Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog

RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.

                          

Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.

 

And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’

 

So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.

 

Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  

 

Check out our latest IAM blog - Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure? by our own Steve Mowll and Chris Williams.

 

 

 

We heard you loud and clear - with the upcoming long Memorial Day weekend fast approaching, school classes ending in the Midwest for the summer, and a host of work-related commitments, you wanted more time to submit Call for Speakers (C4S) Abstracts.

 

We are pleased to tell you that the deadline for C4S submissions has been extended and is now EOD on June 9, 2017.

 

This is a hard deadline, however, and will not be extended again so we can meet all the time-sensitive event activities leading up to RSA Charge 2017.

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

 

First, check out the webinar replay of 'What You Should Know Before Submitting Your Proposal' and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form. There are also FAQs to help you too. 

 

The Tracks for RSA Charge 2017 include:

 

(Governance, Risk & Compliance)

Inspiring Everyone to Own Risk

Managing Technology Risk in Your Business

Taking Command of Your Risk Management Journey

Transforming Compliance

RSA Archer Suite Technical

RSA Archer Suite Advanced Technical

 

(Security Operations, Identity, Anti-Fraud)

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

Complete Session details are also available.

 

With the extended deadline through June 9, we hope you will consider sharing your first-hand knowledge, advice, ideas, experiences, case studies, and war stories with your peers at Charge 2017. For the many who have already submitted proposal abstracts, ‘thank you’ and we look forward to seeing you in Dallas, Oct. 17-19.

Visibility: RSA Archer Staging

It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.

 

If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form.  There’s also FAQs to help you before submitting your proposal.

 

The Tracks include: 

Security Operations, Identity, Anti-Fraud

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

You may also check out the complete RSA Charge 2017 Session details

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit! 

 

Even if you are not considering submitting a presentation proposal, we encourage you to attend this premier event; save $300 with the Early Bird Discount through June 30.

 

See you in Dallas!

Overview of WannaCry/Wanna Decryptor

As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.

 

While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).

 

The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.

 

While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.

 

This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.

 

Was RSA or Dell Technologies Impacted?

While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.

 

Are RSA Products Impacted?

Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.

 

How RSA Can Help You?

You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.

 

From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.

 

From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.

 

In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.

 

For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.

 

Other RSA and Third Party References

Here are some additional resources if you’d like to learn more about the attack.

 

What's to Come?

New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:

  • Many organizations will not patch core systems, rather put in protective defensives such as AV, blocking ports and IP addresses, and other supplemental actions. Thus, future morphs of WannaCry will continue to impact customers.
  • After some minor reductions in volume of attacks we will see continued:
    • Increase in leveraging attack tool leaks to fuel new attacks. Increase in attacks that focus on incidents that demand immediate monetary payment. (i.e. DDOS, Ransomware, identity change, etc.)
    • Exploit of older vulnerabilities will continue to make headlines.
  • Industry and government regulatory bodies always respond to major cybersecurity events, thus you can assume there will be a continued tighten requirements around vulnerability management and patch hygiene.
  • Risk management will become more fundamental in the scheme of prioritizing resource allocation and spend. More alignment between business needs and underlying security activities are on the horizon … this is still a year of planning and early walks for most organizations.

 

In Summary

While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.

 

These include:

  • Aligning business risk tolerance to a risk and cybersecurity plan
  • Prioritizing actions to reduce risk (less whack-a--mole)
  • Focus on the fundamentals that positively impact all threats:
    • Educating people
    • Business-driven risk reduction tied to an action-oriented plan
    • Continually test your environment for weaknesses
    • Strengthened identity and access assurance program
    • Assume all defenses will fail and that your understand of your environment isn't optimal.  Make sure you have expert visibility at the perimeter, inside the network, in the cloud and on attached mobile devices.  You must be able to monitor logs, packet traffic and what's actually happening on the endpoint. More importantly, you must have the expert capacity (people) to seek, monitor and respond to threats.
    • Automate your processes wherever possible. Very few organizations can invest at a level that provides enough people to adequately address the workload manually. The more organizations seek to enhance the efficiency and efficacy of their security teams, the greater the probability of success.

 

RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.

 

Additional Resources

Pretty informal post here- I just finished troubleshooting an issue with AFX at a client site.  It's an error I've seen before and wanted to give a shout out because others are likely to run into it as well.

 

They were having issues with the server not fully starting up.  In the mule_ee.log file, there was a complaint about "address already in use".

 

This is an error I've seen before, and it's because SPLUNK uses port 8089 as one of it's defaults, which AFX also requires for web service asynchronous callback functionality.

 

The easiest way to get around this issue is to modify /home/oracle/AFX/esb/lib/user/afx-config.properties, and modify the afx.async.callback.port parameter to a port that's not in use by the system.

 

I do think it'd be a good idea to get a callout in our install guide, knowing that splunk is a pretty common service to have running on a server, but wanted to get something out there in case it helps someone.

Join more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017. This year’s event will be held Oct. 17-19 in Dallas at the Hilton Anatole Hotel.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.

 

To whet your appetite, check out Top 10 Reasons to Attend RSA Charge 2017 and Agenda at a Glance

 

RSA University will also once again be offering condensed product-specific training courses beginning Monday, October 16 and on Tuesday, October 17, with information available soon on the RSA Charge microsite.  Visit the microsite often to stay informed and maximize your experience at RSA Charge 2017.

 

Don’t miss this event - inspiring Keynotes, hands-on labs, strategic security sessions, technical deep-dives, and so much more; register today and save $300 with the Early Bird Discount through June 30.

 

See you in Dallas!

 

See what KuppingerCole says about RSA Identity Governance and Lifecycle!

https://blogs.rsa.com/executive-view-from-kuppingercole/ 

 

sap2csv:  Simple and Free java JCo3 utility to output any SAP Table into a csv

Check it out on:  https://sourceforge.net/projects/sap2csv/

Features

  • Accept SAP JCo connection parameters and tablename
  • Outputs tablename.csv
  • Standard Output provides table description

sap2csv

 

See attached quick reference guide for SAP tables.

This is the first post in a new blog series by Steve Mowll and Chris Williams - ENJOY!

 

POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data!
Steve Mowll, Systems Engineer, RSA

Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is not their job.

HR is a business function tasked with finding and retaining the top talent for a company. They guide new employees – orientating them, helping them achieve career goals and ensuring that payroll and benefits function correctly. For this, they interact a great deal with, and are aligned to the overall business. NEWS FLASH identity management people: HR has a view into employee data, but they are not here to spoon feed IT with the employees’ identity data!

If IT approaches HR in this mindset, the conversation will end poorly. Getting off on the right foot at the start of any project is key to a successful and productive relationship. That’s why we urge you to think differently if you want to use HR data for your identity management system. Here are a few tips:

  1. Involve HR colleagues at the beginning of an identity management project and identify an HR executive stakeholder.
  2. Understand the end-to-end HR processes and data, but make sure you also understand each process’ intention and purpose, not just the flow or process itself.
  3. HR works with the lines of business to define their processes and data. Get involved in the business conversations and relationships that your HR team has. You will have a very hard time making identity management relevant to the business if you don’t.
  4. Understand the value you can add to the HR team and their mission. This is not just about creating and securing access. It’s about getting employees productive from day one. And, it’s about making sure they have the ready and appropriate access to the systems and applications they need to do their jobs.

Lastly, regardless how hard things get, I warn you, never mention Catbert, the evil HR manager!

COUNTERPOINT: HR data is a good resource, but combining highly-descriptive data about people inside and outside of the IT stack can create a more accurate person-record.
Chris Williams, Advisory Architect RSA

Catbert isn’t evil…he’s just misunderstood. Or, is he?

Years ago, before applications became capable of understanding who their authorized users were, most organizations managed a single repository containing “who a person is” and “what is their business function.” Of course, the repository owner was Human Resources. By its very nature, it’s a fantastic facility for all types of people-data: positions, managers, departments, salary, performance, and so on.

Today, many IT organizations are finding complementary, highly-descriptive data about the people inside and outside of their IT stack. Think of all the directories, databases, applications, and enterprise resource planning (ERP) software within your business. Now, add all the external partner, social, and hosted/SaaS services containing people-data. Combined, this data can be used to create a more accurate person-record, while reducing the impact against HR to attain, maintain, and provide that data. The trick is to not manage too much data.

If we apply a few rules about descriptive and relational data learned from infrastructure management projects (think configuration management databases used in an IT Service Management program), we know that we can select (federate) which “attributes” of a person we want to use, and then populate that within a unified person-record within an identity management solution. In this manner, the identity management solution becomes a living system of truth. With that said, there are a few things you should keep in mind when building a federated identity management record set:

  1. Keep it simple – don’t over think how to collect the data and utilize a base data exchange model – but make sure you still protect the data in transit.
  2. Only take what you need – like most data warehouses, the collected information can easily become too large and too difficult to manage.
  3. Have a plan to utilize the data – think about how a person’s attributes will be used to describe who they are, what access they should have, how it helps build roles and rules, etc. Although it may better describe a nuance about a person, if it doesn’t drive a specific access requirement, then you don’t need it.
  4. Leverage what already exists – you will likely find the data you need without having to go to HR directly. Payroll, corporate directories, organization charts, etc. can all provide very rich data sources. If there are complete records, then grab as much as you can thus limiting how many unification sources are needed to build a “complete record.”

Moreover, information security teams can rely on a current unification of the best attributes from the best descriptive data sources – whether they are from IT, HR or a combination of both – comprising the definitive answer to “Who are my users?” And, Catbert won’t be upset with us each time we need a new report.

Watch this video to see how RSA Identity Governance and Lifecycle is helping Ameritas to streamline access delivery and user lifecycle management for employees while improving audit performance. (NOTE: Via Access is now RSA Identity Governance and Lifecycle)

                                                 

 

Believe it or not, the RSA Charge 2017 event is only six months away, Oct. 17-19 in Dallas at the Hilton Anatole. Visit the RSA Charge microsite, now open!  And this means, 'Call for Speakers' submissions are now being accepted as well.  

 

In case you were not able to attend one of the two live RSA Charge 'Call for Speakers' webinars in April, 'What You Need to Know About Submitting Your Speaker's Proposal'  the webinar replay is now available for your listening pleasure. 

 

To help you get those creative juices flowing, the following 2017 Submission Tracks have been identified for RSA products; for full session descriptions please see attachment:

 products; for full session descriptions please see attachment:

 

Security Operations, Identity, Anti-Fraud

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

Governance, Risk and Compliance

Inspiring Everyone to Own Risk

Managing Technology Risk in Your Business

Taking Command of Your Risk Management Journey

Transforming Compliance

RSA Archer Suite Technical

RSA Archer Suite Advanced Technical

 

It is recommended that you once you listen to the replay, you use the 'offline' form,' available on the microsite as your draft before submitting. You may also have more than one submission. RSA Charge official  'Speaker' Submission Form is also available on the microsite.

 

Please Note: 'Call for Speakers' closes on May 26.'  

 

Did you know that 86% of the questions have missing information and most of the follow up questions are to gather that missing information?

 

Don’t waste your time and get the answer as soon as possible by providing relevant information.
 

  • Information like product version. Why product version is important? The issue you are describing might be fixed in the next release
     
  • Information like business use case. Why this is needed? There is more than 1 way to do things. If you are describing an issue with your approach, someone can suggest a different approach.
     
  • Complete information around the observed issue will clear misunderstandings. Screenshots, relevant snippets from logs, browser version (if relevant) and etc... are an excellent way to achieve that.

 

Happy posting!

Boris

Are you getting everything you can out of the community?

Most likely not.
No worries, this blog post will help you get there in few clicks.

 

Are you a follower?
If not, then you are missing all the action.

Customers, partners and RSA employees are posting questions which you most likely to encounter in the future or encountering already.
New tutorials are being uploaded by product management.
How to articles are being posted by engineers to help you understand the nuts and bolts of the system.
New solutions are being created by professional services.
New concepts are being demonstrated by pre sales.
Updated documentation is being uploaded by technical writers
New knowledge base articles are being made publicly by customer support.

 

Don’t stay behind and follow the communities below to get updates instantly to your inbox with every new post. Check the Inbox checkbox under the Following section (for every link).
RSA Identity Governance & Lifecycle Client/Partner Community  
RSA Identity Governance & Lifecycle 
Connector & Collector Application Guides 

 

 

Use the Outlook plugin for ease of access
Good to know: Jive for Outlook 

 

Happy posting!

Boris

IDENTITY RISK IS BUSINESS RISK:
In 2016, 63% of confirmed data breaches involved weak, default or stolen passwords (Verizon 2016 Data Breach Investigations Report). Identity has emerged as the most consequential threat vector.

 

Now is the time to upgrade to RSA Identity Governance and Lifecycle Version 7.0.2 to address identity-based risks and deliver continuous compliance for your organization. Our approach incorporating risk analytics and business context to identity management, means you are getting more than basic provisioning and governance.

 

WHAT WILL YOU GET FROM UPGRADING?

 

BETTER COMPLIANCE AND RISK MITIGATION
Visibility and control into all identities including privileged users all in one place with PIM/PAM interoperability. No longer manage privilege accounts separately, which opens up vulnerabilities for highly sought after accounts and compliance issues. Manage it all from one platform.

 

IMPROVE BUSINESS ADOPTION
Better adoption by the business with integration to ServiceNow. Users will be able access and make requests via the portal that is already used for other IT and business requests in the organization instead of accessing a siloed portal.

 

MORE AGILE ADMINISTRATION
Increase agility to manage identity governance with streamlined workflows, dashboards, simplified approvals, improved overall performance and administration.

 

SIMPLIFIED UPGRADE DEPLOYMENT
Upgrade tools for RSA Identity Governance and Lifecycle streamlines the upgrade process making it easier for you to deploy upgrades. Our Professional Service is here make sure you upgrade goes smoothly.

 

Here is a full list of enhancements:

 

CONTINUOUS VISIBILITY, COMPLIANCE AND IDENTITY RISK MITIGATION

 

SIMPLIFIED END USER EXPERIENCE AND IMPROVED BUSINESS ADOPTION

 

MORE AGILE ADMINISTRATION AND DEPLOYMENT CAPABILITIES

 

Full details behind these enhancements available.

 

WHAT ARE THE IMPACTS OF NOT UPGRADING?
Threats continue to evolve each day—with identity being the primary attack vector. Version 7.0.2 provides you the best protection against identity-based vulnerabilities, based on risk analytics and business context. Not upgrading, means your identities may not be as secure as they could be.

 

HOW TO GET STARTED:

Got questions? We’re here to help you upgrade to the latest version. Here are 3 easy options to help you get started with upgrade:

  1. Leave a comment here and we’ll answer your questions in the community
  2. Connect with your RSA Identity Governance and Lifecycle sales representative
  3. Reach out to our professional services contacts below

 

Americas:
Orlando Salinas
Nitinkumar Khadse

 

EMEA:
Khalil El Damisi

 

APJ:
Thomas Leresche

Have you had a collection job fail with a status of "Aborted (Circuit Breaker)" and all you did was kick of the collection again with "Ignore Circuit Breaker"?


The Circuit Breaker is there to protect you. In the past customers have had issues with their source data being incorrect and then that incorrect data being pulled into the system. For example, some collections are collected from CSV files that the customer builds with some manual or automatic process from various systems within their organization. If this aggregation process fails, or does not properly create the CSV files, then our collectors will gather the incorrect data and attempt to process it, typically resulting in cases where we think a significant number of objects or relationships have been deleted, which in turn can trigger all kinds of actions. The Circuit Breaker can prevent that. It raises a red flag that a particular collection has too much change, and gives the administrator a chance to review the raw data before we take it on board.


The Circuit Breaker is designed to stop a collection process that exceeds a percentage of change. That change could be something New, Missing or Changed, and it pertains to objects and direct entitlements. Our OOTB percentage change is 5%, but that can be adjusted. We allow the percentage to be changed system wide or it can be changed on a per collector basis as well as on the type of change that occurs. So if you know that your Ldap server does not have a lot of activity you can keep the OOTB percentage. If you have self-service HR system where the users are constantly making modifications to their information you may want to increase the percentage for that collector.

 

In the Collector's Guide there is a section on "Configuring a Data Processing Interruption Threshold" which will give you more information on how to adjust the setting.