New Service to Help Organizations Identify Data and Systems Compromised by Malware and Online Attacks
RSA, The Security Division of EMC (NYSE: EMC) announced a new service designed to help organizations identify computers, information assets and identities compromised by malware and other online attacks.
The RSA CyberCrime Intelligence Service, available to customers worldwide on May 1st, will help IT professionals further understand and isolate possible points of exposure in their enterprise.
Advanced forms of malware such as the Zeus Trojan can silently capture a wide variety of data and credentials contained on enterprise computers and laptops, including proprietary information such as legal documents, healthcare records and corporate secrets. However, many organizations are not aware of the impact of malware within their systems that pose a significant threat to their information and bottom line. 
Recent research by RSA has shown that many organizations are not aware of the impact of malware within their systems and the significant threat to their information and bottom line. The RSA Anti-Fraud Command identified that 88 percent of a group of companies monitored (441 in total) had systems accessed by infected machines and 60% of these firms (299 in total) had experienced stolen email account information.
“We are seeing a celestial alignment within the world of online fraud which means that a much broader segment of corporate Internet users are being targeted by criminals who are looking to steal more than just credit card numbers and consumer identities. Advanced, stealthy Trojans like Zeus that are detected less than 46% of the time* are readily available to online criminals who are interested in stealing information for illegal gain,” according to Uri Rivner, Head of New CyberCrime Technology at RSA, The Security Division of EMC.
The results of a recent global survey conducted by Forrester Consulting on behalf of RSA and Microsoft, entitled “The Value of Corporate Secrets,” showed that enterprises are under-investing in the protection of trade secrets. The survey of 305 IT security decision-makers worldwide revealed that enterprises are investing heavily in compliance and protection against accidental leaks of custodial data (such as customer information), but under-investing in protection against theft of far more valuable trade secrets.
“Nearly 90% of enterprises we surveyed agreed that compliance with PCI-DSS, data privacy laws, data breach regulations, and existing data security policies is the primary driver of their data security programs. A significant percentage of enterprise budgets (39%) is devoted to compliance-related data security programs,” according to Forrester Consulting’s study. “But secrets comprise 62% of the overall information portfolio’s total value while compliance- related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are overweighed toward compliance.”
“Companies are spending money to protect customer, medical and payment card information, as they should, but more emphasis needs to be placed on protecting the intellectual property and data that has intrinsic value to an organization,” said Sam Curry, CTO, Marketing, RSA, The Security Division of EMC. “If IP is lost, it can cause long term competitive harm to an organization. The recent and highly-sophisticated intellectual property attacks targeting large multinational companies are examples of this type of loss.”
The RSA CyberCrime Intelligence Service platform is based on the RSA FraudAction service and leverages 24×7 monitoring and detection, alerts and reporting provided by RSA’s fraud analysts. The service is designed to identify a subscribing organization’s compromised computers and user credentials including those that are leveraged via remote access. It provides information security professionals with actionable knowledge and information to adjust policies and controls to prevent the loss of data to malware and careless employee activities. Security managers can use the information and analysis provided by the service to react to and remediate potential data exposures, employee identity theft, as well as infected corporate resources.
*Source: Zeus Tracker
