Skip navigation
All Places > Products > RSA Adaptive Authentication > Blog
1 2 Previous Next

RSA Adaptive Authentication

17 posts

In today’s fast-paced, continuously developing world of Cyber Security, an organization’s priorities have shifted from only getting maximum protection against all sorts of digital risk to getting such protection while efficiently regulating its operational costs and making the lives of Cyber Security professionals and analysts easier. And this is what RSA Adaptive Authentication is focused on…

Designed to provide omnichannel fraud detection and prevention capabilities with minimal end-user intervention rates, RSA Adaptive Authentication also has the capabilities and features to help Fraud Analysts and Security Specialists track and study the general behavior of their end-users in a way that will help them enhance their organization’s policies, fraud detection, and prevention strategies. One of those features is the Case Management application of the RSA Adaptive Authentication Back Office suite.

The by-the-book definition of Case Management is an application that enables Fraud Analysts to track and investigate end-user activity. But what this definition really tells us is that Case Management is meant to be every Fraud Analyst’s right-hand man as it provides an open environment for researching end-user activities (mainly suspicious and fraudulent ones), trends, and behavioral patterns without compromising the end-user’s privacy, which is basically what every Fraud Analyst needs, right?


Let me tell you a story…


Since I started off in RSA as an Instructional Designer for training courses and other content, and as I got to learn more about Adaptive Authentication, one common thing that I heard from almost every expert I met or had a conversation with was how important it is for every Security professional, especially Fraud Analysts, working with Adaptive Authentication to understand the full capabilities of Case Management. Not just that, but also, how to use those capabilities in the best way possible because, if used properly, Case Management can be of enormous benefit to an organization’s Fraud Detection Rate as well as the efficiency of Fraud Analysts in the organization; the thing that will lead to a better overall end-user experience and, accordingly, maintain the loyalty of the end-users to your organization.  

And I must admit, the more I learn about Case Management, the more convinced I become that, yes, Case Management is a Fraud Analyst’s best friend.


Take, for instance, the research tools Case Management offers. There is a diverse set of research filters that enables you to look for, filter and sort not only cases but also standalone activities based on a plethora of criteria like end-user ID, date, activity type… you name it. Then there are the different views via which the results are displayed, giving you the chance to pick the view which is most convenient for you.


I know I might sound like I’m trying to sell Case Management to you, but here’s the thing, if you’re already using Adaptive Authentication and you already have a good application that will probably make your day-to-day job easier and give you better results, why not use it and get the benefit? You already have it, so you might as well use it.

So, here’s what we decided to do, and by we, I mean RSA Educational Services. We decided to prepare a training course on Case Management that will get you acquainted with the application, understand what it does and how you can make the best out of it.  The course includes demo videos showcasing how to use the different pages and research tools in Case Management.


You can access the training here:

We hope you find the training beneficial and that it becomes the start of a good Fraud Analyst/Right-hand Man friendship.


Stay safe and fraud-free!

The Omnivorous Days: Stopping Fraud Not Customers


Digital transformation has become compulsory for every organization to remain relevant and competitive in today’s digital economy. With a growing array of channels available, customers seemingly have infinite possibilities for conducting business. Consumers expect the best digital experiences delivered with the least friction. In order to meet end user demand for convenience, organizations continue to extend product and service offerings across a variety of digital channels. At the same time, this expansion of channels increases the risk of fraud. The ability to manage the risk of fraud can become what frees organizations to embrace business opportunity. A critical consequence of the proliferation of channels is the problem of having multiple channels that operate independently of each other.

Today, we’re pleased to announce the latest release of RSA Adaptive Authentication. RSA Adaptive Authentication v14 now includes omnichannel fraud protection, which enables the application to provide centralized fraud detection and prevention across channels, such as Web, Mobile, ATM, IVR, Call Center, Branch and a custom channel. With omnichannel protection, customers can send traffic from different channels and RSA provides fraud detection and prevention for each channel. This includes cross channel correlation and analysis, providing a holistic view of user activities across the different channels being used. RSA Adaptive Authentication v14 offers a variety of new benefits, such as preventing fraud in additional channels, increasing fraud detection rates, expanding cross-channel analysis, and centralizing fraud management.

This release uniquely blends multiple RSA Adaptive Authentication components and capabilities:

  • Cross channel risk assessment: Not only does our machine-learning-based risk engine now provide assessment for additional channels, it also knows to enhance its own assessments using data from across the channels
  • Channel agnostic risk models: To further scale our risk engine capabilities, especially considering the growing number of channels, we have eliminated the need to maintain a predefined risk model for each of the new channels. Instead, the risk engine will learn by itself as it goes, correcting and re-weighting its evaluations on an ongoing basis
  • Ecosystem risk facts: To enable the above, and to allow additional external data elements for risk assessment, the RSA Adaptive Authentication risk engine supports risk score custom facts
  • Centralized management and analysis: Back office tools now provide a holistic view of users’ activities across channels, enabling a “single pane of glass” experience to consumer fraud management. Everything from building rules in policy management, investigating omnichannel cases, reviewing cases in case management to analyzing data via reports


Check out the latest RSA Adaptive Authentication v14 Product Documentation, and join the conversation @RSAFraud.

When migrating customers from Adaptive Authentication Hosted (AAH) to Adaptive Authentication Cloud (AAC), RSA’s goal is to make sure this migration is as seamless as possible both for the customer and for their end users.

The Adaptive Authentication Hosted customer base is very diverse, from financial institutes to insurance companies to large technical service providers. As such, there is no one migration solution to fit them all.

This is why we have designed two highly customizable migration paths

  • The concurrent path includes a silent learning mechanism that will mirror the traffic in AAH to AAC and will be managed by RSA
  • The side by side path involves RSA helping the customer build a silent learning mechanism that will handle all their unique use cases and constraints.


The data migration tools used to accomplish this are independent and can be executed upon request regardless of the migration option. Please note that this comes with some constraints as well.

As a first step, RSA will scope and analyze a customer’s AAH implementation as there are a few critical factors that need to be verified before we can offer the optimal solution including

  • GDPR Compliance RSA will need to ensure that no Personally Identifiable Information (PII) is stored in a Cloud deployment in order to comply with GDPR. We will help the customer evaluate Regulation their data and recommend if anonymization is required prior to the migration.
  • API version is also a critical factor as AAC supports the latest versions of both AAH v6.5 and AAOP v7.0 APIs. Although RSA recommends updating to the latest APIs so that customers can take full advantage of the features and enhancements in AA Cloud, customers on lower versions may be limited to the side by side migration path.


These are just two of the many factors that will be considered by RSA Professional Services in conjunction with the customer.

For a successful migration, the customer will need to be able to provide the most accurate information about their current use of the application, their needs, and their expectations so that the correct project scoping and preparations can be accomplished.


RSA is fully engaged to make sure the migrations are flawless and that all our AAH customers will be able to enjoy the latest features of AAC, the highest availability and scalability of the cloud and the best fraud preventions solution on the market.


Post sales engagement, RSA Professional Services will take over the project and will run it from day one to a week after a successful switchover to AAC. Professional services will be engaging the SaaS Operations and Engineering directly for any process or concern, ensuring the fastest resolution to any issue that may pop up.

The road to Cloud is open and RSA Professional Services wants to make sure that our customers will have a smooth ride to their final destination.

Product advisories on RSA Link are an important avenue of communication between RSA and its customers as they herald in the news of new product releases, warn of upcoming scheduled maintenance for SaaS environments and provide recommendations around potential security vulnerabilities and widespread technical issues.


As such, it is essential that customers are able to receive and access these advisories in most effective way possible.  To accomplish this, the RSA Link administration team is always looking for ways to improve the platform and its user experience by analyzing customer feedback and through other methods.


It was through customer feedback that an improvement opportunity was identified around the RSA® Adaptive Authentication advisories in particular.  Since the initial launch of RSA Link there had been no distinction between the different product offerings—meaning CloudHosted and On-Premise—when triggering email notifications to be sent for published advisories.  This meant that customers were always receiving advisories for all three offerings even if they only had one of them.


In an effort to improve this, the original advisories pages on RSA Link were divided into three sections, one for each offering, and the existing advisories were dispersed to the appropriate locations based on the information they contained.  The advisories are now found in the pages listed below on RSA Link.



You can access the pages by navigating to the RSA Adaptive Authentication page on RSA Link (via the home page, the website footer or by navigating to the RSA Fraud & Risk Intelligence Suite page via the main menu) and hovering over the Advisories option in the main product menu, which will allow you select the appropriate offering.  This is shown in the screenshot below.



You will then be taken to the advisories page for that specific offering, where you will have the ability to view and search for the four different types of advisories for said offering. The five most recently published advisories for each advisory type are displayed directly on the page, and users have the ability to quickly locate earlier advisories using the View All buttons or the links under the Advisory Types list in the right column.


The Security Advisories and Service Notifications in the screenshot above have been purposefully blurred for security reasons as those advisory types can only be viewed by RSA® Adaptive Authentication (On-Premise) customers with active maintenance contracts.

Additionally, as noted earlier, when a new advisory is published or an existing advisory is updated, you will now only be notified via email for the offering(s) for which you have an active maintenance contract or for which you have manually subscribed.


(For more information about how advisories work on RSA Link, please refer to the RSA Link Frequently Asked Questions page and the following knowledge base article:  000035577 - How do I subscribe to product advisories on RSA Link?)


This is just one example of how RSA is continuously striving to improve the overall user experience on RSA Link for customers, partners and employees.  If you have any additional suggestions on how the make the experience even better, please let us know by filling out the brief RSA Link Survey at or by submitting an enhancement idea in the RSA Ideas for RSA Adaptive Authentication sub-community.

Yael Gour

Launching RSA Ideas

Posted by Yael Gour Employee Apr 3, 2018

For years RSA has been in business of providing best-in-class security  and Anti fraud products and services to you, our customers.  I am proud to be surrounded by extremely intelligent and creative coworkers who amaze me with their knowledge, imagination, and ability to make abstract a reality on daily basis.  However, I am even more astounded by the unending well of new ideas I see coming from our customer community every time I interact with or observe an interaction between us and you.  You are the true inspiration and driving force of our innovation.  We build products that solve your problems, we offer services that help you, and everything we do - we do with you and your success in mind.


This is why I am happy to officially introduce you to a new way to harvest and crowdsource our collective ideas together.  This month, we have launched new idea pages on our RSA Link Community:

These destination pages are places for you to show off your creativity and need, to suggest ways that would improve our offerings to help you be more successful.  It is also the place where you can collaborate on your ideas with other like-minded individuals and vote on ideas suggested by others.


We have a great customer community, let’s harness its creative power to see what we can come up with together.


For more information, please check out the following FAQs:

It was amazing to me to see so many Compliance, Risk and Security professionals in one place, learning from subject matter experts and from each other through technical deep dives and business-driven use cases focused on delivering best practice and lessons learned.  I had the opportunity to speak with so many RSA customers and was inspired by the great work they are doing.    


One of the highlights of the event was that over 100 RSA customers got up on stage during Charge to present their unique use case and the challenges and opportunities they have addressed with the help of RSA solutions.  Thank you for sending us your feedback; it is great to see that overall you felt that the sessions were impactful and of value. 


During Charge you completed evaluations for the sessions that you attended.  These provide us great information, including what sessions you enjoyed the most – you confirmed that one presentation from each RSA Suite clearly stood out as being the BEST! 


Out of 92 outstanding Breakout sessions that took place on Wednesday, October 17 and Thursday, October 18 winners were selected by RSA Charge 2017 attendees for being best overall in:


  • Overall Value
  • Presentation Skills
  • Credibility/Knowledge
  • Engaging/Interactive
  • Avoided Commercialization
  • Relevance


We would like to announce, recognize and sincerely thank the recipients of the RSA CHARGE 2017 Best in Show Award:


            RSA Archer Suite Best in Show Award:

Deanne Dinslage, Sr. Archer Systems Administrator, Assistant Vice President, Bank of the West & Andrea Dollen, Manager, True8 Solutions            

Beyond the Customer - Making RSA Archer Suite Work for YOU! - Tired of hours of documentation for minutes of build?  Let me show you how to use RSA Archer Suite to do this in a few clicks with better results!


RSA Fraud & Risk Intelligence Suite Best in Show Award:

Damon Marracini, Vice President, Citi; Michael O’Connor, eCommerce Principal Product Marketing Manager, RSA; Greg Zaharchuk, Fraud Investigator, Vanguard; Qasim Zaidi, Cyber Process Manager, Capital One; Alma Zohar, Web Threat Detection Product Manager, RSA

Tales from the Trenches: Using Web Threat Detection to Fight Fraud - Learn how RSA Web Threat Detection is helping customers fight real-world cyber fraud.


RSA NetWitness Suite Best in Show Award:

Sean Catlett, SVP, Emerging Services, Optiv

Building a Modern Security Program:  Or… “If I Had to Start Over, What Would I Do?” – Discussion on keys to building your SOC and defending your enterprise using orchestration and automation.


RSA SecurID Suite Best in Show Award:

Michael Duncan, Program/Process Manager, Ameritas Life Insurance Corp; Lisa Ferraro, Developer, Ameritas Life Insurance Corp; Ravi Makam, Principal Consultant, Optiv

Insights and Lessons Learned from Upgrading RSA Identity Governance and Lifecycle and Going Virtual - Ameritas Life Insurance Corporation and Optiv Discuss Upgrading to RSA Identity Governance and Lifecycle Version 7.0.1 and go from a hard appliance to VM's to take advantage of new product capabilities.


Congratulations to all the Best in Show Award winners – RSA Charge 2017 attendees selected these from over 92 sessions!  Great job and thank you!



This year’s RSA Charge event is definitely one not to miss. If you have not yet registered please do so today to secure the Discount Rate of $745, saving you $200 through September 15. Registration on the RSA Charge 2017 website couldn’t be easier.


Still on the fence? Check out the Full Agenda with over 90 sessions, 35 hands-on labs, and 140+ thought leader industry experts you’ll agree this is the premier event on RSA Business-Driven Security™ solutions. You can also take this opportunity to build your own personal business-driven security experience for Charge.


Another way to save: Friends with Benefits! They say sharing is caring, so ‘already registered’ RSA Charge attendees can now share the love by forwarding this code to a peer or colleague and he/she will receive $100 off the current $745 registration fee by using this code from you: FRIENDS17. This code too expires on Sept. 15, so share the love today!


And, finally, in case there are still some doubters amongst you, watch these two RSA Charge videos – you’ll be convinced that RSA Charge 2017 is the place to be seen and heard, Oct. 17-19 @ Hilton Hotel Anatole, Dallas. See you soon!


RSA President Rohit Ghai

RSA Fraud & Risk Intelligence Matthew Long


RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world. Join us October 17 – 19 at the Hilton Anatole in Dallas, Texas.

The consumer world is at a historical inflection point in which the ways individuals are interacting and transacting is changing more than we have ever seen before. Organizations are now managing multiple digital channels and face unprecedented business and security challenges ranging from legislative pressure, competition from new entrants forcing organizations to offer consumers more convenience and flexibility and the increase in potential points of vulnerabilities in which cybercriminals can gain access. These disruptors in the consumer space are all interrelated and if not looked at that way will have grave consequences to the security of those environments. Especially, the financial services industry which is facing disruptive pressures on many fronts:

  • Customer expectations are changing – digital transactions are expected to be fast, frictionless, personalized, channel agnostic and secure.
  • FinTech innovation is leading to new competition offering digital services forcing organizations to rethink their strategy and create new partnerships powered by the API economy.
  • Sweeping global regulations are being created to drive more accountability for consumer data protection, security and privacy such as PSD2, GDPR, SEPA and FFIEC.
  • Dramatic growth in digital interactions driven by flexibility in transacting through Internet of Things (IOT), shift towards online shopping and payments innovation like 3DS 2.0. Yet, minimal growth in organizational resources to mitigate fraud and keep pace with cybercrime is forcing organizations to leverage new technologies like data analytics and automation and case management.

The Fraud and Risk Intelligence track at RSA Charge will address many of these trends and how RSA’s strategy and roadmap is helping our customers on their journey to an omni-channel fraud management strategy. The track title is aptly named “Reducing Fraud – Not Your Customers” as we recognize the challenge our customers face to reduce fraud without impacting the user experience. We will be featuring some interesting customer case studies on fraud detection and prevention in the cloud, some great discussions planned on the consumer authentication and mobile revolution, best practices for securing the open banking API economy, and how organizations can leverage machine automation to mitigate fraud more effectively.


Also, we will be hosting a peer birds of a feather luncheon which will include topics such as mobile fraud strategies, planning for 3D Secure 2.0 and digital payments and there will be an exclusive meetup for RSA Web Threat Detection customers to engage. We will also be providing a first look at new innovations in our lab environments and the partner Innovation Zone.


RSA Charge Fraud and Risk Intelligence track is designed to empower Anti-fraud leaders to be better equipped to discuss the current business impact of fraud risk and prepare for the future by enabling them to work more collaboratively with business leaders to ensure they are protecting what matters most.


The full schedule for this year’s event on the RSA Charge website with more than 35 hands-on labs, 90 sessions and 140 thought leaders and industry experts who are ready to share with you the key insights needed to take your security strategy to the next level. register today


RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world. Join us October 17 – 19 at the Hilton Anatole in Dallas, Texas.

To learn more about this upcoming event and fraud trends, follow us on Twitter @RSAFraud

Summer is nearing an end, the kids are heading back to school, and RSA Charge 2017 is less than two months away, October 17-19.


We invite you to peruse the full schedule for this year’s event on the RSA Charge website with more than 35 hands-on labs, 90 sessions and 140 thought leaders and industry experts who are ready to share with you the key insights needed to take your security strategy to the next level.


Here are a few of the great sessions you can attend:

Rolling-out a Company Wide Risk & Control Framework Supported by RSA Archer

Third Party Governance: Perspectives from a Panel of Pros

The RSA Archer Admin Dashboard (Yes, it's really here!)

From Discovery to Remediation in 9 Days: Defend against Determined and Well-Resourced Adversaries

Maximizing Your Investment in RSA Identity Governance and Lifecycle

Deep Entity Profiling & Machine Automation – How to Use These Powerful Technologies to Mitigate Fraud While Reducing Costs and End-User Friction


See the full schedule here.

And, if this isn’t enough to convince you to register today for RSA Charge, over the next six weeks, every Tuesday on the RSA Link Community, you’ll also see blogs from the RSA Charge team detailing presentation highlights from each of the product tracks being offered this year at Charge, including:

Taking Command of Your Risk Management Journey

Transforming Compliance

Managing Technology Risk in Your Business

Inspiring Everyone to Own Risk

Detecting and Responding to Threats That Matter

Secrets of the SOC

Identity and Access Assurance

Reducing Fraud, While Not Reducing Customers

RSA Archer Technical

RSA Archer Technical, Advanced



This year’s RSA Charge event is definitely one not to miss. If you have not registered as yet, please do so today to secure your spot and take advantage of the Discount Rate of $745, saving $200 through Sept. 15.

Additionally, if you also register for one of the Pre-Charge training courses offered by RSA University, you can save even more – the expired Early Bird Discount Rate of $645 will be extended to you up until the official start of RSA Charge on October 17. Click here to see the full course offering and for registration details. Classes are filling up quickly so don’t delay.

RSA Charge 2017 will provide you the ultimate opportunity to network with RSA customers from across the product portfolio, partners, and industry experts while discovering how to implement a Business-Driven Security™ strategy in an increasingly uncertain, high-risk world.

See you in Dallas, October 17-19 at the Hilton Anatole Hotel for RSA Charge 2017!


RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world.

Nowadays, it is common to use machine learning to detect online fraud. In fact, machine learning is everywhere. I guess that due to its independent nature and human-like intelligence qualities, machine learning does, at times, seem like an inexplicable “black box”. But truth be told, it doesn’t have to be like that!


So here is what you should know if you decide to give “computers the ability to learn without being explicitly programmed”.


Before choosing fraud detection technologies that leverage machine learning, consider the advantages and disadvantages of the different algorithms together with the demand for transparency, prediction accuracy and ability to adjust to the rapidly changing landscape (be it fraud or others). In order to be truly successful, the specific algorithm you use, combined with your domain knowledge, can make all the difference. Here are a few algorithms and factors you should consider:


Artificial Neural Network (ANN; or their more advanced counterpart – Deep Neural Nets) is considered to be a “universal approximator” as it fits almost any scenario and field. But is it the best one in every field? - Absolutely not.

While Deep Neural Nets is superior to other algorithms when image or speech recognition is considered (in other words, when working with huge data sets), there are a lot of examples where ANN produce inferior results to other classification techniques especially if the size of training sample is limited. It requires a large set of training data and is prone to over-fitting. ANN is sometimes referred to as “the second best way to solve any problem” while the best way is to actually to understand the different parameters of the problem you are trying to solve and then implement a model closely resembling reality.


Another statistical method known as naïve Bayes classifier- a probabilistic supervised classifier tool- has been proven mathematically to have a high degree of efficiency and reliability. The Naive Bayes algorithm - leveraged in risk-based authentication  technologies and employed by the RSA Risk Engine - affords fast, highly scalable model building and scoring. Bayesian classifiers are usually faster to learn new fraud patterns on smaller datasets, e.g. when less fraud/genuine feedback is available. They are flexible to additions of new predictors, which is crucial in the ever-changing fraud reality, and their simplicity prevents them from fitting their training data too closely.

With the Bayesian approach, the parameters that contribute to the final result can be made visible (hence not a “black box”). This means that Bayesian classifiers are free from the intrinsic disadvantages of other methods like ANN that cannot provide information about the relative significance of the various parameters - these are the real black box models. To that end, customers of RSA Adaptive Authentication have the ability to understand the top parameters which contributed the most to the risk assessment and these factors are visualized through a Case Management application.


You can have your cake and eat it too

Relying on artificial intelligence does not necessarily mean living in the dark or losing control over what your system is doing. When you have a robust machine learning algorithm that adapts to changes and partial data, is flexible to constant additions and also possesses a unique quality by which predictions are easy to interpret, then leading fraud detection results can coexist with transparency and a clear understanding of machine provided risk assessments.

Credit for the notion of having “too much of a good thing” goes to William Shakespeare, who used the phrase in As You Like It, a comedy of love, politics and mistaken identity.  However, Shakespeare couldn’t anticipate the dawn of the cyber age. Although there are a number of areas in our digital lives where moderation should rule, as anyone who has been sucked into playing Candy Crush for any length of time can attest, fraud management is not among them. When it comes to fraud detection, you simply cannot have too much of a good thing!


This is why each new release in the RSA Fraud and Risk Intelligence Suite includes features or capabilities that enhance fraud detection. RSA Web Threat Detection v6.2 – which is now generally available – is no exception.

With Web Threat Detection v6.2, we continue on our journey toward integrating siloed capabilities and data sources to provide a holistic view of online activities and behaviors. This cross-product pollination delivers more accurate fraud detection while still providing you the ability to control the end user experience on a highly granular level.  


Now RSA Adaptive Authentication can leverage information captured by Web Threat Detection v6.2 to monitor any online activity or transaction. With Transaction Scoring in RSA Adaptive Authentication, Web Threat Detection generates SOAP calls to Adaptive Authentication allowing easy integration of additional event types in Adaptive Authentication without code changes to the website. This capability increases the number of event types sent for risk assessment, thus enriching the RSA Risk Engine data and ultimately helping catch more fraud. This is great news for customers who leverage both Adaptive Authentication and Web Threat Detection within their environment today.


Web Threat Detection v6.2 also enhances fraud detection in the mobile channel.  Through support of JSON Web Tokens (JWT, Web Threat Detection provides visibility into the details of a mobile transaction allowing you to write mobile-specific rules to identify even more fraud across channels.  


Finally, Web Threat Detection 6.2 includes support for AES128-GCM encryption of transaction log files. Although the RC4 cipher offers both simplicity and speed, exploitable vulnerabilities have been discovered in the cipher.  With Web Threat Detection v6.2, you can configure the application to use either AES128-GCM or RC4 encryption, providing you the ability to balance the need for speed and higher security.


We will be hosting a webcast for our Web Threat Detection and Adaptive Authentication customers to cover the details within the latest release and demonstrate the benefits of this latest integration. The event will take place on Tuesday, July 25 at 1:00 ET.  You can register here

For existing Adaptive Authentication customers who are looking for more information on Web Threat Detection, I would recommend downloading the Pathfinder Technology report published by 451 Research. 

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.


This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security  strategy in an increasingly uncertain high-risk world.


Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.


Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!


Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation


Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced


Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.


Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.


RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.


Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.


And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’


So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.


Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  





It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.


If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form.  There’s also FAQs to help you before submitting your proposal.


You may also check out the complete RSA Charge 2017 Session details.  


All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!


We strongly encourage you to attend the RSA Charge event, even if you are not considering a speaker’s proposal submission.


Meet up with your Fraud and Risk Intelligence peers at RSA Charge and learn how to defend your digital channels to reduce fraud - not your customers or revenue. There will be several engaging sessions where you will learn about: 


  • Creating an Omni Channel Fraud strategy with RSA Adaptive Authentication ecosystem
  • Accelerating your Digital Strtegy with Open Banking API Economy Panel
  • Fighting Fraud with Deep Entity Profiling & Machine Automation
  • And, so much more! 

See you in Dallas, Oct. 17-19 !

Overview of WannaCry/Wanna Decryptor

As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.


While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).


The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.


While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.


This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.


Was RSA or Dell Technologies Impacted?

While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.


Are RSA Products Impacted?

Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.


How RSA Can Help You?

You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.


From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.


From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.


In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.


For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.


Other RSA and Third Party References

Here are some additional resources if you’d like to learn more about the attack.


What's to Come?

New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:

  • Many organizations will not patch core systems, rather put in protective defensives such as AV, blocking ports and IP addresses, and other supplemental actions. Thus, future morphs of WannaCry will continue to impact customers.
  • After some minor reductions in volume of attacks we will see continued:
    • Increase in leveraging attack tool leaks to fuel new attacks. Increase in attacks that focus on incidents that demand immediate monetary payment. (i.e. DDOS, Ransomware, identity change, etc.)
    • Exploit of older vulnerabilities will continue to make headlines.
  • Industry and government regulatory bodies always respond to major cybersecurity events, thus you can assume there will be a continued tighten requirements around vulnerability management and patch hygiene.
  • Risk management will become more fundamental in the scheme of prioritizing resource allocation and spend. More alignment between business needs and underlying security activities are on the horizon … this is still a year of planning and early walks for most organizations.


In Summary

While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.


These include:

  • Aligning business risk tolerance to a risk and cybersecurity plan
  • Prioritizing actions to reduce risk (less whack-a--mole)
  • Focus on the fundamentals that positively impact all threats:
    • Educating people
    • Business-driven risk reduction tied to an action-oriented plan
    • Continually test your environment for weaknesses
    • Strengthened identity and access assurance program
    • Assume all defenses will fail and that your understand of your environment isn't optimal.  Make sure you have expert visibility at the perimeter, inside the network, in the cloud and on attached mobile devices.  You must be able to monitor logs, packet traffic and what's actually happening on the endpoint. More importantly, you must have the expert capacity (people) to seek, monitor and respond to threats.
    • Automate your processes wherever possible. Very few organizations can invest at a level that provides enough people to adequately address the workload manually. The more organizations seek to enhance the efficiency and efficacy of their security teams, the greater the probability of success.


RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.


Additional Resources