Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    RSA SecurID Breach Is a Lesson in APTs

    By
    Fahmida Y. Rashid
    -
    March 29, 2011
    Share
    Facebook
    Twitter
    Linkedin

      While customers are understandably concerned about the security of their SecurID deployments, the RSA breach is a wake-up call about the recent increase in what security experts call APTs: advanced persistent threats.

      Attackers had successfully breached the RSA’s networks and stolen information related to the company’s SecurID two-factor authentication technology, revealed Art Coviello, the executive chairman of RSA Security, in an open letter to customers posted on the RSA Website on March 17. RSA identified the attack as an APT in its letter.

      APTs are ongoing attacks where perpetrators probe the target systems looking for information such as source code and other sensitive intellectual property. APTs are a “new breed of cyber-adversary” and cannot be addressed in the same way as other Web threats, Adam Vincent, CTO of the Public Sector group at Layer 7 Technologies, told eWEEK.

      The attackers are well-funded, highly organized and are most likely employing new techniques-ones that are probably not protected by network encryption, firewalls and other security products, Vincent said. Security products can’t provide sufficient capabilities to protect an organization from APTs as the lurking attackers are often indistinguishable from legitimate users, he said.

      Operation Aurora, which compromised systems at Google and a number of other major companies in 2009, was a type of APT. “If Google and Aurora wasn’t enough of a wake-up call, this is another wake-up call,” said Peter Schlampp, vice president of product management at Solera Networks, told eWEEK.

      The general consensus appears to be that if RSA can fall, then there’s little chance for smaller companies. So organizations need to do more than just spend money to block threats, Chris Larsen, head security malware researcher at Blue Coat Systems, told eWEEK. They need to assume they are already infected and invest in security technologies, such as network forensics and log management systems, that will allow them to find the breach, he said.

      While RSA has remained silent about what was stolen, when the data breach occurred, how attackers got into the network and how long the breach lasted, the company recommended that customers harden their other security layers in case of a follow-up attack.

      “A layered security approach is always best,” said Avivah Litan, a distinguished analyst at Gartner. While one-time password [OTP] systems “raise the bar for the criminals,” they were vulnerable to compromise even before the RSA breach, she said. “Maybe this incident will wake up companies to the need for more controls than just OTP authentication,” she said.

      Assuming that the attackers stole the seed values used to generate the one-time passwords on the SecurID tokens, a potential scenario has cyber-criminals leveraging social engineering and spear phishing tactics to obtain the serial number of the SecurID token. With that serial number and seed values in hand, attackers can masquerade as the user to log in to secured networks, such as those in financial institutions.

      The scenario isn’t all that dire: It just means that RSA customers will need to replace the tokens, according to Kyle Adams, architect and lead developer at Mykonos Software. “The actual two-factor authentication technology remains secure, and it’s just some key information that was lost,” Adams told eWEEK.

      If customers feel that SecurID is compromised, they are likely to replace it with competitor products. In fact, CA has announced that SecurID customers can trade in their RSA tokens in a one-for-one swap for CA’s own authentication platform, the CA ArcotID Secure Software Credentials.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×