As you may have heard, an extremely sophisticated cyber attack was mounted against EMC, aimed specifically at the RSA business unit. According to RSA, the attack resulted in certain information being extracted from RSA, including information specifically related to RSA's SecurID two-factor authentication products. RSA says this information does not enable a successful direct attack on RSA SecureID customers. In addition, RSA does not believe that either customer or employee personally identifiable information was compromised as a result of this incident.
Nevertheless, RSA indicates that the information obtained in the attack could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA suggests customers take a series of steps to harden their SecurID implementations and security infrastructure. Those steps are outlined in the document below. Please review the information and take the appropriate steps based on the RSA products you are using and the needs of your organization. There is an open letter to customers from Art Coviello, CEO of RSA, on RSA.com: http://www.rsa.com/node.aspx?id=3872 As always, your CDW team is available to help you with questions and issues unique to your organization. Please contact us for assistance. Message from RSA We have determined that a recent attack on RSA's systems has resulted in certain information being extracted from RSA's systems that relates to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action. Description: Recently EMC's security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations. Affected Products: * The affected products are RSA SecurID implementations. * RSA SecurID(r) Authenticators * RSA Authentication Agents * RSA SecurID Software Token * RSA(r) Authentication Manager * RSA Authentication Manager 6.1 * RSA Authentication Manager 7.1 * RSA SecurID Authentication Engine Overall Recommendations: RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note. * We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks. * We recommend customers enforce strong password and pin policies. * We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators. * We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person's identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts. * We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories. * We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes. * We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software. * We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack. * We recommend customers update their security products and the operating systems hosting them with the latest patches. Joanna Ardizzone Account Manager | Great Lakes Region - Ohio and Kentucky CDW Phone: 847-419-7403 Direct Toll Free: 1-877-325-3352 Fax: 847-419-8603 E-mail: [email protected]<mailto:[email protected]> [cid:[email protected]] [cid:[email protected]] If you do not wish to receive e-mails related to product or service offers from your CDW representative, please reply to this e-mail with "unsubscribe" in the subject line. Confidentiality Notice: This email message and any files transmitted with it may contain confidential information intended only for the person(s) to whom this email is addressed. If you have received this email in error, please notify the sender immediately by phone or email and destroy the original message without making a copy. Thanks ********************************************************************** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ********************************************************************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.png>>
<<inline: image002.png>>
