"One big area for us was looking at everything that is external facing and what types of examination should that have in terms of our attack surface. Another area we looked at is how we're doing authentication, have we implemented risk-based authentication across the board and where can we infuse that further into the process?"
He also sought to aggressively enforce segmentation, deciding which data could be lumped together and which should be kept separate. "This has been a great thing for us in terms of looking at how to quickly implement areas of control," Schwartz added.
Another successful attack would be nothing short of catastrophic.
Training has been key. The 2011 breach started when an employee opened an Excel document in an email, not realising it would open up their machine to infection. Worker training has now gone much deeper, according to the CSO, with more innovative methods tested out.
"There are techniques that are more invasive, more aggressive, where if you do well I'll reward you, but if you don't I'll make a public spectacle of you in some way," Schwartz said. "The point is, is that there are innovative ways to do that."
RSA will want to keep a close eye on its supply chain too. The hackers behind the 2011 hit did not want saleable data from the security firm, but was after the keys to others' infrastructure, most notably that of US government contractor Lockheed Martin. RSA won't want to fall thanks to partner insecurities and Schwartz said the company was reviewing what best practices should be in relation to supply chain.
"We're talking to others that are doing it as well and asking what else can we do to get even deeper visibility in the process," he said. "When you're a global entity like EMC, there are certain places where you do things where it is very easy to gain visibility, but there are other parts of the world where it becomes tougher to get that level of assurance.
"We're looking at where the risk is, where we have a lot of assurance and visibility and where maybe we need to deal with things either at the contractual level, the surveillance level or testing level."
Here's hoping Schwartz can help RSA avoid any further embarrassment. Another successful attack would be nothing short of catastrophic.
There may be trouble ahead
Despite its successful damage limitation exercise, it would be naive to agree the breach is fully behind RSA. There remain unanswered questions. Questions that the company is refusing to answer.
It is still unclear who was behind the attacks, even though RSA claimed last year a nation state was to blame, or whether law enforcement is hoping to apprehend the perpetrators. "We're not providing any attribution on it," Heiser said, adding that RSA was not investing in capturing the crooks and did not know whether the FBI or others were investigating.
RSA may benefit from a lack of police activity. If arrests are made, it will only refresh customers' and potential clients' memories. RSA does not want people to continually associate it with the events of last year.
Instead, the company would benefit from the power of forgetting' - to borrow a term from security guru Bruce Schneier. RSA knows it will continue to face questions over the compromise, but by placating people with a positive, ostensibly open strategy and having data to support that, the company will continue to do a good job at curbing negative opinion. In terms of acquiring new customers, rather than just appease current ones, that will be vital.
The company will have its fingers crossed nothing dirty emerges from the thin cracks that remain open. If nothing does seep out, and that currently looks likely, the hack, not RSA, will have successfully been buried six feet under.
