Tag: RSA

Cyber security providers benefit from EU and local regulations

Enterprises in the UK are looking to cyber security providers to help them comply with European Union and local regulations, and protect data as employees work from home during the COVID-19 pandemic, according to a report published today by Information Services Group (ISG).

The 2020 ISG Provider Lens Cyber Security – Solutions & Services Report, for the UK finds enterprises in the country counting on cyber security providers to help them comply with UK privacy and cyber security rules passed as the country separates from the European Union. At the same time, U.K. companies must continue to comply with E.U. data privacy regulations because of the country’s economic connections to continental Europe.

Jan Erik Aase, director and global leader, ISG Provider Lens Research said that UK enterprises are prioritising cyber security as most business processes have gone digital.

Dell may continue to spin off RSA

Dell logoRSA President Amit Yoran has hinted that the long-awaited spinoff of RSA as a separate, private company might still be happening.

In an email, Yoran said that Dell had spent a few hours this week at RSA, discussing the RSA business and where that fits into the Dell “egosystem”. For those who came in late, Dell is going to buy EMC, the parent company of RSA, for $67 billion.

Yoran said that creating growth in security is a business that Dell clearly understands, and the relationship between Dell and Secureworks was also “thoughtfully constructed to create leverage”.

Dell announced earlier this month that it plans an initial public offering of the Secureworks business.

“Michael is also aware of our transformation activities at RSA and very supportive. He is keen to continue learning more about RSA and come up with meaningful ways EMC, Dell and he can contribute to our success in the future. It’s all about creating leverage and accelerating our growth.”

Dell was adamant about the benefits of taking a company private in order to foster growth, Yoran added.

“Dell was also very articulate about the benefits of operating as a private company, including our ability to plan and execute on a longer time horizon without the blinding focus on 90 day reporting cycles. Having spent a vast majority of my career running private companies, I couldn’t agree more.”

He did not say that RSA was in talks to spin off as a private company, but EMC was in serious talks to spin off RSA into an independent company for months before the Dell acquisition. What Yoran is saying fits very much into that concept.

Vendors skimp on security

Bank CrisisHardware vendors often skimp on providing basic security for products even when it is no real skin off their noses.

Hackers David Byrne and Charles Henderson cited the case of the world’s largest Point of Sale (PoS) systems vendor which has been slapping the same default password (66816) on its gear since 1990.

This has led to 90 per cent of customers are still using the same password. But Byrne and Henderson said that the outfit is not the only borked sales system.

In this case the only expertise required to carry out a hack is to open a panel using a paperclip – something which has been spotted by low paid staff with a grudge.

What is even more ironic is that the open password is being carried across to across to rival vendors as customers who assume their codes are unique switch equipment.

Henderson told the RSA Conference in San Francisco that 166816 is the default password for one of the largest manufacturers of point of sale equipment and has been since at least 1990.

The hackers also slammed nameless vendors for borking cryptography and basic best security practice, splashing the POS badge across their slide decks.

“Vendors claim that running in admin is a requirement but it’s nothing but lies, damn lies. I know why they do it; it’s like Nirvana for them. But if in fact [the PoS system] needs to run as administrator, that’s a good indicator that your vendor doesn’t take security seriously.”

What is strange is that it would not kill the Vensdors to fix the problem. It is not difficult to come up with new passwords for each machine sold, it is just they can’t be bothered.

RSA conference bans booth babes

Theatre_Cinderella_RAF60F5The RSA Conference next month will be missing “booth babes”.

According to a post by security expert Bill Brenner on the LiquidMatrix blog:

“All Expo staff are expected to dress in business and/or business casual attire. Exhibitors should ensure that the attire of all staff they use at their booth (whether the exhibitor’s direct employees or their contractors) be considered appropriate in a professional environment. Attire of an overly revealing or suggestive nature is not permitted.

Examples of such attire may include but are not restricted to:

  • Tops displaying excessive cleavage;
  • Tank tops, halter tops, camisole tops or tube tops;
  • Miniskirts or minidresses;
  • Shorts;
  • Lycra (or other Second-Skin) bodysuits;
  • Objectionable or offensive costumes.

The rules apply to all booth staff, regardless of gender, and will be strictly enforced. If someone attractive shows up in anything remotely skimpy they will be asked to change their attire or leave the premises immediately if organisers feel their appearance might be offensive to other exhibitors or attendees.”

Linda Gray, event manager, RSA Conferences said that the change in the language in the exhibitor contracts was the best way to ensure all exhibitors were made aware of these new guidelines.

“We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show.” They have yet to receive any complaints, Gray said.

 

EMC buys Aveksa

shut-up-and-take-my-moneyEMC has picked up Aveksa, an identity and access management specialist, through RSA in what one analyst said was a “long overdue” acquisition.

Aveksa will be rolled into RSA as part of RSA’s Identity Trust Management product group. EMC hopes the acquisition will take the best of Aveksa to improve RSA’s portfolio in enterprise, cloud and mobile access.

Knowing you are who you say you are is extra critical in businesses with extremely sensitive data, such as in health and finance. Stuffing that up can and does lead to enormous data breaches, embarrassing the company in front of customers and, worse still, losing customer data.

Aveksa specialises in constructing detailed user profiles as well as managing those identities, keeping security tight and making sure sensitive files reach the right eyes only. It already has plenty of customers in the finance sector, health, energy, retail, manufacturing, transportation and telcos.

Principal Ovum security analyst Andy Kellett said EMC/RSA desperately needed an acquisition of this character if it is to compete in the growing, and dramatically changing, identity management market.

“The disruptive influences of mobility and cloud will change device and infrastructure requirements,” Kellett said. “The requirement for risk-based authentication delivers the requirement for business intelligence and information led access controls – the more sophisticated threat landscape and the need to improve fraud detection rates all add to the need for change”.

Although the financial details of the deal were not disclosed, Ovum asserts that it is a sound buy. “The timing is right as disruptive influences such as cloud take hold of the market,” Kellett said. “The partner is right because of its business focused approach and identity as a service capabilities”.

“Finally, the requirement for RSA to extend out and offer more complete IAM is right and in our opinion long overdue,” Kellett said.