Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

RSA’s “Trial by Fire” Caused by Two State-Sponsored Groups

Speaking in London during the RSA Conference Europe, RSA’s executive chairman, Art Coviello, and president, Thomas Heiser, addressed the breach that rocked the security world, and left egg on the company’s face.

Speaking in London during the RSA Conference Europe, RSA’s executive chairman, Art Coviello, and president, Thomas Heiser, addressed the breach that rocked the security world, and left egg on the company’s face.

Calling it a trial by fire, Heiser addressed the reaction to RSA’s PR nightmare with another apology.

RSA Europe 2011“Many stakeholders felt we could have done more and we should have done more, sooner, and to those customers we inconvenienced, we truly apologize.”

Heiser said that the attack did not undermine the integrity of RSA’s entire system. This while reiterating that the attackers knew what they were looking for, were persistent, and coordinated.

“Two groups were involved in the attack. Both are known to authorities, but they have never worked together before” he commented during a keynote address.

Coviello added a little more detail to that statement, while leaving the door open to speculation.

“There were two individual groups from one nation state, one supporting the other. One was very visible and one less so… We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication, and resources involved it could only have been a nation state.”

The Department of Homeland Security and the FBI are still investigating the case, and RSA has avoided reporting additional information due to this fact. However, the attackers did leave information behind, presenting a stable starting point. After the breach, recently acquired technology from NetWitness helped with the investigation and remediation.

“The existing perimeter is not enough, which is why we bought NetWitness. The NetWitness technology allowed us to determine damage and carry out remediation very quickly,” Coviello commented.

Advertisement. Scroll to continue reading.

On the point that the attack on RSA led to other breaches, including those against U.S. military contractors, Heiser noted that the media got it wrong in some cases, establishing that only one contractor had actually been hit. Heiser did not name the defense contractor, but Lockheed Martin reported a breach back in May, noting that RSA SecurID tokens would be replaced.

For the most part, while the keynote session and Q&A were insightful, RSA refused to offer additional details on the attack. It doesn’t want the groups behind the breach to have any idea what the company knows about them. Plus, the incident is still under investigation.

Related Reading: Three Lessons from the RSA Hack, from a Customer’s Perspective

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.