Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    RSA SecurID: Hacked but Not UnWitnessed

    Written by

    Jack E. Gold
    Published April 21, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      /images/stories/knowledge_center/analysts_corner.gifIt’s now been a little over four weeks since RSA SecurID, the famed two-factor authentication user token system, was hacked. It had long been assumed that this system was hack-proof given its record of security enablement at some of the largest corporations and government agencies. Yet, in the end, like most security breaches, it was compromised as a result of human error and not holes in the technology.

      It’s important to note exactly what happened as it indicates why current user security models are flawed. This is why I recommend implementing new, comprehensive models just emerging that will enable the next generation of protection in an increasingly sophisticated world of cyber attacks on companies and individuals. While all the details are not yet public (RSA rightly wants to keep some of the lower-level details private to prevent copycat attacks), enough of the details have surfaced that companies can learn from them and hopefully prevent similar attacks.

      So, what happened? In a nutshell, a phishing e-mail message was sent to some lower-level personnel entitled “2011 Recruitment Plan.” It included an Excel spreadsheet with a zero-day exploit Flash file. One or more of the recipients opened the file, thinking it was legitimate. The exploit then retrieved the user ID and password and established a connection on the SecureID server. There it gathered a number of data files and transferred them to a compromised staging server at a hosting provider. From there, the data was transferred to a remote server.

      What is important to note is that RSA was able to catch this breach in process and halt it in near real time (although it was not able to prevent at least some sensitive information from escaping). This extraordinary defense was mounted because RSA was not just looking at log-in authorization and credentials, but was monitoring and analyzing all traffic exiting its network. As a result, RSA was able to determine that this connection was making unauthorized use of sensitive data, and was able to rapidly cut off access.

      Real-Time Monitoring and Analysis Is Key

      Real-time monitoring and analysis is key

      This real-time monitoring and analysis is the key to ensuring future security against new age data breaches, but which very few companies currently have in place. It’s nearly impossible to prevent human error-created invasions such as this one where a user opened an infected file. No traditional, PC-installed antivirus or antimalware solution (for example, McAfee and Symantec) prevents this. As these so-called Advanced Persistent Threat (APT) attacks become more sophisticated (often through sponsorship of state-funded actors or other well-financed hackers), the types and amount of data loss will grow.

      I believe that data protection must dramatically and fundamentally change if enterprises want to protect their most valuable assets (see my January 2011 research brief). It is no longer safe to protect only your endpoint. It is now mandatory to encompass a fresh approach where all data is monitored and checked before exiting the corporate firewall, and evaluated as to whether or not it should be made available to the outside world (including to “trusted” remote users). This requires high-speed packet interception, examination and evaluation-which must be done in real time if protection is to be effective. It’s why many of the security companies such as McAfee and Symantec are moving to more cloud-based interactions. It’s also why companies such as Cisco and Juniper are becoming security companies as well as network infrastructure companies.

      Employing this changing landscape of security technologies is even more critical as companies adopt a cloud-centric position. Companies that provide cloud-based access-whether through internal servers or via a service provider-must have a network-based “watchdog” service or they’ll face an increasing amount of escaped data and undetected exploits. To provide such services, RSA has announced that it is purchasing NetWitness, a company that monitors all data packets over the network, deconstructs the packet and evaluates the contents based on predetermined rules. It then prevents or allows the data to exit the corporate network-all in real time. In fact, RSA used this technology to discover and stop the attack on SecurID in near real time.

      Data monitoring and remediation in real time is what is required to secure data in our hyperconnected world by scrutinizing data content and behavior and stopping any breaches before they escape-regardless of the human or technology errors that allow it to happen. Other cloud services-based providers-for example, Cisco, Microsoft and Amazon-must have a similar solution or face a competitive disadvantage (and expose a huge security hole). Of course, RSA, which is owned by EMC, will no doubt make this capability a key component of EMC’s cloud-based offerings. Organizations concerned with security must demand such services if they are to protect their data from loss. Private clouds (for example, those behind the corporate firewall) must include a real-time data monitoring component to provide next-generation security and data leakage prevention.

      The bottom line

      Enterprises will have to migrate to newer models of security in the never-ending fight against increasingly sophisticated hackers and growing data loss which may even go undetected. While traditional endpoint solutions will not go away, they cannot prevent the phishing/human error APT and zero-day attacks becoming more common. Real-time packet monitoring-to evaluate and control data on the network-is the next important step in securing corporate assets. It must become a component of all enterprise security operations-especially in cloud-based systems. This is the only way to discover and stop the increasingly sophisticated attacks emerging from well-funded, expert hackers.

      Jack E. Gold is the founder and Principal Analyst at J. Gold Associates, an IT analyst firm based in Northborough, Mass., covering the many aspects of business and consumer computing and emerging technologies. Jack is a former VP of Research Services at the META Group. He has over 35 years experience in the computer and electronics industries. He can be reached at jack.gold@jgoldassociates.com.

      Jack E. Gold
      Jack E. Gold
      Jack Gold is an industry analyst covering emerging technology. He is the principal analyst & founder at J. Gold Associates.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×