Welcome!

News Feed Item

New RSA Innovation Helps Thwart "Smash-and-Grab" Credential Theft

RSA Distributed Credential Protection is Engineered to Remove Primary Points of Compromise; Scrambles, Randomizes and Splits Authentication Credentials Across Multiple Servers, Data Centers and the Cloud

LONDON, Oct. 9, 2012   /PRNewswire/ --

News Summary:

  • RSA has introduced a unique technology to mitigate the risk of stolen passwords, answers to security questions, and other stored credentials and secrets.
  • RSA Distributed Credential Protection is designed to eliminate a primary point of compromise by proactively or reactively scrambling, randomizing, and splitting sensitive data across multiple locations.
  • Innovative new technology developed by RSA® Labs bolsters the defense-in-depth strategy for enterprise portals and web portal providers while limiting impact to usability.

Full Story:

RSA, The Security Division of EMC (NYSE: EMC), today introduced an innovative new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.

RSA® Distributed Credential Protection is engineered to scramble, randomize and split secrets and authentication credentials into two separate locations.  Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of successful "smash-and-grab" attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.

With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information.  As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.

Engineered by RSA Labs, this new capability is the result of groundbreaking work in Split Value Cryptographic Authentication.  Credentials secured by RSA Distributed Credential Protection benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.

According to the Verizon 2012 Data Breach Investigation Report, of the data breaches investigated in 2011, servers were among the primary target assets in 64% of investigations and those accounted for 94% of compromised records.  Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction and customer attrition.   By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today. 

Key benefits of RSA Distributed Credential Protection:

  • Designed to reduce the risk of bulk credential data loss that so often results from "smash-and-grab" cyber attacks.
  • Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
  • If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
  • Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
  • Deployment is transparent to end users.
  • A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.
    Available in Q4 2012, RSA will showcase RSA Distributed Credential Protection at RSA® Conference Europe 2012 in London.

RSA Executive Quote:

Dan Schiappa, Senior Vice President of Identity and Data Protection, RSA

"RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs.  This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks.  This new approach to credential protection will be a game-changer for organizations responsible for the security of very large numbers of end user access credentials."

Analyst Quote:

Scott Crawford, Managing Research Director, Enterprise Management Associates

"Recent, high profile breaches have highlighted the inadequacies of some implementations of credential protection techniques such as hashing and salting. Given the threats posed by attackers seeking to compromise large sources of access credentials and other high-value information, organizations must take these risks seriously and, in some cases, consider new approaches, such as that introduced by RSA."

Featured Resources:

Additional Resources:

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.  All other products and/or services referenced are trademarks of their respective companies. 

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said “No to LUNs.” With Tintri they mana...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, will compare the Jevons Paradox to modern-day enterprise IT, e...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Whether they’re located in a public, private, or hybrid cloud environment, cloud technologies are constantly evolving. While the innovation is exciting, the end mission of delivering business value and rapidly producing incremental product features is paramount. In his session at @DevOpsSummit at 19th Cloud Expo, Kiran Chitturi, CTO Architect at Sungard AS, will discuss DevOps culture, its evolution of frameworks and technologies, and how it is achieving maturity. He will also cover various st...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...