Archive for March, 2011
RSA is reporting today in an open letter to their customers that they have detected an extremely sophisticated attack on their systems and that some information related to their SecurID two-factor authentication systems has been extracted:
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.
Rich Mogull over at Securosis has additional commentary.
What’s interesting is that this is no random drive-by attack, but rather a targeted assault on a major security vendor. This is a big deal, of course, because so many organizations rely on RSA’s SecurID systems for authentication. We currently don’t know the vector of the attaack, what information was lost, or exactly how this will affect SecurID users. One thing is for sure, if you have a SecurID token from a bank or some other provider, you will want to contact them for guidance.
This is one evolving situation we’ll be watching over the next several days and weeks.
Today we launched our newest product, Athena PathFinder! The phenomenal growth in adoption of our main product, Athena FirePAC, gave us excellent insight around the needs for additional solutions. Last year, firewall engineers we worked with zeroed in on two primary types of requests:
1. Extending Athena’s range of analytics that go deep into individual devices. With even more limited time and resources, firewall engineers are in need of easier ways to make the analytics more actionable and supportive of certain operational realities.
With the releases of Rule Tracker, Object Standardization, Configuration Debugger and major advancements to our Change Impact functionality, FirePAC meets the requirements for interactive intelligence that is especially useful to security operations groups.
2. Extending Athena’s policy awareness from a device-specific to a network-specific perspective. Macro level issues involving service availability across multiple devices, reachability based on routing, and what devices to touch to implement a change request are all extremely well-suited for Athena’s offline analysis.
With the release of Athena PathFinder, we stuck to our product development philosophy of offering tools that are focused and easy to use, yet powerful enough to save man years of manual effort. This is our solution for firewall engineers who are seeking a handy way to test network behavior for troubleshooting and simplifying rule changes, and we made sure they can get started immediately with a free 2-week evaluation offer.
Shrdlu over at the Layer8 security blog has come up with a list of security metrics that will doubtless be very useful in communicating with your CISO:
- the number of times you have to beg your sysadmins to patch (per release cycle)
- the number of senior executives that violate the security policies they signed off on (per month or year)
- the number of conferences your boss refuses to send you to (per year)
- the number of security topics you discuss, divided by the number of drinks you have, at the one conference you’re allowed to attend
- the number of times you discover a homegrown “crypto” function during code reviews
- the number of times a security vendor tries to go over your head to make a sale (or at least schedule a demo)
- the number of (prohibited) iPads in your building, times the number of support requests for said iPads
- the number of times you have to explain cross-site scripting, per developer, per year (bonus if you have to explain it to a “security professional”)
- percentage of #LIGATT tweets in your tweetstream per day
- the number of times a network or application problem is blamed on “the firewall”
- number of incidents that you still aren’t sure really counted as actual incidents
- number of auditors per audit instance per year, times the number of staff members that have to interact with said auditors
- number of security-related PowerPoint slides generated per year, minus the number of recycled ones
- number of desks you’ve had to replace due to head damage, per job