Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog

As an addendum to the previous release of the Password Vault Integration feature in RSA Identity Governance and Lifecycle v7.0.2 we are happy to announce the release of additional support for collectors and connectors.  The password vault feature will allow RSA Identity Governance and Lifecycle to retrieve and rotate privileged credentials from CyberArk Application Identity ManagerTM (AIM). 

 

For a list of supported endpoints, please review the Connector & Collector Application Guides  or the supported endpoint data sheet - RSA Identity Governance and Lifecycle - Supported Collectors and Connectors   

 

For more information on this feature – please review this additional content. 

 

Active Directory Application Wizard Password Vault Configuration 

Password Vault Configuration - Active Directory Collector 

 

Reduce Identity Risk with RSA Identity Governance and Lifecycle

In the recent RSA Identity Governance and Lifecycle 7.1 release we have added a new Analysis and Guidance panel for User Access Reviews.  The Analysis and Guidance panel provides more context to the reviewer to (1) improve risk awareness, (2) identify outlier access, and (3) reduce the volume of decision making. 

 

The analysis and guidance panel allows the reviewer to easily filter their review results by different categories to allow them to focus on specific set of data.  For example; show only privileged access that contains violations or uncommon access (outliers) that contain violations.   The inclusion of the panel and various analysis are configurable at the review definition level. 

 

The analysis and guidance panel focuses on three main use cases

 

Improve Risk Awareness

  • Display all items with Violations
  • Display all items with Exceptional Access
  • Display all items that were previously revoked
  • Display all items for critical applications
  • Display all items that contain privileged access

 

Identify Outlier Access

  • Display all items that are not commonly held

 

Reduce the Volume of Decision Making

  • Display all items that are commonly held
  • Display all items that were recently approved
  • Display all items that have not changed since the last review

 

In addition the analysis and guidance panel filtering can be combined with table filtering to isolate all violations for privileged entitlements within a specific role or business unit.  

 

For more information on this feature – please check out this additional content. 

 

New User Access Review Experience - Analysis and Guidance Panel 

When RSA is looking at enhancing the product there are many factors that need to be taken into consideration. What is the benefit to our customers? What is the impact of making a change? What is the priority of this change verses others enhancements.

To help your idea be the more impactful it can be and get the visibility it deserves here are a few guidelines to help you define your idea.

  • What is the use case you are looking to solve?

 

Putting the use case in the title and detailing it at the start of your idea will help people to understand what you are looking to achieve. Define at a high level what it is that you are looking to do, if possible in business or non-technical way. This should not be details of specific technical changes in the product.

Providing the information this way allows us to look at all of the options to approach the idea.

Example: RSA Identity Governance & Lifecycle should have the ability to resend a request to AFX after it fails. This ability should be configurable from the UI.

  • What is the benefit you are looking to achieve?

 

Detail the benefits you could achieve by enhancing the product to meet this use case, is there a quantifiable benefit? How would it improve your life or the lives of your users? If it needed to meet a corporate objective or regulation?

Example: A retry mechanism we will reduce manual labour and possible errors that are part of making a manual change

  • Example of what would change in the product

Detail the changes you might see in the product to meet your enhancement use case. A lot of the Idea’s in Link today start with this type of information. It is very much needed but it also leads to questions like “What is the overall objective of what they are trying to do?” and “Is there a different way to do it that would add more benefit or be easier to implement?”

Another factor is other people might not understand your idea or its benefit and therefore will not vote for it!

Example(s): If the endpoint was down for some reason and now its back up and we want to resend the same request to AFX.

If the endpoint is down send the request to another AFX endpoint.

If the endpoint is down send a notification to an administrator and wait for them to select the retry option in the UI.

I hope this helps you create some cool new ideas that will help everybody in being successful in implementing and managing the RSA Identity Governance & Lifecycle platform.

Thank you very much for all of your support!

Anya Kricsfeld

Launching RSA Ideas

Posted by Anya Kricsfeld Employee Oct 31, 2017

For years RSA has been in business of providing best-in-class security products and services to you, our customers.  I am proud to be surrounded by extremely intelligent and creative coworkers who amaze me with their knowledge, imagination, and ability to make abstract a reality on daily basis.  However, I am even more astounded by the unending well of new ideas I see coming from our customer community every time I interact with or observe an interaction between us and you.  You are the true inspiration and driving force of our innovation.  We build products that solve your problems, we offer services that help you, and everything we do - we do with you and your success in mind.

 

This is why I am happy to officially introduce you to a new way to harvest and crowdsource our collective ideas together.  This month, we have launched new idea pages on our RSA Link Community:

 

 

These destination pages are places for you to show off your creativity and need, to suggest ways that would improve our offerings to help you be more successful.  It is also the place where you can collaborate on your ideas with other like-minded individuals and vote on ideas suggested by others.

 

We have a great customer community, let’s harness its creative power to see what we can come up with together.

 

For more information, please check out the following FAQs:

Identity is a critical risk component in all organizations. With recent breaches blanketing the news impacting almost all adults in the U.S., organizations are taking another look at their security programs to minimize the risk. It’s time for organizations to take charge of securing access to their sensitive data, systems and applications.

So why not take advantage of RSA Charge this October 17-20 to hear how your peers across banking, healthcare, insurance, technology and manufacturing industries are effectively managing identity to minimize risk? Each with a unique perspective of how they are implementing RSA SecurID® Suite technology in their environments to improve their security posture. Plus you can see how RSA is innovating our identity and access management solutions to address today’s identity and access challenges.

Here’s a handful of sessions you’ll be able to participate in at RSA Charge this year:

The Evolution from Authentication to Identity Assurance

While two-factor authentication is the standard for securing external access, the world has evolved and with it, so have users’ expectations. Learn how leveraging powerful risk analytics combined with dynamic access policies provides better Identity Assurance and creates a better user experience—all while maintaining the security posture in today's changing ecosystem.

Rethinking IAM: How Risk-based Approach Makes IAM More Effective and Strategic

Identity governance and lifecycle management is the cornerstone of an identity management program, but there is much more. Learn how taking a risk-based approach can make your program more effective at governing who has access to what while elevating the strategic importance and visibility to the C-suite.

An Epic Tale – How to Leverage IAM to Get a Handle on Your Electronic Medical Records System

In the session, you’ll learn how you can avoid an epic fail with your Electronic Medical Records (EMR) by integrating Epic EMR system into your identity management program with RSA.

This is just a taste of the exciting content we’ll feature in the Identity and Access Management track. Take a look at the full agenda at RSA Charge and check out the other awesome keynotes and networking events taking place. You won’t want to miss this!

Now is the time to take Charge of your identity program and there’s no better place to get started than by joining other RSA SecurID Suite customers at RSA Charge.

Register for RSA Charge by October 16 and save $100.

If you’re looking for the latest news, trends and innovations in identity, you’ll find it all at RSA Charge 2017 October 17-19 in Dallas. I hope you will join me this year along with the RSA identity team for three action-packed days of content and connections, with hands-on labs, RSA product previews, plenty of networking opportunities and more. It’s all part of RSA’s can’t-miss annual user conference, Charge, the premier event on RSA® Business-Driven Security™ solutions, where an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management unite.

 

Top 3 Reasons to Attend

By joining us for RSA Charge 2017, you’ll be able to:

  • Learn how you can reimagine your identity strategy with identity and access assurance, next-gen authentication solutions (including mobile push authentication, biometrics, FIDO tokens, smart phone authentication methods and more), and the latest in identity governance and lifecycle management technology
  • Go hands-on in labs learning recommended practices for RSA® Identity Governance and Lifecycle and preview the latest RSA SecurID® Access product features
  • Gain insights from your peers at top companies sharing how they solved real-life identity challenges and what they learned in the process

The Future of Identity Starts Here

RSA Charge 2017 is your opportunity to gather with RSA’s identity experts and executives to hear about RSA’s vision and strategy around identity. Keynotes by cybersecurity visionary and TED speaker Marc Goodman, RSA President Rohit Guy, and other RSA execs set the tone each day, followed by morning-to-night sessions exploring the shift from identity management to identity assurance, the move to multi-factor authentication and the evolution of identity-related risks and risk management. You’ll also hear first-hand from customers sharing stories of how they’re reinventing their identity strategies to address emerging challenges in authentication and identity governance.

Getting Down to Brass Tacks

Come to share your input into the overall identity customer experience, and leave with plenty of practical knowledge for improving your identity practice. We’ll guide you through detailed roadmaps of RSA Identity Governance & Lifecycle and RSA SecurID Access, and give you a sneak peek at the latest releases. We’ll also share some practical tips for specific identity projects like upgrades and quick starts. And we’ll show you how RSA Identity Governance & Lifecycle integrates with RSA Archer, RSA Authentication Manager and other key business applications to give you new ways to manage identity risk and to help you lower your risk of an audit failure (or worse, a data breach) while improving your overall compliance efforts, including those for GDPR.

Register Today for Special Pricing on Your Attendee Pass

Don’t miss your chance for an up-close look at what’s happening in identity today from RSA experts and customers, and other security industry leaders, at RSA Charge 2017. Register by September 15 for serious discount pricing. I look forward to seeing you there!

About RSA Charge 2017

RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world. Join us October 17 – 19 at the Hilton Anatole in Dallas, Texas. Register now!

This RSA SecurID Suite Navigator Tool is part of an ongoing campaign by the RSA SecurID Customer Enablement group to make it easier for RSA SecurID Suite customers like you to find relevant product training and documentation. The RSA SecurID Suite Navigator Tool allows you to filter content based on your role within your organization: Administrator, System Administrator, and Business User. You can also filter content by your knowledge level of the RSA SecurID Suite, from Basic to Intermediate to Advanced.

 

The RSA SecurID Suite Navigator includes content from the entire RSA SecurId Suite: RSA Authentication Manager, RSA Identity Governance and Lifecycle, and RSA SecurID Access. This navigator tool pulls content from different RSA business units and includes RSA University training content, Knowledge-based articles, as well as a vast collection of user documentation. The RSA SecurID Suite Navigator will be updated frequently to ensure you are receiving the most up-to-date content available. There is a dedicated team of RSA professionals across different business units to help you take charge and power your way to success with the RSA SecurID Suite.

 

In our continued efforts to provide the best content available, we rely on your feedback. If you cannot find what you are looking for in the Navigator, please complete the form we have provided on the main Navigator page.

 

You can find the SecurID Suite Navigator Tool on the main RSA SecurID product page or by navigating to the following URL:

 

https://community.rsa.com/community/products/securid/navigator

With today’s ever growing threat landscape, the volume, sophistication, and potential damages of attacks is increasing. It is becoming increasingly harder to stop attackers from entering your system networks, isolating their motives, and most importantly removing them once they are there.  A typical security environment uses multiple disconnected technologies, supplying an immense amount of information.  Prioritizing a specific piece of data is important to responding quickly to attacks.  At a higher level, however, there is a need to understand if the security strategy is really effective for the business.  In summation, businesses need to change their security strategies.

 

The solution?  RSA provides a top down approach strategically linking business risk management with security events and priorities

  • Make security teams operationally more impactful
  • Strategically manage business risk

By bringing different practices together, linking security incidents with business context allows security teams to respond faster to protect what matters most.

The RSA suite of tools

  • Keeps the bad actors out, but allows entry to those that have legitimate need to easily access the system
  • Enables visibility and analytics to view the big picture to provide insights into specific attacks
  • Provides business context linked to contextual intelligence for a more informed approach
  • which can then be translated into action

The video in this eLearning discusses how RSA’s tools provide both the detailed information linked to the business context to protect the most sensitive assets.

 

https://community.rsa.com/docs/DOC-79242

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security  strategy in an increasingly uncertain high-risk world.

 

Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.

 

Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!

 

Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation

 

Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced

 

Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.

 

Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.

 

RSA Identity Governance and Lifecycle in the news!  

 

RSA Identity Governance and Lifecycle Receives Common Criteria Certification

RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.

                          

Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.

 

And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’

 

So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.

 

Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  

 

Check out our latest IAM blog - Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure? by our own Steve Mowll and Chris Williams.

 

 

 

We heard you loud and clear - with the upcoming long Memorial Day weekend fast approaching, school classes ending in the Midwest for the summer, and a host of work-related commitments, you wanted more time to submit Call for Speakers (C4S) Abstracts.

 

We are pleased to tell you that the deadline for C4S submissions has been extended and is now EOD on June 9, 2017.

 

This is a hard deadline, however, and will not be extended again so we can meet all the time-sensitive event activities leading up to RSA Charge 2017.

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

 

First, check out the webinar replay of 'What You Should Know Before Submitting Your Proposal' and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form. There are also FAQs to help you too. 

 

The Tracks for RSA Charge 2017 include:

 

(Governance, Risk & Compliance)

Inspiring Everyone to Own Risk

Managing Technology Risk in Your Business

Taking Command of Your Risk Management Journey

Transforming Compliance

RSA Archer Suite Technical

RSA Archer Suite Advanced Technical

 

(Security Operations, Identity, Anti-Fraud)

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

Complete Session details are also available.

 

With the extended deadline through June 9, we hope you will consider sharing your first-hand knowledge, advice, ideas, experiences, case studies, and war stories with your peers at Charge 2017. For the many who have already submitted proposal abstracts, ‘thank you’ and we look forward to seeing you in Dallas, Oct. 17-19.

Visibility: RSA Archer Staging

It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.

 

If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form.  There’s also FAQs to help you before submitting your proposal.

 

The Tracks include: 

Security Operations, Identity, Anti-Fraud

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

You may also check out the complete RSA Charge 2017 Session details

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit! 

 

Even if you are not considering submitting a presentation proposal, we encourage you to attend this premier event; save $300 with the Early Bird Discount through June 30.

 

See you in Dallas!

Overview of WannaCry/Wanna Decryptor

As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.

 

While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).

 

The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.

 

While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.

 

This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.

 

Was RSA or Dell Technologies Impacted?

While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.

 

Are RSA Products Impacted?

Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.

 

How RSA Can Help You?

You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.

 

From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.

 

From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.

 

In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.

 

For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.

 

Other RSA and Third Party References

Here are some additional resources if you’d like to learn more about the attack.

 

What's to Come?

New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:

  • Many organizations will not patch core systems, rather put in protective defensives such as AV, blocking ports and IP addresses, and other supplemental actions. Thus, future morphs of WannaCry will continue to impact customers.
  • After some minor reductions in volume of attacks we will see continued:
    • Increase in leveraging attack tool leaks to fuel new attacks. Increase in attacks that focus on incidents that demand immediate monetary payment. (i.e. DDOS, Ransomware, identity change, etc.)
    • Exploit of older vulnerabilities will continue to make headlines.
  • Industry and government regulatory bodies always respond to major cybersecurity events, thus you can assume there will be a continued tighten requirements around vulnerability management and patch hygiene.
  • Risk management will become more fundamental in the scheme of prioritizing resource allocation and spend. More alignment between business needs and underlying security activities are on the horizon … this is still a year of planning and early walks for most organizations.

 

In Summary

While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.

 

These include:

  • Aligning business risk tolerance to a risk and cybersecurity plan
  • Prioritizing actions to reduce risk (less whack-a--mole)
  • Focus on the fundamentals that positively impact all threats:
    • Educating people
    • Business-driven risk reduction tied to an action-oriented plan
    • Continually test your environment for weaknesses
    • Strengthened identity and access assurance program
    • Assume all defenses will fail and that your understand of your environment isn't optimal.  Make sure you have expert visibility at the perimeter, inside the network, in the cloud and on attached mobile devices.  You must be able to monitor logs, packet traffic and what's actually happening on the endpoint. More importantly, you must have the expert capacity (people) to seek, monitor and respond to threats.
    • Automate your processes wherever possible. Very few organizations can invest at a level that provides enough people to adequately address the workload manually. The more organizations seek to enhance the efficiency and efficacy of their security teams, the greater the probability of success.

 

RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.

 

Additional Resources