|By PR Newswire||
|October 9, 2012 04:02 AM EDT||
LONDON, Oct. 9, 2012 /PRNewswire/ --
- RSA has introduced a unique technology to mitigate the risk of stolen passwords, answers to security questions, and other stored credentials and secrets.
- RSA Distributed Credential Protection is designed to eliminate a primary point of compromise by proactively or reactively scrambling, randomizing, and splitting sensitive data across multiple locations.
- Innovative new technology developed by RSA® Labs bolsters the defense-in-depth strategy for enterprise portals and web portal providers while limiting impact to usability.
RSA, The Security Division of EMC (NYSE: EMC), today introduced an innovative new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.
RSA® Distributed Credential Protection is engineered to scramble, randomize and split secrets and authentication credentials into two separate locations. Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of successful "smash-and-grab" attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.
With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information. As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.
Engineered by RSA Labs, this new capability is the result of groundbreaking work in Split Value Cryptographic Authentication. Credentials secured by RSA Distributed Credential Protection benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.
According to the Verizon 2012 Data Breach Investigation Report, of the data breaches investigated in 2011, servers were among the primary target assets in 64% of investigations and those accounted for 94% of compromised records. Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction and customer attrition. By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today.
Key benefits of RSA Distributed Credential Protection:
- Designed to reduce the risk of bulk credential data loss that so often results from "smash-and-grab" cyber attacks.
- Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
- If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
- Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
- Deployment is transparent to end users.
- A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.
Available in Q4 2012, RSA will showcase RSA Distributed Credential Protection at RSA® Conference Europe 2012 in London.
RSA Executive Quote:
Dan Schiappa, Senior Vice President of Identity and Data Protection, RSA
"RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs. This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks. This new approach to credential protection will be a game-changer for organizations responsible for the security of very large numbers of end user access credentials."
Scott Crawford, Managing Research Director, Enterprise Management Associates
"Recent, high profile breaches have highlighted the inadequacies of some implementations of credential protection techniques such as hashing and salting. Given the threats posed by attackers seeking to compromise large sources of access credentials and other high-value information, organizations must take these risks seriously and, in some cases, consider new approaches, such as that introduced by RSA."
- RSA Video: With RSA DCP, a Security Breach Doesn't Equal Credential Loss
- RSA Video: Introducing RSA Distributed Credential Protection
- RSA Blog: Mobile Phones and "Mobile" Adversaries: Announcing RSA Distributed Credential Protection – By Dr. Ari Juels, RSA Labs Chief Scientist
- RSA Blog: Adapt or Die – Even Passwords Can Get Tougher – By Sam Curry, CTO, RSA Identity & Data Protection
- RSA Podcast: A Revolutionary Way to Secure Bulk Credentials – RSA Distributed Credential Protection
- Learn more about Trusted IT from EMC
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.
SOURCE EMC Corporation
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Aug. 27, 2016 03:15 AM EDT Reads: 1,758
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abil...
Aug. 27, 2016 02:30 AM EDT Reads: 1,997
With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
Aug. 27, 2016 01:45 AM EDT Reads: 1,725
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
Aug. 27, 2016 01:30 AM EDT Reads: 2,079
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions wi...
Aug. 27, 2016 01:15 AM EDT Reads: 2,001
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
Aug. 27, 2016 12:45 AM EDT Reads: 2,929
With over 720 million Internet users and 40–50% CAGR, the Chinese Cloud Computing market has been booming. When talking about cloud computing, what are the Chinese users of cloud thinking about? What is the most powerful force that can push them to make the buying decision? How to tap into them? In his session at 18th Cloud Expo, Yu Hao, CEO and co-founder of SpeedyCloud, answered these questions and discussed the results of SpeedyCloud’s survey.
Aug. 27, 2016 12:45 AM EDT Reads: 2,146
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
Aug. 27, 2016 12:15 AM EDT Reads: 2,280
Actian Corporation has announced the latest version of the Actian Vector in Hadoop (VectorH) database, generally available at the end of July. VectorH is based on the same query engine that powers Actian Vector, which recently doubled the TPC-H benchmark record for non-clustered systems at the 3000GB scale factor (see tpc.org/3323). The ability to easily ingest information from different data sources and rapidly develop queries to make better business decisions is becoming increasingly importan...
Aug. 26, 2016 10:45 PM EDT Reads: 2,070
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
Aug. 26, 2016 10:00 PM EDT Reads: 1,854
Kubernetes, Docker and containers are changing the world, and how companies are deploying their software and running their infrastructure. With the shift in how applications are built and deployed, new challenges must be solved. In his session at @DevOpsSummit at19th Cloud Expo, Sebastian Scheele, co-founder of Loodse, will discuss the implications of containerized applications/infrastructures and their impact on the enterprise. In a real world example based on Kubernetes, he will show how to ...
Aug. 26, 2016 09:15 PM EDT Reads: 1,439
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Aug. 26, 2016 07:15 PM EDT Reads: 438
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
Aug. 26, 2016 07:00 PM EDT Reads: 726
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Aug. 26, 2016 07:00 PM EDT Reads: 667
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Aug. 26, 2016 06:00 PM EDT Reads: 1,937