Speaking in London during the RSA Conference Europe, RSA’s executive chairman, Art Coviello, and president, Thomas Heiser, addressed the breach that rocked the security world, and left egg on the company’s face.
Calling it a trial by fire, Heiser addressed the reaction to RSA’s PR nightmare with another apology.
“Many stakeholders felt we could have done more and we should have done more, sooner, and to those customers we inconvenienced, we truly apologize.”
Heiser said that the attack did not undermine the integrity of RSA’s entire system. This while reiterating that the attackers knew what they were looking for, were persistent, and coordinated.
“Two groups were involved in the attack. Both are known to authorities, but they have never worked together before” he commented during a keynote address.
Coviello added a little more detail to that statement, while leaving the door open to speculation.
“There were two individual groups from one nation state, one supporting the other. One was very visible and one less so… We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication, and resources involved it could only have been a nation state.”
The Department of Homeland Security and the FBI are still investigating the case, and RSA has avoided reporting additional information due to this fact. However, the attackers did leave information behind, presenting a stable starting point. After the breach, recently acquired technology from NetWitness helped with the investigation and remediation.
“The existing perimeter is not enough, which is why we bought NetWitness. The NetWitness technology allowed us to determine damage and carry out remediation very quickly,” Coviello commented.
On the point that the attack on RSA led to other breaches, including those against U.S. military contractors, Heiser noted that the media got it wrong in some cases, establishing that only one contractor had actually been hit. Heiser did not name the defense contractor, but Lockheed Martin reported a breach back in May, noting that RSA SecurID tokens would be replaced.
For the most part, while the keynote session and Q&A were insightful, RSA refused to offer additional details on the attack. It doesn’t want the groups behind the breach to have any idea what the company knows about them. Plus, the incident is still under investigation.
Related Reading: Three Lessons from the RSA Hack, from a Customer’s Perspective