The Anatomy of the RSA Attack

Author: Dennis Fisher
minute read

The attack against RSA earlier this year has become a case study in how data breaches occur and how companies respond. In this video, Uri Rivner, Head of New Technologies, Identity Protection and Verification, at RSA discusses the attack, the aftermath and the lessons learned from it.

The attack against RSA earlier this year has become a case study in how data breaches occur and how companies respond. In this video, Uri Rivner, Head of New Technologies, Identity Protection and Verification, at RSA discusses the attack, the aftermath and the lessons learned from it.

Suggested articles

Discussion

  • Cindy Valladares (@cindyv) on

    Very insightful video that reinforces the importance of focusing on protecting the data, since attackers will get through the perimeter. Another key takeaway is to invest in internal controls and have good detection and investigation tools that allow you to act quickly and minimize the impact of the attack. I would add that these controls need to be integrated to avoid silos and visualize the entire infrastructure and landscape. Great interview -- thanks for sharing!

  • Anonymous on

    good video. I liked when the RSA guy essential made the comment that RSA has the ability, unlike most companies, to know what was compromised. Thats hilarious considering after they were initially breached they claimed SecurID was fine. Then after a couple huge contractors for the gov get breached using SecurID they were like oh wait, no its broken, everyone send in your dongles.

  • Anonymous on

    Threatpost needs to vette the stories better. Uri Rivner did not DO any of the work discussed nor was he even on the team at RSA that handled the attack.

     

    Sad....

  • Anonymous on

    All this talk about spear-phishing and zero day vulnerabilities is a diversion.  RSA got their ass kicked here because they built a 100% software-based security system, therefore vulnerable to software-based attacks.

    SecurID keys should never have been exposed to any software.  They should have been protected by Hardware Security Modules (HSMs).  Those modules must only expose the keys in encrypted form, under the key encryption keys loaded under triple-key-custodian manual controls.

    Over the top?  Hardly.  It's been standard practice in the financial sector for decades.  This is how the master keys for credit card issuing are handled.  RSA, as leaders in the security space, should have known this.  IMHO, they've been negligent.

    In addition, security-critical customers, such as defence contractors, should have been auditing their supplier's security procedures and enforcing use of HSMs and proper security procedures.  Again, that's what banks do to their suppliers.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.

Subscribe now

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.