Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:35 PM
Dark Reading
Dark Reading
Products and Releases

RSA Rolls Out Trio Of Security Products Aimed At Midsize Businesses

Offerings comprise two-factor authentication, security information and event management (SIEM), and data loss prevention (DLP)

BEDFORD, MA. — May 21, 2009 — RSA, The Security Division of EMC (NYSE: EMC), today announced a comprehensive set of solutions to help organizations address the most challenging aspects of complying with the U.S. Data Breach Notification Laws for protecting personally identifiable information (PII) and mitigating the risk of security breaches. Specifically, RSA is announcing three distinct packages of information security products " including two-factor authentication, security information and event management (SIEM) and data loss prevention (DLP) " designed to meet the needs of mid-sized companies.

Organizations entrusted with PII from customers and employees are required to take appropriate actions to secure and protect this information. In addition, laws across the United States levy varying penalties " including public notification requirements " for organizations suffering a PII compromise. RSA's PII package is engineered to deliver technologies that support these efforts by enabling customers to:

  • Identify PII across their environment, and understand where and how this data is being accessed and stored, and how and by whom it is being used
  • Implement appropriate security controls based on policy and risk
  • Monitor the environment and proactively identify potential security events in real-time

    "Clearly, data breaches carry heavy costs for organizations, not to mention public embarrassment and lost goodwill," said Jon Oltsik, Principle Analyst of Enterprise Strategy Group. "By implementing a set of repeatable, scalable controls organizations can help reduce that risk."

    RSA's Packaged Solutions for Securing PII

    RSA developed three packages that offer cost-effective, actionable, enterprise-level solutions to mid-sized organizations concerned with preventing PII data breaches, and avoiding the costs associated with breach notifications. These packages were developed to meet different customers' specific needs, depending upon where they are in the process of protecting PII as required by various data breach notification laws across the U.S. A core requirement for preventing a data breach is ensuring only authorized individuals may access systems containing PII. To this end, all three RSA packages include strong two-factor authentication with RSA SecurID' one- time password solutions. With RSA SecurID authentication, organizations can thereby help ensure that both proprietary business data, as well as private customer data, are only available to authorized users.

    In addition, businesses striving to protect PII and meet notification requirements must be able to quickly identify a potential breach, and maintain logs that will help to evaluate how an incident may have occurred. To support these requirements, the three packages also include the RSA enVision' platform that offers collection, alerting and analysis of log data in the context of threats, vulnerabilities, IT assets, and other data to enable organizations to quickly respond to high-risk security incidents and compliance issues.

    Finally, in order to effectively protect PII and attempt to comply with state-level breach notification laws, organizations must understand where sensitive data resides, and how data moves across the environment. In an effort to achieve this, RSA offers the RSA' Data Loss Prevention solution in three distinct modules. The RSA DLP Suite offers a vast set of pre-defined policies according to certain U.S. Data Breach Notification Laws as well as other regulations (e.g. PCI DSS, HIPPA, NERC, and CPNI).

  • For organizations seeking to initially understand how PII may be compromised when transmitted across their network boundaries, one package offers RSA Data Loss Prevention Network. This package is ideal for businesses that have yet to fully understand the movement of PII in their environments.
  • For organizations lacking a clear view of where sensitive data resides, the second package offers RSA DLP Datacenter & Endpoint Discovery. With these technologies, businesses get visibility into where PII resides, helping them to evaluate whether appropriate controls are in place to prevent a breach.
  • For organizations striving to address both the discovery of PII and an understanding of how such data move across the network, the third package offers RSA Data Loss Prevention Network and RSA Data Loss Prevention Endpoint & Datacenter Discovery.

    RSA PII Services

    The RSA DLP RiskAdvisor service may be the first step for organizations to address the U.S. Data Breach Notification challenges. RSA DLP RiskAdvisor is designed to discover PII and provide a high-level mapping of business functions to sensitive information, helping organizations to understand where PII exists across the enterprise so that it can be consistently managed and protected across the information lifecycle. RSA Professional Services leverages the RSA Data Loss Prevention Suite for discovery of PII and provides a view into potential exposure.

    Beyond the RSA Packages for Protecting PII

    In addition to technologies found within the new packages " two-factor authentication, security information and event management and data loss prevention -- RSA's technology solutions for helping to secure PII include adaptive authentication, web access management, encryption and encryption key management. These technologies provide key controls necessary to secure PII - at rest, in motion and in use, thereby mitigating the risk of data breaches, and helping to enable organizations to meet U.S. Data Breach Notification Laws and other regulation requirements in the most consistent, scalable manner possible. Moreover, EMC's Physical Security Solutions are engineered to enable organizations to manage, archive, protect, authenticate, and scale security systems and video surveillance information in order to control the physical access to records and to storage areas of records containing PII.

    About RSA

    RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle " no matter where it moves, who accesses it or how it is used.

    RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Why Cyber-Risk Is a C-Suite Issue
    Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
    DevSecOps: The Answer to the Cloud Security Skills Gap
    Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
    Attackers' Costs Increasing as Businesses Focus on Security
    Robert Lemos, Contributing Writer,  11/15/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-11-17
    KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
    PUBLISHED: 2019-11-17
    An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
    PUBLISHED: 2019-11-17
    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
    PUBLISHED: 2019-11-17
    iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
    PUBLISHED: 2019-11-17
    jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.