Category Archives: RSA

January 4, 2012

Keep Your Enemies Closer : Advance Threat Management

By erinkbanks

I was recently watching a replay of the CBS 60 Minutes report that originally aired in November 2009 called “Sabotaging the System”. The segment talked about viruses, malware, and hackers that have infected the public and non public networks. These include the federal networks such as the US Central Command (CENTCOM) network.  In 2008 the malware, agent.btz had landed on this network. It was believed that the virus found its way through a USB stick. This virus can see everything on the network and for some reason… they cannot get rid of it. According to the following article, the US military networks still cannot remove the virus in their network.

A USB drive… it was that simple. Hackers will find a way onto a network and for some reason, they don’t want to leave. One option that people initially like to take is to  block the USB port but we all know that making security a roadblock for the users can create more problems. A better option is to  use RSA Data Loss Prevention technology to allow only certain USB drives to have access to the system.  However, in spite of  all this work, blocking and denying… they might still get in. And this is  why we employ  defense in depth (multiple layers of security).  I love the RSA DLP capabilities but we need to do more than just lock the door. Looking at the security without the rose colored glasses, you will soon find out that if you have something worth stealing, someone will look for a way to steal it and one layer is not enough. As we like to say… “there are two types of organizations out there… those that have been hacked and those that admit that they have been hacked” (I use this line almost every day).

What does this mean in the long run? It is no longer about the protection, but understanding the threat. The only way to tackle the threat is to understand the threat. Why else did we say, keep your friends close but your enemies closer? How do you do this from a networking standpoint… by monitoring what is happening on the network. We do this by understanding the technology of the malware and its purpose. You can’t protect any of the systems when it’s a new malware and very little, to nothing is known about it. You need to understand where the attackers are going and what is or is not important to them.The technology that RSA NetWitness gives you… does just that. No more saying “we don’t know when they got onto the network and we don’t know what they took”… because you can see everything on the network. It’s literally like having a DVR for your network – you can watch and play back the activity… all activity on the network. When it comes down to it, not knowing what is happening or has occurred on your network is one of the negative facets of network security. Not knowing means that you will never have the ability to fix any problems, fix any holes, protect any data because you don’t know what you don’t know and that is the worst type of security. The fact is hackers are not going away as we try to put up barriers here and there, they still find a way in. Imagine your house is burglarized after you set the alarm, locked the doors, bought the dog…. wouldn’t you want to know how they got in? Wouldn’t you want to know what they took or touched? Do you really think you will feel ok if you stand in the middle of your house and just look at what is in eye view and assume that you will find out what went wrong? It doesn’t work that way… you wish there was a camera, you wish you could watch everything – that would help you prepare in case it happens again, because you would know what they know and you could fix that issue. That is what RSA NetWitness does… it lets you see the threat and it lets YOU manage it.

Leave a comment   |  tags: , , | posted in DLP, NetWitness, RSA, security

November 15, 2011

EMC and RSA… Enabling Virtual Administrators

By erinkbanks

Every day as I work with virtualization and the components that surround it, I am reminded why I love working at EMC and RSA. Yes, I have the privilege to work with the mother ship, EMC as well as the security division, RSA because both virtualization and security are my passion. One of the many reasons why I feel that EMC and RSA are the correct choices when developing your virtual environment is because EVERY… and I mean EVERY product manager of the EMC and RSA products tells me that their role is to “enable the virtual administrators”. Every product that EMC and RSA rolls out their doors at the core has two things in mind, security and virtualization. EMC and RSA build their products with security at step one. As a person who preaches about security, how can I not love the fact that the company that I work for chooses to build security into the fabric of their products. More importantly how can I not love the fact that the products are being developed specifically with the virtual administrator in mind

Simplification of the technology is the easiest way to ensure adoption. Outside of that, the users are just looking for excuses. If you simplify the technology, why wouldn’t someone implement the capabilities. If you break down the silos and give users the things they need to get their job done, why wouldn’t you implement the capabilities. If you enable the virtual administrators, why wouldn’t you implement the technologies that are there to simplify and break down your daily tasks. Are these not the tools that we have been asking for… the tools that we needed?

This blog post isn’t to go through the entire list of integration points or to cover the capabilities, this blog post is to clearly state the obvious… (my stake in the ground)… when you think virtualization you must think EMC and RSA. I have discussions with customers daily about their frustrations with wanting to move further down their journey to a virtual data center, customers want to be enabled and I am here to tell you that EMC and RSA understands that. We understand the pains mainly because we are our own best and worst customer but built in to us, built into our culture is virtualization and simplification. We work with these technologies daily just like you and we beg to have the capabilities that make sense. All our solutions, across the board, from the management suite, to backup, to recovery, to storage, to security are on the journey with you to the virtual data center.

Leave a comment   |  tags: , , | posted in EMC, RSA, security

April 28, 2011

April 7th Webcast – Recap

By erinkbanks

It has been awhile and I am sorry that I have not been able to post the slides from the April 7th Webcast that Sharon Isaacson and I did. It was a great webcast. We had 350+ people register for the event. Everything went really well…  the audio, the slides, the demo… everything… it was perfect and I was so grateful to have done it with Sharon. She is incredibly smart and amazing and I am so lucky to work with her. I have learned so much from her. It even provided us with some ideas for sessions VMworld (now I am crossing my fingers that we get picked). I have provided the slides below for your review if you were not able to register.

Leave a comment | posted in cloud security, RSA, security, virtualization, webcast

Follow

Get every new post delivered to your Inbox.