Speaking of Security, the RSA Blog and Podcast

Security When Things Go 'Boom' Part III - Returning to Normal

blog@rsa.com (John McDonald ) — Wed, 01 Jul 2009 00:00:00 GMT

OK, we're in the home stretch - this is the final entry in my 'Security and Disaster Recovery' series. So far we've covered security incidents as disasters, DR for security controls and the security of your DR environment. The last area of consideration is what happens when you need to return to normal operations. The disaster has occurred, you've successfully moved to your DR environment, and things have been humming along. Now the damage to your primary site has been repaired and you're ready to move back - how does this impact security?

The Birth of the Virtual Datacenter Administrator

blog@rsa.com (Nirav Mehta) — Wed, 01 Jul 2009 00:00:00 GMT

I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization's virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note.

The expanding complexity of 'insiders': what you need to take into account

blog@rsa.com (Nicki Wallace) — Tue, 30 Jun 2009 00:00:00 GMT

At the April 2009 RSA Conference, over 500 speakers discussed the most pressing information security issues organizations face today. I was very interested to hear the Carnegie Mellon University Software Engineering Institute (SEI) talking about best practices for mitigating insider threat. (As discussed in my previous blog, this is the aspect of insider risk dealing with insiders who deliberately exploit security vulnerabilities to cause harm or for personal gain.)

ISO-ish

blog@rsa.com (Todd Graham) — Thu, 25 Jun 2009 00:00:00 GMT

The conversation develops with such consistency and regularity I've begun to wonder why I still ask. But I do. Without fail, at every customer I meet I utter the question "do you use any frameworks to help with your governance, risk, and compliance?"

Insider risk and insider threat: what's the difference and why does it matter?

blog@rsa.com (Nicki Wallace) — Tue, 23 Jun 2009 00:00:00 GMT

What does the term 'insider risk' mean to you? Does it make you think about employees sabotaging systems, or stealing confidential information for their own benefit?

Speaking of Security Podcast #151

blog@rsa.com () — Mon, 22 Jun 2009 00:00:00 GMT

Click to Download/Listen

Roland Cloutier, VP and CSO of EMC joins us on this week's Speaking of Security podcast.

Security When Things Go 'Boom' Part II - Securing Your DR Environment

blog@rsa.com (John McDonald) — Thu, 18 Jun 2009 00:00:00 GMT

Sorry for the delay in updating my blog - for some reason Q2 seems to be the event season, and we've been pretty busy here at RSA supporting HIMSS, RSA Conference, MS TecEd, EMC World and a bunch of other events. Anyway, it's time to continue our discussion of the relationships between security and disaster recovery. In this entry we'll take a look at what needs to be considered to ensure your DR environment itself remains secure.

The more things change the more they seem to stay the same. When are we going to learn?!?!?!

blog@rsa.com (Ken Tyminski) — Thu, 11 Jun 2009 00:00:00 GMT

Recently there has been a lot of chatter about how security teams need to get out ahead of the latest technology advances. There is talk about how cloud computing and virtualization are going to take business to new levels and enable new relationships. On top of this social networking is finding its way into the business environment and raising concern that with mounting financial pressures businesses won’t be prepared to address the increased risks these technologies introduce.

The Security Apartheid: The beginning of the end?

blog@rsa.com (Eric Baize) — Tue, 09 Jun 2009 00:00:00 GMT

Security has been notably absent from earlier evolutions in the computing industry. For long, the industry has evolved through two parallel universes: 1) The IT infrastructure universe creating innovative techniques to compute, communicate and store information with little to no security consideration and 2) the IT security universe trying to solve the security problems newly created by IT innovators.

Speaking of Security Podcast #150

blog@rsa.com () — Tue, 09 Jun 2009 00:00:00 GMT

Click to Download/Listen

This week marks the 150th edition of the Speaking of Security podcast. We discuss the recent release of President Obama's 60- day cyber security review and the creation of a "cyber coordinator" position in his administration. We also have news on the 2009 Gartner Magic Quadrant for Security Information and Event Management. RSA/EMC is positioned in the leader's quadrant for the sixth consecutive year.

The Security-aware Cloud

blog@rsa.com (Eric Baize) — Fri, 05 Jun 2009 00:00:00 GMT

To build security into the IT infrastructure demands much more than secure software. It is also about having the IT infrastructure products deliver intrinsic security value as a core capability of the product and fully integrated in terms of management and enforcement with the other non-security related capabilities of that product.

PCI Certified Products???

blog@rsa.com (Brad Davenport ) — Tue, 02 Jun 2009 00:00:00 GMT

Recently, I’ve been receiving inquiries from customers, asking if a certain product is PCI DSS “compliant,” “certified,” or “validated”.

Generational Conflict, Security and an "Information Bill of Rights"

blog@rsa.com (Sam Curry) — Mon, 01 Jun 2009 00:00:00 GMT

In my college days, I would go into the wonderful old mills of UMass Lowell. I remember seeing signs on the walls that were old and, I suppose, historical pieces. One of them always struck me: it said “no singing, eating or dancing.”

Speaking of Security Podcast #149

blog@rsa.com () — Tue, 26 May 2009 00:00:00 GMT

Click to Download/Listen (11:05)

This week's Speaking of Security podcast features a discussion on securing personally identifiable information with Jon Oltsik, Principal Analyst for Enterprise Strategy Group.

There Is No Spoon

blog@rsa.com (Todd Graham) — Tue, 26 May 2009 00:00:00 GMT

Over the last 12 months we’ve been hearing more and more from our customers about Governance, Risk, and Compliance (commonly known under the acronym “GRC”). Sam Curry began to dive into the subject with his blog entry Will the Real GRC Please Stand Up? and did a great job of summarizing the emerging attitudes from some of the market analysts.

Nothing Can Come of Nothing

blog@rsa.com (Sam Curry) — Fri, 22 May 2009 00:00:00 GMT

Two things amuse me when they are misunderstood in security, and they really are axioms of the industry. Folks involved in security should know and think about these two principles, and part of me is putting this out there in the hope that folks will take issue with this!

Conspiracy Theory

blog@rsa.com (Uri Rivner) — Wed, 20 May 2009 00:00:00 GMT

Don't you just love conspiracy theories? Here's a new one for you.

April 21, 2009: F35 Fighter Jet Program Breached

The Wall Street Journal reported a data breach in the F35 Joint Strike Fighter Jet program. According to the report, someone allegedly hacked into one of the program's databases – perhaps run by a third party involved in the project – and siphoned off an unknown amount of sensitive information. The breach was apparently in an area connected to the Internet and databases segregated from the Web were not affected.

Little Orange Line – Breaking Out of the Zero Sum Security Curve

blog@rsa.com (Sam Curry) — Wed, 20 May 2009 00:00:00 GMT

I went to Courion’s Converge conference, where they bring their customers together to share wisdom around Identity Management and tips-and-tricks and the like – this is a lot like the early spirit of the EMC World and in fact like many user groups.

Speaking of Security Podcast #148

blog@rsa.com () — Mon, 18 May 2009 00:00:00 GMT

Click to Download/Listen (7:15)

This week's Speaking of Security podcast features a topical discussion on business continuity planning. Recent global concerns regarding a potential Swine Flu pandemic have organizations looking at possible operational and business disruptions. Sam Curry, VP of Product Management for RSA is our guest.

A Security Engineering Training Framework

blog@rsa.com (Eric Baize) — Tue, 12 May 2009 00:00:00 GMT

If there is one topic on which most security practitioners agree, it is the fact that employee training must be part of your organization’s security strategy.

Speaking of Security Podcast #147

blog@rsa.com () — Mon, 11 May 2009 00:00:00 GMT

Click to Download/Listen (14:00)

This week's Speaking of Security podcast presents a lively conversation with Shannon Kellogg, Director of Information Security Policy for EMC's Office of Government Relations on security related activity in Washington, DC.

Ground-Up SharePoint Governance

blog@rsa.com (Dave Howell) — Mon, 11 May 2009 00:00:00 GMT

In case you hadn't noticed, SharePoint is everywhere (a bit like pig flu hysteria). It's a great success story for Microsoft, and the release of MOSS 2007 added a ton of features that inspired businesses to either roll out the platform or upgrade. Once SharePoint is made available, there is no turning back... good luck wrestling a site out of the hands of a department that's come to rely on it.

Mr. President, it's Time to Make Cyber Security a National Priority

blog@rsa.com (Shannon Kellogg ) — Mon, 11 May 2009 00:00:00 GMT

It is vitally important to national security and economic security that President Barak Obama fulfills a pledge that he made on the campaign trail concerning the security of our nation’s information infrastructure. During the 2008 presidential campaign, Mr. Obama compared cyber security threats with other 21st century national security challenges such as biological and nuclear weapons. He said at the time that he would declare the country’s critical infrastructure a national asset and that he would appoint a cyber advisor that would report directly to him.

Will the Real GRC Please Stand Up?

blog@rsa.com (Sam Curry) — Tue, 05 May 2009 00:00:00 GMT

Ok – I have to say that I am getting pretty tired of GRC as an abused acronym. This is Governance, Risk and Compliance for the very few of you who haven't had the good fortune to see it actually spelled out; or "Grick" if you haven't had the opportunity of hearing someone pronounce an acronym without a vowel in it.

Remote Access Critical in Contingency Planning

blog@rsa.com (Sam Curry ) — Mon, 04 May 2009 00:00:00 GMT

I have seen an interesting phenomenon in the last 24 hours: a lot of folks are calling and asking for sudden, urgent help with remote access. The cause is apparently related to Swine Flu, but the root cause is both a fear for real people in our companies and a concern about maintaining business functions in a time of doubt, worry and fear.

What is RSA Anyway?

blog@rsa.com (Sam Curry ) — Wed, 29 Apr 2009 00:00:00 GMT

At the RSA Conference, I was asked a lot about what we “are” as the security division of EMC. I think I’ve come up with a pretty clean and clear way to answer that in a few simple statements.

Speaking of Security Podcast #146

blog@rsa.com () — Tue, 28 Apr 2009 00:00:00 GMT

Click to Download/Listen (8:37)

On this week's podcast, Forrester's Rob Koplowitz talks about the growth of Microsoft SharePoint in enterprises and the importance of putting governance around SharePoint as the platform becomes more strategic to companies.

RSA Answers the Call To Arms

blog@rsa.com (Sam Curry) — Mon, 27 Apr 2009 00:00:00 GMT

In Art’s keynote last week at RSA Conference, he made a clear call to the industry. We have to be more organized, more coordinated and more collaborative than either the enemy or than the industry has a history of being. Art had three calls to action:

Integrate and Interoperate
Create and Adopt Standards
Share Technology

Who is the Man in the Middle?

blog@rsa.com (Sam Curry) — Mon, 27 Apr 2009 00:00:00 GMT

So, at RSA Conference, I think I met the actual Man-in-the-Middle. He was pretty tall and was smoking a cigar outside the Moscone center. He was hanging out with a sort of shady-looking guy with a nondescript accent, covered in tattoos. This man was the actual Man-in-the-Browser.

The Goby and the Shrimp

blog@rsa.com (Nirav Mehta) — Thu, 23 Apr 2009 00:00:00 GMT

What if virtualization makes security more effective and eficient?
What if virtualization actually reduces the cost of security?

The relationship between virtualization and security is indeed symbiotic. It reminds me of the endearing mutualism between the goby fish and the pistol shrimp.

What do RSA's Announcements at Conference mean for Europe?

blog@rsa.com (Andrew Moloney) — Thu, 23 Apr 2009 00:00:00 GMT

RSA Conference in San Francisco is unusually “hot” this week. With temperatures reaching record highs outdoors, in the second of my posts from Conference, I thought I’d take shelter inside and consider the announcements delivered by RSA at the show, and specifically my thoughts on their impact for us over in EMEA.

PCI Compliance and Virtualization: Feedback from QSAs

blog@rsa.com (Brad Davenport) — Wed, 22 Apr 2009 00:00:00 GMT

So the RSA Conference is off to great start. It’s definitely one of my favorite times of the year given the tremendous amount of information security interest and expertise in one place.

RSA Conference 2009: An EMEA Perspective

blog@rsa.com (Andrew Moloney) — Wed, 22 Apr 2009 00:00:00 GMT

Greetings from RSA Conference 2009 in San Francisco. As the only RSA blogger currently based in Europe, I’ve given myself the challenge of trying to use my blog to bring a EMEA perspective to the thoughts, themes and announcements from this year’s show.

Learning lessons (at RSA Conference) the easy way

blog@rsa.com (Sam Curry ) — Wed, 22 Apr 2009 00:00:00 GMT

On Monday April 20th, I had the pleasure of speaking at and taking part in two forums: "Harnessing the Power of Digital Identity: 2009 and the Promising Road Ahead" sponsored by Project Concordia and the Liberty Alliance, and the RSA Conference eFraudNetwork Forum.

Why is Risk-Based, Adaptive Authentication so Important in Providing Choice?

blog@rsa.com (Sam Curry) — Tue, 21 Apr 2009 00:00:00 GMT

Consider two gunslingers – we’ve all seen this one on TV and in the movies. One has his gun drawn, the other has a gun in his holster. Some witty dialog ensues. Eventually, the one with his gun in his holster goes for the draw…and gets shot and dies.

The RSA Share Project: A Software Security Developer Community

blog@rsa.com (Eric Baize) — Tue, 21 Apr 2009 00:00:00 GMT

This week, RSA, the Security Division of EMC, launched the RSA Share Project -- an important milestone for those of us interested in advancing the adoption of security practices across the software developer community. According to the press release, the project is “designed to bring world-class security tools within reach of corporate and independent software developers” and “features the launch of a new online community designed to provide support, answers and strategies from security experts as well as no-cost access to technology from RSA”.

Speaking of Security Podcast #145

blog@rsa.com () — Tue, 21 Apr 2009 00:00:00 GMT

Click to Download/Listen (7:06)

The Speaking of Security Podcast is providing extensive coverage of RSA news during RSA Conference week. We will be presenting two podcasts. The first is an overview of all the product and solution announcements made by RSA this week. The second (featured here) is a podcast discussing an addition to the authentcation solution portfolio.

Speaking of Security Podcast #144

blog@rsa.com () — Mon, 20 Apr 2009 00:00:00 GMT

Click to Download/Listen (6:49)

The Speaking of Security Podcast is providing extensive coverage of RSA news during RSA Conference week. We will be presenting two podcasts. The first (featured here) is an overview of all the product and solution announcements made by RSA this week. The second is a podcast discussing an addition to the authentcation solution portfolio.

Tetraktys: A Cryptographic Thriller Novel

blog@rsa.com (Dr. Ari Juels) — Mon, 20 Apr 2009 00:00:00 GMT

My cryptographic thriller novel Tetraktys is slated for official release in July. My publisher is launching it this week, however, in a pre-release event at the RSA Conference.

The Downfall of Chao: Behind the Scenes of an Online Fraudster's Arrest

blog@rsa.com (Uri Rivner) — Mon, 20 Apr 2009 00:00:00 GMT

When Chao was arrested in September 2008, something in the veil of anonymity surrounding cyber crime was lifted. This blog will reveal previously undisclosed information regarding this case.

The Greatest Internet Generation...or Threat 2.0?

blog@rsa.com (Sam Curry) — Mon, 20 Apr 2009 00:00:00 GMT

On the plane out to RSA Conference this weekend, I thought about some not-so-obvious results of the recent economic downturn. I was watching a movie that involved WWII and the effect of de-mobilization on the U.S. economy in post-war years. This is a positive example of what a large group of organized, motivated people can do: what Tom Brokaw termed “the greatest generation”

"My software is secure, I use encryption!"

blog@rsa.com (Eric Baize) — Fri, 17 Apr 2009 00:00:00 GMT

“My software is secure, I use encryption!” How many times have we, software security practitioners, heard this when engaging with software development teams?

PCI DSS Compliance and Virtualization: Guidance Needed

blog@rsa.com (Brad Davenport) — Thu, 16 Apr 2009 00:00:00 GMT

Earlier this week, I was meeting with a customer, discussing how some of their strategic IT projects they are undertaking in 2009 would impact their efforts around PCI DSS compliance. This customer is a manufacturer for the consumer market and is classified as a Level 1 Merchant. Like many organizations in today’s environment, their overarching goal in 2009 is “doing more with less.”

Not with a whimper but with a bang*

blog@rsa.com (Sam Curry) — Wed, 15 Apr 2009 00:00:00 GMT

We’ve had a lot of activity at RSA around hosted services, and the tremendous potential of things like Virtualization and Cloud Computing have naturally come up given the EMC and VMware emphasis on these subjects. Some of the recent activity has come in wake of a spike in interest in the financial services vertical specifically for the SaaS version of RSA Adaptive Authentication, which continues to experience a growth in interest in the past few quarters.

DLP and Voodoo Metrics

blog@rsa.com (Katie Curtin-Mestre) — Mon, 13 Apr 2009 00:00:00 GMT

About two weeks, I had the opportunity to deliver a keynote at the CSO Executive Seminar Series on DLP. After my “15 minutes of fame”, I had the opportunity to sit in on one of the DLP talks from one of the other vendors. The speaker shared a Ginormiacous (free drinks from me at RSA Conference for the first person to correctly identify this cultural reference) quantity of data that drove home the point that a lot of sensitive data is getting lost and that this is costing organizations lots of money.

Speaking of Security Podcast #143

blog@rsa.com () — Tue, 07 Apr 2009 00:00:00 GMT

Click to Download/Listen (7:42)

This week's Speaking of Security podcast features Part Two of a discussion on the latest online fraud trends.

A Recipe for a Successful Software Security Assurance Initiative

blog@rsa.com (Eric Baize) — Tue, 07 Apr 2009 00:00:00 GMT

Having the responsibility for securing a portfolio of more than 100 products, I have dealt with thousands of engineers, product managers and other stakeholders across EMC and RSA to get them to adopt security development best practices.

Security When Things Go 'Boom' - DR for Security Controls

blog@rsa.com (John McDonald ) — Mon, 06 Apr 2009 00:00:00 GMT

In the previous two installments of my blog we discussed some of the considerations when evaluating security in the context of disaster recovery, and drilled down a bit into the specific area of security as a disaster. Now let’s look at another aspect of the relationship between security and disaster recovery (DR) - making sure your security controls are available when a disaster occurs.

Should PCI Standards Be Scrapped?

blog@rsa.com (Shannon Kellogg) — Wed, 01 Apr 2009 00:00:00 GMT

The heightened focus on cyber security and cyber crime issues in Washington, D.C. continued today with a hearing in the House of Representatives Homeland Security Committee. Entitled “Do the Payment Card Industry Data Standards Reduce Cybercrime,” the hearing was convened by the Subcommittee on Emerging Threats, Cyber Security, and Science and Technology, which is chaired by U.S. Rep. Yvette Clarke (D-NY).

Speaking of Security Podcast #142

blog@rsa.com (Podcast Producers) — Wed, 01 Apr 2009 00:00:00 GMT

Click to Download/Listen (11:00)

This week's Speaking of Security podcast features a discussion of the latest online fraud issues and trends.

Understanding the Crowd Part II: You Must Think Like a Thief

blog@rsa.com (Sam Curry) — Thu, 26 Mar 2009 00:00:00 GMT

At the end of my last blog entitled Understanding the Crowd: To Catch a Thief (Part I) posted on March 23rd, I referred to a formula that Amrit Williams and I have created for assessing the likelihood of a given method of security attack’s launch over the Internet and the relative probability that an exploit will occur.

Understanding the Crowd: To Catch a Thief (Part I)

blog@rsa.com (Sam Curry) — Mon, 23 Mar 2009 00:00:00 GMT

Last week, Amrit Williams and I presented the results of our research paper at SOURCE Conference that we’ve been working on and thinking about for over a decade now. It started when I did Malware research at a previous company, and watching the ebb and flow of malware (and the related FUD). This reminded me of watching the tide rise on a shore, or perhaps a slightly more intelligent phenomenon like the movement of a flock of birds or a school of fish. We’ve all seen flocks of birds, and the sudden changes come about that cause a curtain-like ripple throughout the flock. I couldn’t escape the feeling that there was a pattern here among the samples that could be both modeled and predicted.

What Cisco's UCS means to RSA

blog@rsa.com (Paul Stamp) — Tue, 17 Mar 2009 00:00:00 GMT

So Cisco launched their Unified Computing System this morning. This has some big implications for EMC, and Chuck Hollis has gone into great detail on this. In a nutshell, Unified Computing System looks to create a single, virtualized architecture for the data center, managed from top to bottom by a single set of tools. Sounds cool, eh? But what does that mean for us lowly security folks?

Speaking of Security Podcast #141

blog@rsa.com () — Tue, 17 Mar 2009 00:00:00 GMT

Click to Download/Listen (9:50)

This week's Speaking of Security podcast features an update from Washington, DC on cyber security issues and pending legislation.

PCI Compliance: SIEM

blog@rsa.com (Brad Davenport) — Mon, 09 Mar 2009 00:00:00 GMT

During a recent customer meeting, I was asked to highlight key capabilities necessary to satisfy PCI’s Security Information and Event Management (SEIM) requirements. I explained to the customer that if their goal was merely to meet PCI Requirement 10, the solution used here – either purchased, outsourced or home grown – must posses a modest set of baseline capabilities. Some of these include enabling audit trails, reconstructing simple events, and securely storing audit trails for at least a year.

Speaking of Security Podcast #140

blog@rsa.com () — Mon, 09 Mar 2009 00:00:00 GMT

Click to Download/Listen (7:23)

The week's Speaking of Security podcast discusses the release of RSA enVision 4.0, the premier platform for Secuity Information and Event Management/Log Management.

enVision 4.0 goes live

blog@rsa.com (Paul Stamp) — Fri, 06 Mar 2009 00:00:00 GMT

We’re pretty pumped here at RSA, since today we’re releasing our latest and greatest version of RSA enVision.

RSA enVision 4.0 has some really cool new features, and should be a boon for anyone trying to get a better handle on using log data to deal with any bad stuff that may be going on in their IT environment.

PCI Compliance: A Prioritized Approach

blog@rsa.com (Brad Davenport) — Wed, 04 Mar 2009 00:00:00 GMT

On March 3, 2009 the PCI Security Standards Council announced a new resource to promote adoption of the PCI DSS. According to the Council, the “Prioritized Approach” provides six security milestones that will help merchants and other organizations incrementally protect against the highest risk factors and escalating threats while on the road to PCI DSS compliance. As I previously mentioned, this announcement has been anticipated since the 2008 Council Meetings.

Using a SIEM to identify the really important stuff

blog@rsa.com (Paul Stamp) — Mon, 02 Mar 2009 00:00:00 GMT

Many people buy a SIEM system looking for a tool that will spot things they might not on their own, or things that a single data source might not. Here’s an example of correlation that will work - given the right input, an analytic engine and some expert knowledge.

Speaking of Security Podcast #139

blog@rsa.com (Podcast Producers) — Mon, 23 Feb 2009 00:00:00 GMT

Click to Download/Listen (7:29)

RSA Conference '09 is fast approaching. This week's Speaking of Security podcast provides an update on what to expect at this year's event.

Fraudsters Exploit eCommerce Website to Check if Stolen Credit Cards are Valid

blog@rsa.com (RSA FraudAction Research Lab) — Mon, 23 Feb 2009 00:00:00 GMT

The RSA FraudAction Research Lab has recently traced a new tool designed by criminals that validates compromised payment cards (e.g. credit cards) that are illegally obtained through the underground fraud supply chain. Fraudsters usually test the viability of illegally obtained payment cards before they are used, and to this end, they use a variety of "card checkers" – which are fraudster services or tools that enable them to check the accuracy of compromised payment card data.

Speaking of Security Podcast #138

blog@rsa.com () — Tue, 10 Feb 2009 00:00:00 GMT

Click to Download/Listen (8:37)

This week's Speaking of Security podcast features a discussion with Roland Cloutier, VP and CSO of EMC on the release of the new Security for Business Innovation Council report examing the information security challenges created by the current economic crisis.

PCI Compliance: The end game or just a starting point?

blog@rsa.com (Brad Davenport) — Mon, 09 Feb 2009 00:00:00 GMT

As I am sure many of you have heard, Heartland Payment Systems recently disclosed that it suffered a credit and debit card data breach in 2008. At this point, little is known beyond the announcement that “after being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter...

There's No Business Like Snow Business

blog@rsa.com (Andrew Moloney) — Thu, 05 Feb 2009 00:00:00 GMT

For those of you who live in colder climes you must have had a little chuckle to yourselves watching us over here in the UK trying to deal with a few inches of snow recently! The transport network pretty much ground to a halt, the Federation of Small Businesses estimated that 20% of the UK's working population, or 6.4 million people, around the country would not make it to work.

Speaking of Security Podcast #137

blog@rsa.com () — Tue, 03 Feb 2009 00:00:00 GMT

Click to Download/Listen (8:45)

This week RSA takes a deeper look into the RSA/Microsoft partnership and explores how the value of building security into business applications can create flexible, consistent and adaptable information security for today's organizations.

Skip Hindsight, Prepare Ahead of Time

blog@rsa.com (Charlotte Breen) — Fri, 30 Jan 2009 00:00:00 GMT

When dealing with Data Loss Prevention (DLP) issues, much has been made of the very real importance of true positives and false positives. As important as these are, less quantifiable is the status of false negatives, or those elements that should have been caught by software, but for some reason or another are not. This false negative element exists in all fields of knowledge work: it’s the element “not considered.” Or, to paraphrase a former Secretary of Defense, it’s the “we don’t know what we don’t know.”

Why content is king when it comes to SIEM

blog@rsa.com (Paul Stamp) — Wed, 28 Jan 2009 00:00:00 GMT

There are two big parts to a SIEM or log management system. Both are really important - but most people choosing a SIEM have a tendency to look carefully at one while giving the other scant attention.

Speaking of Security Podcast #136

blog@rsa.com () — Tue, 27 Jan 2009 00:00:00 GMT

Click to Download/Listen (9:38)

Ari Juels from RSA Labs has written a new suspense novel that presents a collision between ideas in the world of cryptology and the world of ancient Greece. Hear all about it on this week's Speaking of Security podcast.

Speaking of Security Podcast #135

blog@rsa.com (Podcast Producers) — Mon, 19 Jan 2009 00:00:00 GMT

Click to Download/Listen (10:08)

This week's Speaking of Security podcast features a discussion on data protection and security event management issues with a principal from Deloitte & Touche, one of RSA's key alliance partners.

The three big buckets of compliance, and why SIEM is important to all of them

blog@rsa.com (Paul Stamp) — Mon, 12 Jan 2009 00:00:00 GMT

Too often we vendors go to clients and talk about compliance, and then throw up a slide showing an alphabet soup of regulations and standards, with no context about what they mean or how their product can help. Not only is it confusing, it shows a lack of understanding to customers, who are generally well educated about what these regulations and standards mean. I know this is basic stuff, but it's useful to recap once in a while.

Online Fraudsters Prey Upon the Media and Public Interest in Current Events to Launch "Cease-Fire Trojan Attack"

blog@rsa.com (RSA FraudAction Research Lab ) — Thu, 08 Jan 2009 00:00:00 GMT

Yesterday morning, the RSA FraudAction Research Lab discovered a social engineering scam designed to lure people, via an email spam attack, to a fake news website designed to look like CNN.com. This “Cease-Fire Trojan Attack” attempts to bait readers leveraging recent news and “graphic and striking” images regarding the Israel-Hamas conflict in Gaza. Today, RSA is initiating the shutdown process to take down this attack.

PCI Compliance: Customer's frequently asked questions

blog@rsa.com (Brad Davenport ) — Wed, 07 Jan 2009 00:00:00 GMT

Over the past few weeks multiple merchants, banks and service providers have asked me the following three questions. Since there seems to be some confusion, I figured I’d post a short FAQ...

Speaking of Security Podcast #134

blog@rsa.com () — Wed, 07 Jan 2009 00:00:00 GMT

Click to Download/Listen (10:26)

The first Speaking of Security podcast of 2009 features Jon Oltsik from the Enterprise Strategy Group. Jon shares his perspective on trends in information security for the new year.

New Phishing Kits Hit the Market: Trojan HTML Injections Now for Sale

blog@rsa.com (RSA FraudAction Research Lab) — Tue, 06 Jan 2009 00:00:00 GMT

The economic lifecycle of the underground fraud community functions very similarly to the world of legitimate business. Online fraudsters have supply chains, third-party outsourcers, vendors, and online forums where people with skills and people with opportunities to commit fraud can find each other. The underground fraud supply chain is becoming more technically and operationally sophisticated, and we’ve coined this “Fraud-as-a-Service” or “FaaS”. FaaS consists of services for advanced hosting, Trojan infection kits and cashout services – all for sale within the fraudster underground.

Taking the Pain out of Secret Writing

blog@rsa.com (John McDonald) — Mon, 05 Jan 2009 00:00:00 GMT

Encryption is one security control that's showing up a lot more frequently these days; in many cases the choice to implement encryption isn't optional. PCI requires it, state PII protection laws are starting to demand it, and many other government and industry regulations imply it as a requirement. The other thing that's changing the way we look at encryption is that it's becoming ubiquitous - many of the hardware and software products we buy that touch information now have encryption built in. All of these factors are combining to make encryption one of the fastest growing areas of security. So what's the downside?

Five Steps Congress May Take on Information Security in 2009

blog@rsa.com (Shannon Kellogg) — Mon, 05 Jan 2009 00:00:00 GMT

Well, it’s that time of year again: lots of prognosticators making predictions for 2009 as they take a look at 2008 in the rearview mirror and try to figure out what’s in front of us in the New Year. So, I’ll join the legions of IT experts guessing what may be in store in the coming months as we raise our glasses to 08 and toast 09 with anticipation, hope and given the current economic climate, with consternation as well. Since I am a creature of Washington and have the opportunity to work with the U.S. Congress, I’ll focus on what steps we might expect our national legislature to take in 2009 as it relates to information security and privacy issues.

A Real New Year's Hash

blog@rsa.com (Sam Curry) — Thu, 01 Jan 2009 00:00:00 GMT

The New Year has just arrived and I'm reminded how, globally, we are all connected in ways that would have been impossible 20 years ago: it's almost hackneyed to say it again, but thanks to an amazing combination of infrastructure and technology, we can live, work and play from Mumbai to London and from Tokyo to New York City as one world in real-time. Of course, a lot of this is dependent on some of the basic building blocks we use being sound, and in the last few days one of these building blocks has come under attack: MD5 is on its last legs as a tool in the cryptographic toolbox.

Locard's Exchange Principle, Applied to eCrime

blog@rsa.com (Sam Curry) — Mon, 22 Dec 2008 00:00:00 GMT

I love crime shows: Law & Order SVU, Inspector Morse, CSI:, the occasional episode of Monk, and others. (OK – I’ll admit I like some of these for the drama as well!). I also love a really good “Who Dunnit?” novel – usually with a good twist or two, of which Jeffrey Deaver is quite the modern master.

Securing Your Enterprise in an Insecure Economy

blog@rsa.com (Sarah Hamilton) — Mon, 22 Dec 2008 00:00:00 GMT

As companies everywhere seek to reduce capital and operational expenses in a troubled economy, they ask themselves, How can we spend as little as necessary today to minimize additional costs throughout the next year? IT and security professionals relate to this as their goal is to never have to withdraw from the Contingency Reserves (or similar) budget item. Contingency Reserves is finance-speak for the allocation you must set aside to accommodate potential financial ramifications resulting from IT security breaches. These breaches occur when sensitive information leaks into the wrong hands, most frequently as a result of inadvertent internal error.

PCI DSS: How to Do More With Less

blog@rsa.com (Brad Davenport) — Thu, 18 Dec 2008 00:00:00 GMT

My colleague, Paul Stamp, recently shared his thoughts on the global economic downturn and the fact that it is making many organizations concerned that their IT security budgets will be cut. Echoing Paul’s observations, almost all the customers I’ve spoken with have not seen their PCI budgets cut, but that is not to say they aren’t concerned. Many have expressed a desire to stretch their dollars further, asking the question, “When it comes to PCI and my other security and compliance initiatives, how can I do more with less?”

Speaking of Security Podcast #133

blog@rsa.com () — Wed, 17 Dec 2008 00:00:00 GMT

Click to Download/Listen (15:01)

This week's Speaking of Security podcast features part two of an interesting discussion with Uri Rivner, Head of New Technologies for RSA. Uri talks about what organizations can do to combat fraudsters. Through a layered security approach, organizations can stay one step ahead to mitigate the risk of fraudsters targeting their business.

Budgets seem to be holding up, but more justification needed

blog@rsa.com (Paul Stamp) — Thu, 11 Dec 2008 00:00:00 GMT

Also at the IANS conference, we talked extensively about enterprises' budgets. Apart from a few notable exceptions, most agreed that budgets hadn't been significantly cut...yet. It stands to reason – nobody buys security because it’s cool, or because they have extra cash in their pockets. On the other hand, few thought their budgets’ were immune to being cut in the near future either, though. Either way, just about everyone was finding that they needed extra justification for their security purchases.

Asking the Right Questions When Implementing a Data Loss Prevention Policy

blog@rsa.com (Meena Raju) — Wed, 10 Dec 2008 00:00:00 GMT

Okay, raise your hand if you are scared of the word “policy.” Policy is sometimes an overused word that sounds simpler than the complex thing it actually is, and if not properly thought out, can be a headache to implement. RSA’s Information Policy and Classification team spends a lot of time focusing on the accuracy of Data Loss Prevention (DLP) policies. This week, we’re giving some hints for success and best practices that we’ve learned by working with both early adopters and some of the world’s largest companies. We know from experience that you can have the most accurate policy and it still may not be the right policy for your organization. Here’s how to figure it out...

Where did my vendor go?

blog@rsa.com (Paul Stamp ) — Tue, 09 Dec 2008 00:00:00 GMT

I had the pleasure of attending the Institute of Applied Network Security (IANS) conference in San Francisco last week. For anyone not familiar with this organization, they’re a peer to peer research organization where security practitioners come together to talk about the issues du jour. It’s a real good way for us vendors to get a pulse on what people are worried about, and what they think about what we’re doing to support them.

Speaking of Security Podcast #132

blog@rsa.com () — Tue, 09 Dec 2008 00:00:00 GMT

Click to Download/Listen (11:13)

This week's Speaking of Security podcast features a preview of the latest edition of Vantage, RSA's magazine on information security news and trends and the first segment of a two-part discussion on how the fraudster underground operates much the same as real-world businesses. Uri Rivner, Head of New Technologies at RSA is our guest.

Securing Cyberspace for the 44th Presidency - An Introduction to the Commission

blog@rsa.com (Shannon Kellogg) — Mon, 08 Dec 2008 00:00:00 GMT

Later today the final report of the CSIS Commission for the 44th Presidency will be officially released on Capitol Hill in Washington, D.C. The co-chairs of the Commission are: U.S. Representatives Jim Langevin (Democrat, Rhode Island) and Michael McCaul (Republican, Texas), and senior industry executives Scott Charney of Microsoft and retired Air Force Lt. General Harry Raduege of Deloitte.

The Dreaded "C" Word

blog@rsa.com (Katie Curtin-Mestre) — Thu, 04 Dec 2008 00:00:00 GMT

Let’s face it. The “C” word, commoditization, is a word that those of us in the IT community both love and hate. We hate it when the “C” word is applied to the products that we offer, but at the same time we secretly hope that someone else’s products will be commoditized so that customers will have more of their budget to spend on our wares.

Speaking of Security Podcast #131

blog@rsa.com () — Wed, 03 Dec 2008 00:00:00 GMT

Click to Download/Listen (08:21)

Social engineering is the art of manipulating people into performing actions or divulging confidential information. This week's Speaking of Security podcast features a discussion on this topic with a leading expert on security and terrorism.

Make Sure to Cover Your SaaS

blog@rsa.com (Will Redfield ) — Tue, 02 Dec 2008 00:00:00 GMT

Software as a Service (SaaS) on-demand applications are single-instance multi-tenant applications which are centrally and professionally managed and delivered as a service over the internet. SaaS customers use the same application engine which is partitioned into separate customer access accounts. These accounts may be set-up differently but the core application engine is the same platform that every other customer has access to.

Focussing on FUD - What a waste of an opportunity to realise efficiency gains!

blog@rsa.com (Andrew Moloney) — Tue, 02 Dec 2008 00:00:00 GMT

I had the pleasure of presenting at the EMC EMEA Analysts meeting this week. Some people hate talking to gatherings like this, because unlike most audiences they tend to be much less reticent in providing contrary views to those which you are presenting – often right there in the middle of your pitch, having the potential (on a really bad day!) to really derail you from the point you wished to make and generally to put you on the back foot.

What You Don't Know CAN Hurt You!

blog@rsa.com (John McDonald ) — Mon, 01 Dec 2008 00:00:00 GMT

Here's a quick quiz for all of you security professionals out there:

1. What's a 'SAN'?
2. What's a 'LUN' on a Fiberchannel SAN?
3. What are the differences between iSCSI, NAS and Fiberchannel SANs?
4. How does data de-duplication work?
5. What are the different types of 'stores' supported by Microsoft Exchange?

Speaking of Security Podcast #130

blog@rsa.com () — Mon, 24 Nov 2008 00:00:00 GMT

Click to Download/Listen (08:53)

Now that the 2008 US Presidential and Congressional elections are behind us, what can we expect from the new Administration and the 111th Congress on Cyber Security? The Speaking of Security podcast has a report direct from Washington, DC.

Big Bank Does Well Financially—Really!

blog@rsa.com (Satchit Dokras ) — Fri, 21 Nov 2008 00:00:00 GMT

What a refreshing conversation it was—a Global 100 bank’s senior IT executive was gushing on how he was in the money. No, really! And even better, amidst today’s financial fiascos, he had selected to tell me about how he was financially ahead by deploying some state-of-art security solutions.

Fraudsters Have Had a Rough Month

blog@rsa.com (Uri Rivner) — Tue, 18 Nov 2008 00:00:00 GMT

I attended RSA Conference Europe late last month, which – as always – is an amazing event. The theme of the Conference was focused on Alan Turing, who is often called the father of modern computer science. One particular perk at the venue was the public display of the Enigma machine – believed by the German forces during WWII to be impenetrable.

PCI Compliance: Visa Announces Global Deadlines

blog@rsa.com (Brad Davenport) — Tue, 18 Nov 2008 00:00:00 GMT

In response to the complex and global threats faced by the cardholder ecosystem, Visa Inc recently announced worldwide deadlines for PCI DSS Compliance. "Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."

Speaking of Security Podcast #129

blog@rsa.com (Podcast Producers) — Mon, 17 Nov 2008 00:00:00 GMT

Click to Download/Listen (08:34)

This week's Speaking of Security podcast features an on-the-scene report from the Gartner Identity and Access Management Summit, one of the key shows on the security event calendar. The Summit was held last week in Orlando, Florida.

Events per Second – the difference between a target and an assurance

blog@rsa.com (Paul Stamp) — Mon, 17 Nov 2008 00:00:00 GMT

We’ve been getting a good few questions recently about how many Events Per Second a SIEM product support. Well, that depends on a few factors:

The transport – processing Syslog events takes up a heck of a lot less processing power than collecting from a Windows box. Same with collecting data over an ODBC connection.

RSA® BSAFE® — Security A Billion Times Over

blog@rsa.com (Satchit Dokras) — Sun, 16 Nov 2008 00:00:00 GMT

RSA has marked a McDonald’s-like landmark, quietly— over one billion applications and devices are now embedded with RSA ® BSAFE® security software. No numbers changed under ubiquitous golden arches to mark this monumental achievement, but it did get me thinking on how deep an impact RSA BSAFE has had in the broad industry sectors as well as at EMC in particular…

What should we expect from the Obama Administration and the 111th Congress on Cyber Security?

blog@rsa.com (Shannon Kellogg) — Fri, 14 Nov 2008 00:00:00 GMT

Given the seriousness of the financial crisis, growing job losses and the continued meltdown of global stock markets, it’s hard to imagine that the incoming Obama Administration or new U.S. Congress will be able to focus on much else during the first several months of 2009. When they do tackle other issues, healthcare reform, tax policy and energy policy are likely to emerge at the top along with national security priorities. Not to mention that many FY2009 spending bills still need to be approved by Congress and signed by the President as well, although that is expected to happen by March 2009 at the latest.

So where does this leave cyber security issues?

Innovation In Security--Lessons from TelePresence and Cloud

blog@rsa.com (Satchit Dokras) — Wed, 12 Nov 2008 00:00:00 GMT

Innovation in Security is a theme that we at EMC and RSA strongly believe in— it was central to my keynote speech at the NCA Security and Technology Conference in Seattle on the 29th of October. Yet, as the day progressed, I could not help but think of how extensively we need to innovate in our security deployments, to enable vibrant new information exchange capabilities, and to sustain the rapid changes in our information-centric lifestyles.

And are we being hit with Change!
Carlos Dominguez, the SVP at Cisco, spoke to the profound impact of Web 2.0 and TelePresence [TP] technologies on our business and social lifestyles...