Text of RSA Letter to Clients

Vendor Issues Tips, Customer FAQ
Text of RSA Letter to Clients
RSA has sent a detailed letter to its clients regarding the recent attack against its SecurID two-factor authentication products. It's also hosting customer information calls this week.

Meanwhile, some customers (including Tenable Network Security CSO Marcus Ranum and UAB Medicine's Terrell Herzig) are talking about the strategies they're taking in the wake of the incident.

Following is an excerpt of the letter, as shared with Information Security Media Group by RSA customers:

Summary:

As previously reported, a recent attack on RSA's systems resulted in certain information being extracted related to RSA SecurID authentication products. This note is being provided in order to help customers further assess their risk and prioritize their remediation steps as necessary in relation to this event.

RSA SecurID technology continues to be a very effective authentication solution. Whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold.

Based on feedback from customers, we are issuing this follow-up RSA SecurCare note to help customers assess their risk and prioritize their remediation steps. We strongly urge you to initiate these steps immediately, if they are not already part of your environment. These remediation steps are those we have implemented across RSA's and EMC's business, with respect to our RSA SecurID authentication system.

Description:

Updated content is being provided to help customers further assess their risk and prioritize their remediation steps in relation to this event. All content is available on the RSA SecurCare website, and links to that content are provided in this note. Updated information includes:
  • A Customer FAQ providing answers to help customers further assess their risk and prioritize their remediation steps, if they are not already part of your environment. The FAQ is part of this document.
  • Updates to our best practices guides based on customer feedback, including more detailed Log Monitoring Guidelines related to RSA Authentication Manager 6.x and 7.x implementations.

Affected Products:

The only affected products are RSA SecurID authentication products.

Overall Recommendations:

RSA strongly urges customers to review all documents referenced in this note. Based on customer requests for prioritization of remediation, below are the most important remediation steps being recommended to customers:
  • Secure your Authentication Manager database and ensure strong policy and security regarding any exported data (see Best Practices Guides for specific instructions).
  • Review recent Authentication Manager logs for unusually high rates of failed authentications and/or next token code events, both of which could indicate suspicious activity (see Authentication Manager 6.x and 7.x Log Guidelines and Best Practices Guides for specific instructions)
  • Educate your help desk and end users on best practices for avoiding social engineering attacks such as targeted phishing (see Best Practices Guides for specific instructions)
  • Establish strong PIN and lockout policies for all users (see Best Practices Guides for specific instructions).

If you are unable to access the files via RSA SecurCare Online, please contact support at:

  • U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for RSA SecurCare note
  • Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for RSA SecurCare note
  • International: +1-508-497-7901, Option #5 for RSA, Option #1 for RSA SecurCare note

For additional global contact numbers please reference: http://www.emc.com/collateral/contact-us/h4165-csc-phonelist-ho.pdf

See Also: Customer FAQ: Incident Overview


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.