RSA Security Blog: A Blog for Security Professiona

RSS Feed Homepage

Articles: 1, 2, 3, 4, 5, 6, 7

Cloud and Virtualization: Surpassing current levels of security
2009-11-09 01:00:00
Earlier this month, RSA, The Security Division of EMC released a new RSA Security Brief entitled "Identity and Data Protection in the Cloud : Best Practices for Establishing Environments of Trust." This Brief is authored by security and virtualization experts from VMware and across EMC and offers guidance and actionable best practices for organizations faced with the challenges of securing identities and data in the cloud.
More About: Current , Virtualization

RSA and VeriSign: forward together into the Cloud
2009-11-06 01:00:00
RSA and VeriSign have come a long way over the last 15 years.  From a close origin to distant extremes, we are now going into a mature relationship with one another.  I can’t speak to everything that has gone before, but the two companies have evolved very differently while interacting positively and negatively over the years.
More About: Cloud

Evolution of Authentication
2009-11-05 01:00:00
In the old days, authentication was people seeing people. You could spot someone and come to a decision as to whether they were who they claimed to be on the basis of things that you could discern with your five senses (mostly vision, hearing and scent).
More About: Evolution , Authentication

Speaking of Security Podcast #167
2009-11-03 01:00:00
Click to Download/Listen This week's Speaking of Security podcast features a discussion on the use of social media by the US government. Mischel Kwon, VP of Public Sector Security Solutions for RSA and a former Director for the US Department of Homeland Security is our guest.
More About: Podcast

The Year of PKI is Here!
2009-10-22 02:00:00
It’s 2009, and someone just asked me “is this the year of PKI?” I thought this was an old joke, but they were in earnest. Certificates are one of those things that many people fell in love with for their elegance and the promise that they could extend trust in many new directions.

The Blame Game: Security and Responsibility
2009-10-22 02:00:00
“All the money I had is gone. I can weep and I can cry, I can wonder why.”* Recently a story came to light about a bank being sued by one of its customers after their account was hacked into by cybercriminals.  The customer is claiming that their bank failed to notice the suspicious transactions that drained their bank account.  
More About: Security , Game

Cloud Security: 'Past Performance is Not an Indication of the Future'
2009-10-21 02:00:00
A recent article in Computer World outlined several security and legal concerns that pertain to the current state of cloud computing and SaaS offerings of public service providers.
More About: Security , Performance , Future , The Future , Past

Speaking of Security Podcast #166
2009-10-20 02:00:00
Click to Download/Listen RSA is announcing a new set of services and solutions to help customers expand their security operations function by leveraging other technologies within their security and IT operations groups. Hear all about it on this week's Speaking of Security podcast.
More About: Podcast

Speaking of Security Podcast #165
2009-10-13 02:00:00
This week we present a Speaking of Security Video Podcast . Enterprises continue to do whatever it takes to reduce costs and stay competitive. Research shows that budgets seem to be flat and many organizations are actively decreasing spending as they look towards 2010. One area that is being affected is security spend. Roland Cloutier, VP and CSO for EMC discusses how to prioritize security in your 2010 budget planning.

Speaking of Security Podcast #164
2009-10-06 02:00:00
Click to Download/Listen October is National Cyber Security Awareness Month, sponsored by the US Department of Homeland Security. Michael Kaiser, Executive Director of the National Cyber Security Alliance joins us on this week's Speaking of Security podcast to discuss effective cyber security practices.
More About: Podcast

The Arms Race between Black Hats and White Hats Steps Up with URLZone Troja
2009-10-05 02:00:00
The arms race between cybercriminals and security professionals has recently stepped up, with the online gang behind the URLZone Trojan driving one more rung into the evolutionary ladder of online crime.
More About: White , Race , Black , Arms

National Cyber Security Awareness Month: What it Means for Security Profess
2009-10-01 02:00:00
October 1 the National Cyber Security Alliance, along with Department of Homeland Security and the White House will kick off National Cyber Security Awareness Month.  So, what does that mean to security professionals?  This is a month for you to reassess, take stock in what you are doing, share your knowledge and shine.

EMC Security Development Lifecycle featured at GFIRST 2009
2009-10-01 02:00:00
About a month ago, Reeny Sondhi from EMC’s Product Security Office presented EMC’s approach to securing products. She explained how SQL Slammer, IP storage, regulations and EMC’s acquisition strategy have influenced our approach to product security.
More About: Development , Featured

Speaking of Security Podcast #163
2009-09-29 02:00:00
Click to Download/Listen This week's Speaking of Security podcast discusses business continuity planning, including potential corporate requirements for the H1N1 virus.
More About: Podcast

When Gods Jabber
2009-09-23 02:00:00
As befitting its name, Zeus – King of Gods - is the most powerful Trojan kit on earth. Some Trojans you cannot buy – take Sinowal, for instance; it’s a commercial grade infrastructure featuring a state-of-the-art Trojan. It’s operated by an organized crime group that invests back in the business. You won’t find Sinowal as a kit for sale.
More About: Jabber

Speaking of Security Podcast #162
2009-09-22 02:00:00
Click to Download/Listen RSA and First Data team to reduce merchant risk and cost associated with credit card data and PCI compliance. Hear all about this strategic partnership on this week's Speaking of Security podcast.
More About: Podcast

First Data's new PCI tokenization service
2009-09-22 02:00:00
Today, First Data announced the new First Data Secure Transactions service. First Data’s service will provide merchants the encryption of cardholder data at the point of capture (e.g., POS), with encryption maintained through delivery to First Data (when decryption occurs in order to continue the transaction process). Here is where things get really interesting: rather than returning the actual card number back to the merchant, First Data returns a “token” value – data that represents the cardholder data (i.e., sixteen digits), but has no real value (because the “token” is not a real credit card number). And First Data maintains the original cardholder data in a secure, PCI compliant environment.
More About: Service

Attack the Dark Cloud (not the symptom)
2009-09-21 02:00:00
I have spent most of last Friday in a meeting to enable real security communities that produce a Nash Effect for the members (think Network Effect if you like Metcalfe best): how do we get people to come together and get more social, financial and moral rewards from coming together than they can from other parts of their lives (have a look at incentives for more on the three basic kinds of rewards).
More About: Dark , The Dark , Cloud

Security is a Team Sport
2009-09-17 02:00:00
On Sept. 14 I had the privilege to speak on a panel at the InformationWeek 500 Conference moderated by IW Editor-in-Chief Alexander Wolfe. The panel was comprised of Eva Chen, CEO and Co-founder of Trend Micro, Renee Guttman, Vice President of Information Security and Privacy Officer for Time Warner, and Jerry Johnson, CIO of Pacific Northwest National Laboratory. The title and theme of the panel talk was “Strategic Security: Maximizing the Business Value of Your Security Investment.”
More About: Sport , Team

"Chat-in-the-Middle" Phishing Attack Attempts to Steal Consumers' Data via
2009-09-16 02:00:00
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a "Chat -in-the-Middle " phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attacks may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.
More About: Phishing , Data , Steal

Speaking of Security Podcast #161
2009-09-09 02:00:00
Click to Download/Listen This week's Speaking of Security podcast features an exclusive interview with Mischel Kwon, RSA's new VP of Public Sector Security Solutions for the Professional Services team. Prior to joining RSA, Ms. Kwon served as Director for the US CERT (Computer Emergency Readiness Team) for the Department of Homeland Security.
More About: Podcast

Getting started with security compliance for virtualization
2009-09-02 02:00:00
VMworld 2009 has been buzzing with an infectious energy since it opened this week.  One can see the very visible and strong effect that virtualization is having on the entire IT industry.  The emergence of virtualization as a major mainstream paradigm across datacenters has spawned a rich ecosystem of vendors and technologies that secure and manage virtualization.
More About: Security , Virtualization , Compliance

Speaking of Security Podcast #160
2009-09-01 02:00:00
Click to Download/Listen The latest edition of the Speaking of Security podcast features a lively discussion on the latest IT security buzz with Sam Curry, VP of Product Management for RSA.
More About: Podcast

The Devil is in the Details
2009-08-28 02:00:00
I recently read an article written by Jordan Robertson of the AP regarding a report issued this week by IBM’s X-Force that included what they found to be a reduction in phishing emails worldwide – and did a double-take. I had to read it again, and then one more time to make sure my eyes weren’t tricking me.
More About: Devil , Details , The Devil

Zeus Trojan Leverages IM Software to Forward Stolen Online Account Data
2009-08-27 02:00:00
During its investigation of several Zeus Trojan attacks over the past three months, the RSA FraudAction Research Lab discovered and tracked a new online attack method employed by criminals that can quickly leverage compromised credentials.
More About: Software , Data , Stolen , Online

Part-Time Compliance
2009-08-26 02:00:00
I recently found myself once again discussing the concept of real-time compliance reporting with a customer. Nothing was terribly unusual about this, except in this case I took a pragmatic position, and the customer voiced a decidedly idealist perspective. The genesis of the conversation was an exercise to define what compliance meant to the customer and how they would ideally like to assess adherence to regulatory requirements.
More About: Time , Part , Compliance

Speaking of Security Podcast #159
2009-08-25 02:00:00
Click to Download/Listen This edition of Speaking of Security discusses collaboration between RSA and IDC on research and a whitepaper on Insider Risk Management.
More About: Podcast

Insider risk: quantifying and overcoming the unknown
2009-08-25 02:00:00
A recent IDC survey, conducted for RSA, provides interesting insight into organizations' views and experiences of insider risk. The facts relating to financial impact and number of security incidents don’t always tally with the issues keeping IT managers awake at night. Do these findings support our fear of the unknown, I wonder? Is the answer to confront the issues with better intelligence?
More About: Risk , Unknown , Insider

Man-in-the-Middle (MITM) - No New Thing Under the Sun*
2009-08-21 02:00:00
Saul Hansell from the New York Times published a blog yesterday called "How Hackers Snatch Real-Time Security ID Numbers."  Now most people** are probably expecting me to launch into a robust defense of all things unassailable and security goodness here, but I am not going to do that.  Why?  Because Saul is right, and it should come as no surprise that any single security measure can be broken. If you want to know why, and also know why RSA SecurID is an essential part of a layered information-centric security system, please read-on.
More About: Middle , Thing

A System...of Sticks and Stones
2009-08-21 02:00:00
“I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones” – Albert Einstein It’s been a while since I’ve blogged on something of a bigger scope, so I turned to physics for some fun and inspiration.
More About: System , Stones