Advisory Note: „RSA SecurID – how to act after the hack? “ - 70344

Report Details

As reported extensively in the media, hackers in march of this year successfully attacked the data center of EMC Corp’s RSA security division, obtaining copies of security information for RSA’s SecurID key fob system, a token-based mechanism for creating OTPs (One time passwords) in a two-factor authentication approach used extensively by companies and government agencies around the world.

Now, two large military contractors, Lockheed Martin and L-3 Communications, have reported that they have been victims of security breaches based on data obviously stolen from RSA. A third military contractor, Northrop Grumman, another RSA customer, abruptly closed down remote access to its network and instituted a “domain name and password reset across the entire organization”, according to a press statement.

This considerably ups the ante on RSA and its customers, many of whom rightfully are demanding more information and guidance on how they can protect themselves from what is obviously a highly sophisticated group of attackers. Can we continue to use SecurID, or do we need an alternative, many have been asking, including a number of KuppingerCole clients.

While RSA understandably refuses to discuss details of the attack – after all, hackers read press releases, too - there can be no doubt that the attackers leveraged a known conceptual weakness of RSA SecurID, namely the central storage of so called ‘seeds’ in their own backend. However, bashing RSA won’t help. For customers, the real question is: What can I do to protect my systems and the sensitive information stored there?

Throwing out SecureID and starting anew is not an option for most user organizations. Short term, a number of organizational measures such as adding additional authentication such as use of domain password (if feasible) can reduce the risk of attack without calling for costly replacement of the SecurID tokens is use today. Mid-term, however, customers need to review their authentication strategies with an eye towards moving up to true a versatile authentication approach. The ultimate goal, KuppingerCole believes, is to be able to move back and forth between different authentication mechanisms freely and flexibly without the need to modify the applications themselves.


Date Title Price
Jun 10, 2011

Advisory Note: „RSA SecurID – how to act after the hack? “ - 70344

As reported extensively in the media, hackers in march of this year successfully attacked the data center of EMC Corp’s RSA security division, obtaining copies of security information for RSA’s SecurID key fob system, a token-based mechanism for creating OTPs (One time…

free Get Access

Latest Related Reports

Leadership Compass

Leadership Compass: Adaptive Authentication - 71173

Leaders in innovation, product features, and market reach for Adaptive Authentication. Your compass for finding the right path in the market.

Executive View

Executive View: RSA NetWitness Suite - 72516

RSA NetWitness Suite is a security monitoring solution that combines log and network traffic analysis with endpoint-based visibility and automated threat intelligence to detect and investigate sophisticated cyber-attacks. 

Executive View

Executive View: RSA Archer GRC - 70888

RSA Archer by RSA, The Security Division of EMC is a full-featured GRC-framework providing an enterprise-wide, systemic approach to implementing Governance, Compliance and Risk Management. With its platform approach it can be continuously adapted to maturing GRC-strategies towards…

Leadership Compass

Leadership Compass: Access Governance - 70948

Leaders in innovation, product features, and market reach for Identity and Access Governance and Access Intelligence. Your compass for finding the right path in the market.

Executive View

Executive View: RSA Aveksa Identity Management & Governance - 70873

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking, to…

Leadership Compass

Leadership Compass: Enterprise Key and Certificate Management - 70961

Enterprise Key and Certificate Management (EKCM) is made up of two niche markets that are converging. This process still continues, and as with all major change of IT market segments, is driven by customer requirements. These customer requirements are driven by security and compliance…

Executive View

Executive View: RSA Adaptive Authentication - 70889

Adaptive Authentication uses risk-based policies to evaluate a user’s login and post-login activities against a range of risk indicators. Systems then ask for additional assurance of the users’ identities when a risk score or policy rules are violated. This risk and…

Leadership Compass

Leadership Compass: Access Management and Federation - 70790

With the growing demand of business for tighter communication and collaboration with external parties such as business partners and customers, IT has to provide the technical foundation for such integration. Web Access Management and Identity Federation are key technologies for that…

Leadership Compass

Leadership Compass: Access Governance - 70735

Access Governance is as of now the fastest growing market segment in the broader IAM (Identity and Access Management) market. Some vendors also use the term IAG (Identity and Access Governance). Another recent term is Access Intelligence (or Identity and Access Intelligence). While a few…

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

GDPR as opportunity to build trusted relationships with consumers

During the KuppingerCole webinar run March 16th, 2017, which has been supported by ForgeRock, several questions from attendees were left unanswered due to a huge number of questions and a lack of time to cover them all. Here are answers to questions that couldn’t be answered live during the [...]

Latest Insights

Hot Topics

Spotlight

Learn more

Security Operations Center

Today, the Security Operations Center (SOC) is at the heart of enterprise security management. It is used to monitor and analyze security alerts coming from the various systems across the enterprise and to take actions against detected threats. However, the rapidly growing number and sophistication of modern advanced cyber-attacks make running a SOC an increasingly challenging task even for the largest enterprises with their fat budgets for IT security. The overwhelming number of alerts puts a huge strain even on the best security experts, leaving just minutes for them to decide whether an [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00