and profits improved, and now you’ve been given the assignment to start the risk management program to make your organization a...
  • 6/7/2017 - Defining Your Cyber Risk Appetite When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to...
  • 6/7/2017 - Capture the Prize Risk is the effect of uncertainty on objectives.  Managing risk well increases the certainty that objectives will be achieved.  Not surprisingly, organizations leading in risk management “capture the prize”.  According to a PWC Risk Review, organizations more frequently achieve their objectives, are more profitable and less likely to experience a negative profit margin than those...
  • 6/7/2017 - Eliminating Access Blind Spots in the Modern Enterprise Last year, 63% of data breaches involved compromised identities. This year, it’s up to 81%. As the world settles into the “new normal” of mobile, cloud and other nontraditional access points for applications and other resources, the problem of identity-related attacks isn’t going anywhere; to the contrary, it’s getting bigger. We can’t promise those numbers...
  • 6/6/2017 - Delivering Convenient and Secure Access to the Modern Workforce In the relatively quick journey from don’t-even-think-about-bringing-your-own-device to please-absolutely-bring-your-own-device, identity management has experienced some dramatic transformations. And it’s still evolving now, as security policy continues to move away from limiting user options and toward expanding them. Organizations haven’t taken long to come around to thinking that giving users more ways to access the resources they...
  • 6/6/2017 - Transaction Protection in a Human-Not-Present Age Imagine it is 10AM and you’re sitting in a meeting at work. You gaze out the window only to see your car drive out of the parking lot, turn left at the end of the road, and disappear around the corner. Your car, having sensed it needs a change of oil and seeing today’s calendar...
  • 6/1/2017 - NIST Cybersecurity Framework (CSF) Spring 2017 Workshop Findings To shape their Cybersecurity Framework (CSF), NIST convenes a series of workshops open to any industry practitioners, vendors, or academics who wish to attend. I recently returned from the 2017 NIST CSF Workshop at their headquarters in Gaithersburg, MD. For those interested in the NIST CSF but were unable to attend, I will quickly run...
  • 5/31/2017 - Chances are your account has been breached When it comes to protecting personal data, there are three types of people in the world: Those who go to great lengths to protect their personal information, using unique passwords and trying to remain un-breached. Those who are ignorant or ambivalent to the impact of breaches and the personal security risk they entail. Those who...
  • 5/16/2017 - What Your Business Can Learn from WannaCry The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in...
  • 5/15/2017 - New Survey: Consumers Increase Security Expectations in Wake of Password Breaches Several years ago, I was talking to an organization which had recently deployed risk-based authentication on its online customer portal. Based on their business model, I was especially curious to learn why they had selected to add consumer authentication to their website.  The answer was simple, “It is a competitive advantage for us.” Fast forward...
  • 5/4/2017 - Yin and Yang: Two Views on IAM - Nature or Nuture By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris...
  • 5/2/2017 - RSA Identity Governance and Lifecycle: An Executive View from KuppingerCole When one of the leading independent analyst organizations in the identity space weighs in favorably on your approach to identity governance, that’s news worth sharing. In the KuppingerCole Report “Executive View: RSA® Identity Governance and Lifecycle,” analyst John Tolbert gets at the heart of RSA’s belief in the effectiveness of an integrated, comprehensive, end-to-end approach:...
  • 5/1/2017 - Chasing the Rabbit: Cybersecurity Through the Camera Lens Azeem Aleem and Dave Gray Nothing will work if you are not serious about it – Sam Abell This blog is intended to take a different perspective (pun intended) of how we view our security platforms and how to go about rationalizing our Business-Driven Security™ decisions about cyber threats and mitigation strategies. It all comes...
  • 4/24/2017 - Is the cyberworld doomed to be unsafe forever? Before seeking an answer, let’s question the question. I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great...
  • 4/20/2017 - Yin and Yang: Two Views on IAM - HR vs Identity Management By Steve Mowll and Chris Williams POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data! Steve Mowll, Systems Engineer, RSA Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is...
  • 4/6/2017 - Sydney CRO Summit: Cultivating a Resilient Risk Culture If you knew that an action you were contemplating could conceivably cost your organization billions of dollars, permanently ruin its reputation and maybe get the CEO fired for good measure, would you risk it? I’m going to go out on a limb and say you probably wouldn’t. Yet people do it all the time. Why?...
  • 3/23/2017 - The GDPR and your data protection obligations The focus is growing for the European Union’s forthcoming “General Data Protection Regulation,” or GDPR. As its May 25, 2018 implementation date draws nearer, organizations are starting to understand the magnitude of change this major regulation will drive. It is not only EU-based organizations that are subject to the GDPR’s requirements. If your company stores...
  • 3/21/2017 - Answering the #1 Question in Identity Management Takeaways from a Recent Identity Survey by IDG It’s the infamous joke we’ve all used at one point or another – “Knock, knock. Who’s there?” When it comes to identity management, knowing the answer to this question is mission critical. Whether your employees, contractors, customers and partners are accessing your data, applications and systems in...
  • 3/13/2017 - RSA NetWitness Platform named a leader in The Forrester Wave: Security Analytics Platforms We are excited to announce the RSA NetWitness® Suite has been named by Forrester® Research as a leader in The Forrester Wave™: Security Analytics Platforms, Q1 2017. RSA NetWitness Suite earned perfect marks in the Forrester Wave report for scalability, detection technologies, user behavior analytics, endpoints, integrated network analysis and visibility, and threat intelligence. According...
  • 3/2/2017 - RSA and the Power of CommUNITY After attending RSA Conference 2017 it was clear the theme – The Power of CommUNITY – was a thread throughout the conference. This was seen in several places: Dr. Zulfikar Ramzan, CTO of RSA, mentioned this topic several times in his keynote on Tuesday morning. He urged us as an industry to “draw connections” and...
  • 3/1/2017 - What do RSA Conference 2017 and my DVR have in common? Another year, another RSA Conference. At this point, I have lost count of my appearances at this annual gathering of all things security – I believe it was number 15 or 16 for me. I say “appearances” because the days blur into such a steady stream of meetings, discussions and general sensory overload that at...
  • 2/16/2017 - Business-Driven Security to Lead through Chaos My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident...
  • 2/14/2017 - Leading in an Era of Chaos Consider… American Authorities are confident that the Russian Government was behind the cyberattack on the Democratic National Committee. Did that attack change the course of the U.S. presidential election? We’ll never know. But it definitely changed the discourse that followed. The idea of a foreign power mounting a cyberattack to undermine a U.S. election went...
  • 2/14/2017 - The Forum at RSA Conference This year’s RSA Conference continues the long string of high powered speakers from both the private and the public sector. While there are great keynotes and more than 500 track sessions, we discovered we needed more! Five years ago, many senior government officials were looking for a platform from which they could communicate what they...
  • 2/13/2017 - 2017 is the Year for RSA Business-Driven Security Solutions This week, RSA will be making a global announcement during the 2017 RSA Conference to formally unveil RSA Business-Driven Security solutions, a new approach to help customers manage cyber risk. This architecture, along with several concurrent solution and service announcements, enables customers to take command of their risk posture and secure what matters most. BUSINESS-DRIVEN...
  • 2/13/2017 - Defining Business-Driven Security for the Modern Enterprise As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of...