RSA Security Blog: A Blog for Security Professiona

RSS Feed Homepage

Articles: 1, 2, 3, 4, 5, 6, 7

Asking the Right Questions When Implementing a Data Loss Prevention Policy
2008-12-10 01:00:00
Okay, raise your hand if you are scared of the word “policy.” Policy is sometimes an overused word that sounds simpler than the complex thing it actually is, and if not properly thought out, can be a headache to implement. RSA’s Information Classification and Policy Research team spends a lot of time focusing on the accuracy of Data Loss Prevention (DLP) policies. This week, we’re giving some hints for success and best practices that we’ve learned by working with both early adopters and some of the world’s largest companies. We know from experience that you can have the most accurate policy and it still may not be the right policy for your organization. Here’s how to figure it out...
More About: Questions

Speaking of Security Podcast #132
2008-12-09 01:00:00
Click to Download/Listen (11:13)This week's Speaking of Security podcast features a preview of the latest edition of Vantage, RSA's magazine on information security news and trends and the first segment of a two-part discussion on how the fraudster underground operates much the same as real-world businesses. Uri Rivner, Head of New Technologies at RSA is our guest.
More About: Podcast

Where did my vendor go?
2008-12-09 01:00:00
I had the pleasure of attending the Institute of Applied Network Security (IANS) conference in San Francisco last week. For anyone not familiar with this organization, they’re a peer to peer research organization where security practitioners come together to talk about the issues du jour. It’s a real good way for us vendors to get a pulse on what people are worried about, and what they think about what we’re doing to support them.

Securing Cyberspace for the 44th Presidency - An Introduction to the Commis
2008-12-08 01:00:00
Later today the final report of the CSIS Commission for the 44th Presidency will be officially released on Capitol Hill in Washington, D.C. The co-chairs of the Commission are: U.S. Representatives Jim Langevin (Democrat, Rhode Island) and Michael McCaul (Republican, Texas), and senior industry executives Scott Charney of Microsoft and retired Air Force Lt. General Harry Raduege of Deloitte.
More About: Introduction , Cyberspace

Security Challenges in Software as a Service, Portals and Collaboration
2008-12-08 01:00:00
There are a number of business trends that are driving new security challenges.  As some companies shift to Software as a Service (SaaS), they are beginning to realize that not having planned for a common identity framework is leaving them with disparate representations of customers who expect a seamless user experience.
More About: Security , Collaboration , Portals

The Dreaded "C" Word
2008-12-04 01:00:00
Let’s face it.  The “C” word, commoditization, is a word that those of us in the IT community both love and hate.  We hate it when the “C” word is applied to the products that we offer, but at the same time we secretly hope that someone else’s products will be commoditized so that customers will have more of their budget to spend on our wares.
More About: Word

Speaking of Security Podcast #131
2008-12-03 01:00:00
Click to Download/Listen (08:21)Social engineering is the art of manipulating people into performing actions or divulging confidential information. This week's Speaking of Security podcast features a discussion on this topic with a leading expert on security and terrorism.
More About: Podcast

Focussing on FUD - What a waste of an opportunity to realise efficiency gai
2008-12-02 01:00:00
I had the pleasure of presenting at the EMC EMEA Analysts meeting this week. Some people hate talking to gatherings like this, because unlike most audiences they tend to be much less reticent in providing contrary views to those which you are presenting – often right there in the middle of your pitch, having the potential (on a really bad day!) to really derail you from the point you wished to make and generally to put you on the back foot.
More About: Opportunity , Efficiency , Waste

Make Sure to Cover Your SaaS
2008-12-02 01:00:00
Software as a Service (SaaS) on-demand applications are single-instance multi-tenant applications which are centrally and professionally managed and delivered as a service over the internet. SaaS customers use the same application engine which is partitioned into separate customer access accounts.  These accounts may be set-up differently but the core application engine is the same platform that every other customer has access to.
More About: Cover , Make , SAAS

What You Don't Know CAN Hurt You!
2008-12-01 01:00:00
Here's a quick quiz for all of you security professionals out there: 1. What's a 'SAN'? 2. What's a 'LUN' on a Fiberchannel SAN? 3. What are the differences between iSCSI, NAS and Fiberchannel SANs? 4. How does data de-duplication work? 5. What are the different types of 'stores' supported by Microsoft Exchange?
More About: Hurt

Speaking of Security Podcast #130
2008-11-24 01:00:00
Click to Download/Listen (08:53)Now that the 2008 US Presidential and Congressional elections are behind us, what can we expect from the new Administration and the 111th Congress on Cyber Security ? The Speaking of Security podcast has a report direct from Washington, DC.
More About: Podcast

Big Bank Does Well Financially—Really!
2008-11-21 01:00:00
What a refreshing conversation it was—a Global 100 bank’s senior IT executive was gushing on how he was in the money. No, really! And even better, amidst today’s financial fiascos, he had selected to tell me about how he was financially ahead by deploying some state-of-art security solutions.
More About: Bank

Fraudsters Have Had a Rough Month
2008-11-18 01:00:00
I attended RSA Conference Europe late last month, which – as always – is an amazing event. The theme of the Conference was focused on Alan Turing, who is often called the father of modern computer science. One particular perk at the venue was the public display of the Enigma machine – believed by the German forces during WWII to be impenetrable.
More About: Month

PCI Compliance: Visa Announces Global Deadlines
2008-11-18 01:00:00
In response to the complex and global threats faced by the cardholder ecosystem, Visa Inc recently announced worldwide deadlines for PCI DSS Compliance .  "Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc.  "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."
More About: Global

Events per Second – the difference between a target and an assurance
2008-11-17 01:00:00
We’ve been getting a good few questions recently about how many Events Per Second a SIEM product support. Well, that depends on a few factors: The transport – processing Syslog events takes up a heck of a lot less processing power than collecting from a Windows box. Same with collecting data over an ODBC connection.
More About: Target , Difference

Speaking of Security Podcast #129
2008-11-17 01:00:00
Click to Download/Listen (08:34)This week's Speaking of Security podcast features an on-the-scene report from the Gartner Identity and Access Management Summit, one of the key shows on the security event calendar. The Summit was held last week in Orlando, Florida.
More About: Podcast

RSA® BSAFE® — Security A Billion Times Over
2008-11-16 01:00:00
RSA has marked a McDonald’s-like landmark, quietly— over one billion applications and devices are now embedded with RSA ® BSAFE® security software. No numbers changed under ubiquitous golden arches to mark this monumental achievement, but it did get me thinking on how deep an impact RSA BSAFE has had in the broad industry sectors as well as at EMC in particular…
More About: Security , Times , Billion

What should we expect from the Obama Administration and the 111th Congress
2008-11-14 01:00:00
Given the seriousness of the financial crisis, growing job losses and the continued meltdown of global stock markets, it’s hard to imagine that the incoming Obama Administration or new U.S. Congress will be able to focus on much else during the first several months of 2009.  When they do tackle other issues, healthcare reform, tax policy and energy policy are likely to emerge at the top along with national security priorities.  Not to mention that many FY2009 spending bills still need to be approved by Congress and signed by the President as well, although that is expected to happen by March 2009 at the latest. So where does this leave cyber security issues? 
More About: Expect

Planes, Trains & Automobiles: Some Data Should Just Stay at Work
2008-11-12 01:00:00
In recent security briefings, I’m often asked: “Should I protect sensitive information on my laptop by encrypting my laptop?” My advice is to first ask WHY?  Why do you as an employee have the business or security justification to transfer and store sensitive PII: (personally identifiable information) onto your mobile device?   (A little of asking who, what, where and when about your information will help here too).
More About: Automobiles , Work , Data , Trains , Stay

Combating Cyber Threats Around the Globe -- A More Collaborative Approach?
2008-11-12 01:00:00
Governments and law enforcement agencies from North America and Europe continue to increase cooperation and coordination to combat the growing threats of cyber-crime and e-espionage.  That was quite evident at the recent RSA Conference Europe that was held in London as a significant number of representatives from governments participated in panels and other events.   I moderated one of those sessions, which was titled “Tackling Cyber -crime and Protecting Critical Information Infrastructure – Public Sector Approaches&rdquo...
More About: Globe , Threats

Innovation In Security--Lessons from TelePresence and Cloud
2008-11-12 01:00:00
Innovation in Security is a theme that we at EMC and RSA strongly believe in— it was central to my keynote speech at the NCA Security and Technology Conference in Seattle on the 29th of October. Yet, as the day progressed, I could not help but think of how extensively we need to innovate in our security deployments, to enable vibrant new information exchange capabilities, and to sustain the rapid changes in our information-centric lifestyles. And are we being hit with Change! Carlos Dominguez, the SVP at Cisco, spoke to the profound impact of Web 2.0 and TelePresence [TP] technologies on our business and social lifestyles...
More About: Innovation , Cloud , Lessons

Speaking of Security Podcast #128
2008-11-11 01:00:00
Click to Download/Listen (07:52)In today's Speaking of Security Podcast we're talking to RSA customer, Kurt Roussell, Manager, Revenue Protection at We Energies (a subsidiary of Wisconsin Energy). Kurt discusses his strategies for thwarting identity theft at We Energies and his approach to the new FACTA regulations.

Data Loss Prevention Tools: Friend or Foe?
2008-11-10 01:00:00
I recently visited a customer and we had an in-depth conversation about the use of DLP in a large corporate environment. The customer agreed that the technology surrounding DLP is great and that it would definitely help identify potential rogue employees.  However, the customer also expressed concerns about when is enough…enough.
More About: Tools , Data , Friend , Prevention , Loss

There's just no helping some people
2008-11-06 01:00:00
Even though we're a technology vendor, we always stress that, when considering the robustness of your information security strategy, technology isn't always the answer. It's upon the effective combination of people, process and technology that we must ultimately rely. That's why it pained me when this story appeared in the UK press last weekend...
More About: People

Game on!
2008-11-05 01:00:00
In my last blog, we looked at increasing complexity on the part of both the “good” guys who are building legitimate businesses and on the part of the “bad guys” who are building a “dark network” of sorts that is remarkably like the first.  Today, I’d like to dig into that and look at a system for explaining this; and I thought I’d use the phrase we used playing street hockey in my youth in Canada when the cars cleared the road, and the game got serious again: game on!...
More About: Game

Speaking of Security Podcast #127
2008-11-04 01:00:00
Click to Download/Listen (07:52)It's election day in the US, and today's Speaking of Security Podcast focuses on the notorious breach of Sarah Palin's email account on Yahoo. Satchit Dokras, a Director in RSA's EMC Product Security Office, talks about Palin's exposed email and how all of us can better protect our online accounts.

One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accoun
2008-10-31 01:00:00
The RSA FraudAction Research Lab would like to share its startling findings based on its tracking and research of the Sinowal Trojan , also known as Torpig and Mebroot. Our findings based on the data we have collected on this Trojan over the course of almost three years – including information regarding its design and its infrastructure – indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters. We recently discovered that, dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts...
More About: Gang

Why there's no logging standard -- it's not our fault, mate
2008-10-29 01:00:00
Over the years there have been more attempts at creating a logging standard than I’ve had hot dinners – to borrow a Britishism. No standard has ever really emerged that has caught on. And I bet I’m going to get at least one e-mail that will place the blame squarely at the feet of vendors like us, who make money out of the present chaotic situation. However, the problem runs much deeper than just a lack of will among ourselves and our peers...
More About: Standard , Mate , Fault

Facing Year-End Deadlines for PCI Compliance?
2008-10-29 01:00:00
As I was listening to the review of PCI DSS 1.2 at this year’s annual PCI Community Meeting (click here for a recap of the event), a QSA stepped up to one of the many microphones scattered throughout the audience.  Rather than asking a question, he explained that many midsized merchants have reasonably large and complex environments, yet lack the internal resources required to evaluate, procure and implement the enterprise-class security controls needed for PCI DSS compliance.  The QSA then asked the Council if they would recommend a specific set of actionable technology recommendations to help these organizations in their efforts...
More About: Compliance , Year , Facing

Speaking of Security Podcast #126
2008-10-28 01:00:00
Click to Download/Listen (07:52)At this week's RSA Conferece Europe we released a new survey to track wireless network security in London, Paris and New York. The survey shows strong growth in wireless access points, both corporate and personal, but reveals that many are protected by the now discredited WEP encryption. RSA VP, Sam Curry goes over the numbers in our latest podcast.
More About: Security , Podcast , Speaking