Welcome!

News Feed Item

New RSA Innovation Helps Thwart "Smash-and-Grab" Credential Theft

RSA Distributed Credential Protection is Engineered to Remove Primary Points of Compromise; Scrambles, Randomizes and Splits Authentication Credentials Across Multiple Servers, Data Centers and the Cloud

LONDON, Oct. 9, 2012   /PRNewswire/ --

News Summary:

  • RSA has introduced a unique technology to mitigate the risk of stolen passwords, answers to security questions, and other stored credentials and secrets.
  • RSA Distributed Credential Protection is designed to eliminate a primary point of compromise by proactively or reactively scrambling, randomizing, and splitting sensitive data across multiple locations.
  • Innovative new technology developed by RSA® Labs bolsters the defense-in-depth strategy for enterprise portals and web portal providers while limiting impact to usability.

Full Story:

RSA, The Security Division of EMC (NYSE: EMC), today introduced an innovative new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.

RSA® Distributed Credential Protection is engineered to scramble, randomize and split secrets and authentication credentials into two separate locations.  Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of successful "smash-and-grab" attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.

With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information.  As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.

Engineered by RSA Labs, this new capability is the result of groundbreaking work in Split Value Cryptographic Authentication.  Credentials secured by RSA Distributed Credential Protection benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.

According to the Verizon 2012 Data Breach Investigation Report, of the data breaches investigated in 2011, servers were among the primary target assets in 64% of investigations and those accounted for 94% of compromised records.  Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction and customer attrition.   By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today. 

Key benefits of RSA Distributed Credential Protection:

  • Designed to reduce the risk of bulk credential data loss that so often results from "smash-and-grab" cyber attacks.
  • Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
  • If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
  • Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
  • Deployment is transparent to end users.
  • A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.
    Available in Q4 2012, RSA will showcase RSA Distributed Credential Protection at RSA® Conference Europe 2012 in London.

RSA Executive Quote:

Dan Schiappa, Senior Vice President of Identity and Data Protection, RSA

"RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs.  This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.  This new approach to credential protection will be a game-changer for organizations responsible for the security of very large numbers of end user access credentials."

Analyst Quote:

Scott Crawford, Managing Research Director, Enterprise Management Associates

"Recent, high profile breaches have highlighted the inadequacies of some implementations of credential protection techniques such as hashing and salting. Given the threats posed by attackers seeking to compromise large sources of access credentials and other high-value information, organizations must take these risks seriously and, in some cases, consider new approaches, such as that introduced by RSA."

Featured Resources:

Additional Resources:

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.  All other products and/or services referenced are trademarks of their respective companies. 

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Predictive analytics tools monitor, report, and troubleshoot in order to make proactive decisions about the health, performance, and utilization of storage. Most enterprises combine cloud and on-premise storage, resulting in blended environments of physical, virtual, cloud, and other platforms, which justifies more sophisticated storage analytics. In his session at 18th Cloud Expo, Peter McCallum, Vice President of Datacenter Solutions at FalconStor, discussed using predictive analytics to mon...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Get deep visibility into the performance of your databases and expert advice for performance optimization and tuning. You can't get application performance without database performance. Give everyone on the team a comprehensive view of how every aspect of the system affects performance across SQL database operations, host server and OS, virtualization resources and storage I/O. Quickly find bottlenecks and troubleshoot complex problems.
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Regulatory requirements exist to promote the controlled sharing of information, while protecting the privacy and/or security of the information. Regulations for each type of information have their own set of rules, policies, and guidelines. Cloud Service Providers (CSP) are faced with increasing demand for services at decreasing prices. Demonstrating and maintaining compliance with regulations is a nontrivial task and doing so against numerous sets of regulatory requirements can be daunting task...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...