Today, RSA once again becomes an independent company, after being owned by EMC and then Dell Technologies for the past several years. I’m commemorating this milestone by looking at a few of my favorite products from the RSA portfolio and set some context for the longevity of this iconic company.

Ironically, for those of you that might not recall the early days of RSA, you may not realize that the actual “RSA” name almost disappeared altogether. This was as a result of an early acquisition by Security Dynamics in July 1996 – fortunately the RSA name was adopted after the acquisition. Speaking of longevity, the company’s initials of course stand for its three founders:

It has been almost 40 years and RSA is still a significant player in the information security marketplace. Formed back when mainframes walked the earth, it has thrived during the Internet era and continues to innovate with new products and new ways to deliver security.

While RSA offers a range of products – from SIEM to integrated risk management – it’s their authentication and fraud prevention products that have frequently caught my attention. At a time when cybercrime is increasing and organizations need solutions to help them secure the future dynamic workforce, these three products will play a significant role in the future of many businesses:

1. RSA SecurID with Yubikey

The iconic, one-time-password generator RSA SecurID Access hardware or software token has been around for decades and can be found in the hands (or on the devices) of millions of workers globally. Over the years, the fob form factor has been tweaked, augmented by an added USB port, and other minor changes. This fob can be used in a variety of authentication circumstances, and is a significant multi-factor method. One of the most significant recent developments is something announced last year and involves the Vulcan mind-meld with Yubico’s Yubikey.

What I like about this partnership is that you never have to type another series of PINs ever again. All you need to do is to press the gold-colored button on the Yubikey to acknowledge that you have it in your possession, and the PIN stored within the device will make its way into the RSA SecurID infrastructure and authenticate you.

I like to  think of this offering as a marriage between RSA’s longest running and most famous product and the latest authentication standards. It’s worth taking a closer look, especially if you are an existing RSA SecurID Access customer and want to step up your authentication game. As more passwords find their way to various security leak lists, having a hardware key is still the most secure method to protect all of your logins.

2. RSA Adaptive Authentication.

If you are using any kind of authentication system, you need to be using adaptive authentication (AA) and the RSA version is a solid product. The issue is that we all have to stop thinking about authentication as a binary event. In the past, you were either authenticated or you were not. What AA does is operate more continuously, checking your actions (defined variously) against trustworthy norms to evaluate whether you are who you should be as you go about your computing daily life. As the criminals get better about compromising our accounts with various phishing lures, AA is going to become an essential defense mechanism.

As I mentioned in a October 2018 blog post, AA can be combined with various RSA multi-factor authentication and biometric tools to beef up your identity and access management strategy and help improve your login security.

As an example of its use, the British credit company New Day has deployed AA to help reduce fraudulent credit card usage. The AA routines pre-screen questionable transactions and determine whether they should be allowed or escalate them to human examiners, thus creating fewer challenges for their customers. These screens include looking for geolocation conflicts (a consumer who is making withdrawals in two different places that aren’t physically near each other) or an odd purchase (someone who hasn’t recently bought a suit such as what happened to me once, which was mildly embarrassing), or making a large cash withdrawal at a new ATM location.

3. RSA FraudAction.

Speaking of fighting fraud, one of the more interesting RSA offerings is a service called RSA FraudAction. This is not a consumer offering but geared towards defending the consumer’s endpoints which are fraud and phishing targets. It is based on having two operations and command centers that provide fraud intelligence and defense. One of them is outside Tel Aviv (where I visited in 2018 and wrote this report for CSOonline) and another located on the Purdue University campus. The centers proactively monitor (typically) a bank’s transactions and block suspect ones, using the AA products mentioned above to provide the risk scores. The goal is to flag something suspicious before the transaction clears, so that both the consumer and the bank are protected. The team also produces regular intelligence reports (such as this sample report) for customers on the various, real-time threats on the Dark Web.

My point in highlighting these three products or services is that they all work together in an interesting way to help you harden your authentication and reduce potential compromises. It’s also a testament for a company that has helped pave the way for the rest of the information security industry and developed a portfolio of solutions that can work together to help you manage digital risk.

Nearly 40 years after its inception at the MIT campus, RSA remains at the forefront of this market and well positioned to help businesses both large and small addresses security, risk and fraud concerns in a world that’s increasingly complex.

The Domain Name System (DNS) is the Rodney Dangerfield of Internet protocols. By that, we mean that DNS has trouble getting respect for all the important things that it does. Over the years, the DNS has been abused by spammers, its weaknesses exploited by distributed denial of service (DDoS) attackers and domain hijackers. Given that the spate of attacks is increasing (according to one 2019 IDG report), it is time to get more serious about how you manage your DNS infrastructure and how you can harden it to prevent future threats. DNS attacks are often used by bad actors to reach their victims and do damage to business reputations. In this post for Network Solutions’ blog, I talk about the role that DNS plays and how you can evaluate a potential DNS supplier and use various means to protect your network assets.

The role of the security operations center (SOC) is changing in a more distributed world. As businesses continue to support remote operations and staff, they need to start thinking about building out a virtual SOC environment to manage their infrastructure long-term.

In the days before the health crisis, physical SOCs were usually found near the data center in the organization’s headquarters. Sometimes, they were more showplaces for management to bring customers by and reassure everyone that the company was serious about security. Well, we need them more than ever, especially as the threat models have changed as staff now works outside of the physical office walls and uses more cloud-based applications and services.

In the past few years, managed security service providers (such as Dell’s SecureWorks) have come up with cloud-based SOCs used to monitor networks and computing infrastructure – no matter where they’re located. The virtual SOC takes this a step further, and provides a wide range of services such as patching and malware remediation along with threat intelligence and defense. Some of these providers are rebranding their offerings, calling them SOC-as-a-Service.

There are several things to consider in building the right virtual SOC. Some of these choices are not as obvious and will require some effort to plan appropriate actions.

First, you must decide how this virtual SOC is going to augment your existing security infrastructure. If you already have a physical, on-premises SOC, will you need to staff it as your organization moves back into the office once you make your SOC completely virtual? Do you need additional technologies to monitor threats that originate in your collection of cloud apps? How will these interact with your existing tools to identify and resolve these threats? How will you define and monitor normal network behavior and keep your eye on the changing work environment?

As you start thinking about this, review the workflow and processes when a security event does happen: How it is described by the SOC staff or tool and how is it ultimately is resolved? For example, before the pandemic, you may not have a very rigorous bring your own device policy.  Or you may not be operating the most thorough endpoint agents and need to capture all kinds of remote events. Both of these probably need some immediate attention.

That brings me to my next point: Take ownership of your cloud apps. This is something I wrote about previously.  In that blog post, I touch on things like evaluating risk-based access, extending network visibility to the cloud and figuring out ways to manage these applications. Chances are, you will need to consider changes to your identity and authentication infrastructure if you have multiple cloud storage services and after an audit has been completed of the cloud portfolio and the existing security controls. This may even lead you towards thinking about using a cloud access security broker.

Thirdly, focus on a particular perspective before you find the right virtual SOC provider. One of the biggest challenges about a virtual SOC is that vendors come from very different security perspectives and origins that span the security marketplace. If you are going to shop around for a virtual SOC provider, know what you’re lacking and whether the SOC vendor can complement rather than compete with your current toolset. For example, you may have a SIEM in place, but does it have the right level of endpoint protection system to handle the remote population? Or, you may have a network operation center (NOC) that is designed to support a centralized staff but doesn’t give visibility into the work-from-home infrastructure. Or, your tools may not be strong in being able to resolve remote threats that occur  As you can see, this isn’t such a simple series of questions to answer, but it’s important to have direction as you seek the right vendor.

Finally, decide whether a virtual SOC is a near-term fix, or will become the de facto mode of future operations. Given the progress of the current disruption, I think organizations will continue working from home for many months.

I must come clean and tell you that I have flipped my original opinion of SOCs. Five years ago, I wrote that SOCs may be going the way of the dodo bird and cynically suggested that one could end up in the Smithsonian museum. Contrary to that notion, I now feel that SOCs – especially virtual ones – are needed more than ever.

Late last month, security researchers discovered a major vulnerability in the software that controls how PCs boot their operating systems. This is one of those issues that sounds scarier than it is. Fixing it will be a major process, especially for Linux system administrators and corporate IT organizations with a mixture of different PC vintages and manufacturers. The problem has been named BootHole, and it could affect up to a billion computers.

If you are running Linux, do your homework before rebooting or upgrading so you don’t make things worse. If you are running Windows, you’re better off waiting for Microsoft to issue a fix.  In the meantime, use basic security hygiene to avoid unwanted access to your machine.

You can read more about this issue in my post on Avast’s blog here.

One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out life as a simple banking Trojan when it was created back in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MUMMY SPIDER. What made Emotet interesting was its well-crafted obfuscation methods. Proofpoint posted this timeline:

Over the years, it has had some very clever lures, such as sending spam emails containing either a URL or an attachment, and purport to be sending a document in reply to existing email threads.

You can read more on Avast’s blog here.