Welcome!

News Feed Item

New RSA Innovation Helps Thwart "Smash-and-Grab" Credential Theft

RSA Distributed Credential Protection is Engineered to Remove Primary Points of Compromise; Scrambles, Randomizes and Splits Authentication Credentials Across Multiple Servers, Data Centers and the Cloud

LONDON, Oct. 9, 2012   /PRNewswire/ --

News Summary:

  • RSA has introduced a unique technology to mitigate the risk of stolen passwords, answers to security questions, and other stored credentials and secrets.
  • RSA Distributed Credential Protection is designed to eliminate a primary point of compromise by proactively or reactively scrambling, randomizing, and splitting sensitive data across multiple locations.
  • Innovative new technology developed by RSA® Labs bolsters the defense-in-depth strategy for enterprise portals and web portal providers while limiting impact to usability.

Full Story:

RSA, The Security Division of EMC (NYSE: EMC), today introduced an innovative new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.

RSA® Distributed Credential Protection is engineered to scramble, randomize and split secrets and authentication credentials into two separate locations.  Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of successful "smash-and-grab" attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.

With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information.  As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.

Engineered by RSA Labs, this new capability is the result of groundbreaking work in Split Value Cryptographic Authentication.  Credentials secured by RSA Distributed Credential Protection benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.

According to the Verizon 2012 Data Breach Investigation Report, of the data breaches investigated in 2011, servers were among the primary target assets in 64% of investigations and those accounted for 94% of compromised records.  Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction and customer attrition.   By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today. 

Key benefits of RSA Distributed Credential Protection:

  • Designed to reduce the risk of bulk credential data loss that so often results from "smash-and-grab" cyber attacks.
  • Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
  • If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
  • Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
  • Deployment is transparent to end users.
  • A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.
    Available in Q4 2012, RSA will showcase RSA Distributed Credential Protection at RSA® Conference Europe 2012 in London.

RSA Executive Quote:

Dan Schiappa, Senior Vice President of Identity and Data Protection, RSA

"RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs.  This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.  This new approach to credential protection will be a game-changer for organizations responsible for the security of very large numbers of end user access credentials."

Analyst Quote:

Scott Crawford, Managing Research Director, Enterprise Management Associates

"Recent, high profile breaches have highlighted the inadequacies of some implementations of credential protection techniques such as hashing and salting. Given the threats posed by attackers seeking to compromise large sources of access credentials and other high-value information, organizations must take these risks seriously and, in some cases, consider new approaches, such as that introduced by RSA."

Featured Resources:

Additional Resources:

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.  All other products and/or services referenced are trademarks of their respective companies. 

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - we've lost control, we've given up cost to a certain extent, and then security, flexibility," explained Steve Conner, VP of Sales at Cloudistics,in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.