Share This Article:

RSA, the security division of EMC, is trying to contain the damage caused by hackers who penetrated its network and compromised technical specifications for its SecurID token-based multifactor authentication system. The extent of the damage to enterprise and government users is still unknown, but the breach’s impact could ripple across the security market in both negative and positive ways.

First, what’s happening with RSA:

Last week, RSA Chairman Art Coviello wrote a letter to customers relaying how hackers using an “advanced” and “persistent” attack penetrated the company’s network. The hackers were able to gain access to technical details for its SecurID tokens. No customer information was compromised.

“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” Coviello wrote.

Just precisely what the hackers stole remains unclear. Some security experts speculate they could’ve accessed information on how SecurID matches the random numbers generated by tokens for authentication, or they could’ve captured the master private key – the number used to authenticate the public keys generated by the tokens.

Leveraging the stolen information isn’t trivial, which is why RSA and security experts believe an attack isn’t imminent.

What’s near universally agreed upon is what the RSA hack represents: a clear and present danger for corporate espionage, and the need for better network and data protection.

Evidence is mounting that companies, nation-states and hacker groups are increasingly shifting their attention away from simply stealing financial data, or information that facilitates identity theft, to stealing the crown jewels of major corporations. Why steal money to buy Coca-Cola when you can steal the formula and sell it to an off-shore rival? And that’s got security experts worried.

How the RSA network was breached remains unclear, and the security company may never release those details. Already some security vendors see this incident as an opportunity to bolster network defenses with new security technologies.

The Wall Street Journal cited Palo Alto Networks as one possible company with a solution to advanced threats. The vendor’s next-geerationn firewalls inspect applications with traffic for malicious elements, and can control what applications are able to execute within a domain. Palo Alto isn’t the only company to do this; rivals Juniper, McAfee and Check Point have similar technologies. Closely related to next-generation firewalls are unified threat management devices fielded by companies such as WatchGuard Technologies, Fortinet and SonicWall.

Perhaps, though, the RSA breach may be a catalyst for data loss prevention (DLP). The technology was developed to guard against data theft and leaks of common data such as credit card and Social Security numbers. The technology – offered by Symantec, McAfee, Websense and RSA – is now useful in safeguarding intellectual property such as product designs, formulas and technical specifications. Businesses have been slow to adopt this technology because of its expense and complexity. Perhaps the RSA breach will be a catalyst for DLP adoption.

The crown jewels of any business are contained in the database, and there are tools for safeguarding databases against advanced attacks. Companies such Application Security and IBM’s Guardium provide real-time monitoring of traffic flowing in and out of databases. Think of these applications as firewalls and intrusion prevention systems for databases. For businesses worried about their intellectual property and customer records, these security tools could prove quite valuable.

And perhaps the answer remains in identity management. For years, security experts have urged businesses to employ multifactor authentication to prevent authorized access to networks and applications. The standard username/password hasn’t been secure for years, despite what most people think. Requiring an additional check, such as a token, biometric or certificate could prevent casual hackers from gaining access. SecurID may be compromised, but competing offerings from Vasco or certificates from VeriSign could prove valuable offerings in access control.

It’s difficult to capitalize on the misfortunes of companies, especially when it’s a security company. But solution providers should be talking with their customers to access their risk exposure to intellectual property theft and network breaches. While not every company has the same target profile of an RSA, every company is susceptible to attack.

* * *

Lawrence M. Walsh is CEO and president of The 2112 Group, a technology business advisory service that specializes in optimizing indirect channels and partner relationships. He’s also the executive director of the Channel Vanguard Council. He is the former publisher of Channel Insider and editor of VARBusiness Magazine. You can reach him at lmwalsh@the2112group.com.

On Twitter:
Larry Walsh:@lmwalsh2112| Channelnomics: @channelnomics