RSA rival SafeNet blasts handling of broken tokens

By

Customers affected by the RSA hack should review access controls and log management.

RSA rival SafeNet has taken a swipe at the company for only replacing compromised tokens for select customers, and has offered a series of remediation steps for those left out.

RSA rival SafeNet blasts handling of broken tokens

The company will replace SecurID tokens compromised in a March attack on its systems for customers with "concentrated user bases typically focused on protecting intellectual property and corporate networks".

It offered risk-based authentication strategies for consumer-focused customers "with a large, dispersed user base, typically focused on protecting web-based financial transactions".

"In other words, if RSA views your data to be valuable enough to secure, then they say they will replace your potentially compromised SecurID tokens," SafeNet Asia Pacific vice president Humphrey Chan said.

"Beyond asking themselves if they are lucky enough to be considered for a replacement, customers should really be asking if replacing old tokens with new ones actually solves the problem."

Chan said companies should ensure they do not have a single point of failure and focus on network hardening.

"If this conversation stays limited to one-time-password authentication and token swaps, then we haven’t learned anything."

The company's director of government security solutions, Chris Ensey, offered security remediation tips for affected companies.

  • Update client protections: It is important to require clients to update system software with the latest security patches and access control policies prior to accessing the network. To reduce the opportunity for key logging of passwords and token information, clients need to make sure all clients connecting via SecurID's are scanned for malware and viruses.
  • Increase access controls: Introduce additional validation (password or PIN) to access the network. This may include requiring strong passwords for accessing highly sensitive data sets and applications. Administrators should also force a password change for accounts to minimise the threat of compromised account information. Any exchange of credential information must be encrypted in transit.
  • Elevate monitoring and audit: IT administrators should look for repeated invalid log in attempts, concurrent log in sessions from different source IPs, and account activity that is anomalous. Other monitoring and audit capabilities should be leveraged to evaluate possible malicious activity.
  • Replace tokens: The best way to protect your organisation from risk is to exchange SecurID tokens for either new tokens with an updated seed, or evaluate options from other vendors. Administrators may wish to temporarily block access to remote users if they are especially concerned about a breach.

RSA was contacted for comment.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
access controlsloggingrsasecuridsecuritytokens

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?