RSA offers suggestions on security

RSA has published a document on defending against "Advanced persistent threats" (APTs) which echoes but does not reference many of the issues the company faced earlier this year. The report, "When Advanced Persistent Threats Go Mainstream", says that APTs have now moved from the military to the mainstream and are now targeting a variety of enterprises in different industries. The report states that such attacks are generally targeted at a specific organisation, are well-researched and well-funded. They typically use spear-phishing and other social engineering techniques in order to gain access.

Although its own experience is not explicitly mentioned, reading between the lines one can detect what it is that the company considers it should have learned: one piece of advice given is that protection from APT should focus on key areas, an organisation's most critical information and systems, the "crown jewels", as it describes them. It is not always possible to prevent attackers from entering, but an organisation should discover any entry as soon as possible and minimise the consequences quickly. This would constitute a successful APT-defence: "Assume that your organization might already be compromised and go from there."

In March, the security company, which is now a subsidiary of storage maker EMC, became victim to such an attack. As many companies used the RSA's SecurID tokens to authenticate access to their own systems, the attack lead in turn to a successful attack on the US arms firm Lockheed Martin and other military companies.

RSA was ultimately forced to offer the replacement of 40 million tokens, but it waited three months. This brought the company the "Pwnie" award for the lamest producer response at the recent Black Hat conference.

(ehe)