Eddie Schwartz, CSO at a part of RSA (NetWitness), will take on the title of CSO at RSA. This confirms both that NetWitness was involved in the response to the recent RSA breach and that Mel Brooks is a comic genius.
The large and looming issues ahead for Schwartz do not appear to be related to an advanced or a persistent threat (APT), although that is obviously a good topic to drum up sales of security products.
Instead he will have to address the usual, routine and mundane security problems revealed by RSA’s breach blog entry:
- Role Based Access Controls (RBAC): whether and where low-authority and therefore less-secure systems and users have access to high-value assets
- Egress Filtering: why outbound file transfers are allowed to unknown or known hostile addresses (e.g. application-level inspection of traffic for RAT in reverse-connect mode)
- Application sandboxing: why binaries (i.e. flash) are not stripped from Excel using Microsoft Office Isolated Conversion Environment (MOICE) or similar
- Awareness: if “certain groups” are targeted from the outside, then surely they can be even more easily targeted on the inside for training…like why they shouldn’t execute large email attachments in their spam folder
Zero-day exploits alone do not consitute advanced attacks, not least of all because the definition of what constitutes a zero-day is up for debate. A targeted email list alone does not constitute persistance. But whether or not the breach should get a popular label, congrats goes to RSA for giving me this opportunity to include a Spaceballs reference in my blog.