RSA: Back from the breach?

Reporting from RSA 2012, Tom Brewster looks at how well EMC's security division has come back from the infamous 2011 attack.

"One big area for us was looking at everything that is external facing and what types of examination should that have in terms of our attack surface. Another area we looked at is how we're doing authentication, have we implemented risk-based authentication across the board and where can we infuse that further into the process?"

He also sought to aggressively enforce segmentation, deciding which data could be lumped together and which should be kept separate. "This has been a great thing for us in terms of looking at how to quickly implement areas of control," Schwartz added.

Another successful attack would be nothing short of catastrophic.

Training has been key. The 2011 breach started when an employee opened an Excel document in an email, not realising it would open up their machine to infection. Worker training has now gone much deeper, according to the CSO, with more innovative methods tested out.

"There are techniques that are more invasive, more aggressive, where if you do well I'll reward you, but if you don't I'll make a public spectacle of you in some way," Schwartz said. "The point is, is that there are innovative ways to do that."

RSA will want to keep a close eye on its supply chain too. The hackers behind the 2011 hit did not want saleable data from the security firm, but was after the keys to others' infrastructure, most notably that of US government contractor Lockheed Martin. RSA won't want to fall thanks to partner insecurities and Schwartz said the company was reviewing what best practices should be in relation to supply chain.

"We're talking to others that are doing it as well and asking what else can we do to get even deeper visibility in the process," he said. "When you're a global entity like EMC, there are certain places where you do things where it is very easy to gain visibility, but there are other parts of the world where it becomes tougher to get that level of assurance.

"We're looking at where the risk is, where we have a lot of assurance and visibility and where maybe we need to deal with things either at the contractual level, the surveillance level or testing level."

Here's hoping Schwartz can help RSA avoid any further embarrassment. Another successful attack would be nothing short of catastrophic.

There may be trouble ahead

Despite its successful damage limitation exercise, it would be naive to agree the breach is fully behind RSA. There remain unanswered questions. Questions that the company is refusing to answer.

It is still unclear who was behind the attacks, even though RSA claimed last year a nation state was to blame, or whether law enforcement is hoping to apprehend the perpetrators. "We're not providing any attribution on it," Heiser said, adding that RSA was not investing in capturing the crooks and did not know whether the FBI or others were investigating.

RSA may benefit from a lack of police activity. If arrests are made, it will only refresh customers' and potential clients' memories. RSA does not want people to continually associate it with the events of last year.

Instead, the company would benefit from the power of forgetting' - to borrow a term from security guru Bruce Schneier. RSA knows it will continue to face questions over the compromise, but by placating people with a positive, ostensibly open strategy and having data to support that, the company will continue to do a good job at curbing negative opinion. In terms of acquiring new customers, rather than just appease current ones, that will be vital.

The company will have its fingers crossed nothing dirty emerges from the thin cracks that remain open. If nothing does seep out, and that currently looks likely, the hack, not RSA, will have successfully been buried six feet under.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
IT Pro Live: The future of encryption
encryption

IT Pro Live: The future of encryption

1 Sep 2020
The IT Pro Podcast: The DARQ side of security
Technology

The IT Pro Podcast: The DARQ side of security

28 Aug 2020

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021