On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA.
On 6 June 2011, RSA announced a program to replace customers' RSA SecurID one-time password (OTP) authentication product tokens. (For details, see http://www.rsa.com/node.aspx?id=3891 .)
After the March 2011 security incident (see "RSA SecurID Compromise Is of Concern, but Likely Not a Fatal Flaw" ), RSA announced that information about RSA SecurID tokens had been exposed and that an attacker could use that information as part of an attack against SecurID customers. RSA also published guidance for minimizing the risks of such attacks. Gartner understands that RSA replaced SecurID tokens for a smaller number of customers, although RSA did not provide details about these replacements. RSA has now disclosed that it knew that the attack was defense/nation-state motivated; consequently, RSA focused on its military and government customers and replaced tokens for some of these customers.
To attempt to mitigate risks and restore customer confidence, RSA is now offering replacement SecurID tokens to all of its customers, with an early focus on enterprises and industry verticals most likely to be at risk. The token replacement program is expected to take, at minimum, three months, but could last much longer, depending on how many customers choose that additional remediation option. Customers that have received SecurID tokens since 23 March 2011 are not at risk.
Although enterprises will not pay incremental costs for replacement SecurID tokens, they will still face administrative overhead and logistical costs, which could exceed the token list price. This option should be compared with switching to another authentication vendor or method. Enterprises that are able to implement alternative remediation mechanisms may be able to do this more cheaply than implementing replacement tokens. Financial services and other consumer-focused enterprises have the option of augmenting existing SecurID tokens with RSA's Web fraud detection tools, which RSA says it will make available as an option in its remediation program.
Gartner advises taking a conservative approach, as we still don't have enough information about the hackers' identity, motivation and intentions. Other vertical industries are not clearly threatened at this time, but the risk of compromise remains and could spread further; for example, if the original attacker sells the information it acquired. All customers should be wary about how the RSA attack could affect them and their own customers. Enterprises that cannot be absolutely certain that they can apply high levels of fraud detection and best practices recommended by RSA should implement replacement SecurID tokens or consider another vendor's offering.
All authentication methods can be compromised and should never be the sole means of protection for enterprise assets. Cyberthieves have circumvented strong authentication communicated through user browsers to raid bank accounts and other enterprise assets. Gartner has long recommended a layered fraud prevention approach to ensure adequate defenses (see "The Five Layers of Fraud Prevention and Using them to Beat Malware" ).
Prospective SecurID customers:
Current SecurID customers:
Defense industry customers:
Financial services customers and others relying on SecurID for external user authentication:
Some documents may not be available as part of your current Gartner subscription.
|Resource Id: 1719120|