Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

5/21/2009
02:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA Rolls Out Trio Of Security Products Aimed At Midsize Businesses

Offerings comprise two-factor authentication, security information and event management (SIEM), and data loss prevention (DLP)

BEDFORD, MA. — May 21, 2009 — RSA, The Security Division of EMC (NYSE: EMC), today announced a comprehensive set of solutions to help organizations address the most challenging aspects of complying with the U.S. Data Breach Notification Laws for protecting personally identifiable information (PII) and mitigating the risk of security breaches. Specifically, RSA is announcing three distinct packages of information security products " including two-factor authentication, security information and event management (SIEM) and data loss prevention (DLP) " designed to meet the needs of mid-sized companies.

Organizations entrusted with PII from customers and employees are required to take appropriate actions to secure and protect this information. In addition, laws across the United States levy varying penalties " including public notification requirements " for organizations suffering a PII compromise. RSA's PII package is engineered to deliver technologies that support these efforts by enabling customers to:

  • Identify PII across their environment, and understand where and how this data is being accessed and stored, and how and by whom it is being used
  • Implement appropriate security controls based on policy and risk
  • Monitor the environment and proactively identify potential security events in real-time

    "Clearly, data breaches carry heavy costs for organizations, not to mention public embarrassment and lost goodwill," said Jon Oltsik, Principle Analyst of Enterprise Strategy Group. "By implementing a set of repeatable, scalable controls organizations can help reduce that risk."

    RSA's Packaged Solutions for Securing PII

    RSA developed three packages that offer cost-effective, actionable, enterprise-level solutions to mid-sized organizations concerned with preventing PII data breaches, and avoiding the costs associated with breach notifications. These packages were developed to meet different customers' specific needs, depending upon where they are in the process of protecting PII as required by various data breach notification laws across the U.S. A core requirement for preventing a data breach is ensuring only authorized individuals may access systems containing PII. To this end, all three RSA packages include strong two-factor authentication with RSA SecurID' one- time password solutions. With RSA SecurID authentication, organizations can thereby help ensure that both proprietary business data, as well as private customer data, are only available to authorized users.

    In addition, businesses striving to protect PII and meet notification requirements must be able to quickly identify a potential breach, and maintain logs that will help to evaluate how an incident may have occurred. To support these requirements, the three packages also include the RSA enVision' platform that offers collection, alerting and analysis of log data in the context of threats, vulnerabilities, IT assets, and other data to enable organizations to quickly respond to high-risk security incidents and compliance issues.

    Finally, in order to effectively protect PII and attempt to comply with state-level breach notification laws, organizations must understand where sensitive data resides, and how data moves across the environment. In an effort to achieve this, RSA offers the RSA' Data Loss Prevention solution in three distinct modules. The RSA DLP Suite offers a vast set of pre-defined policies according to certain U.S. Data Breach Notification Laws as well as other regulations (e.g. PCI DSS, HIPPA, NERC, and CPNI).

  • For organizations seeking to initially understand how PII may be compromised when transmitted across their network boundaries, one package offers RSA Data Loss Prevention Network. This package is ideal for businesses that have yet to fully understand the movement of PII in their environments.
  • For organizations lacking a clear view of where sensitive data resides, the second package offers RSA DLP Datacenter & Endpoint Discovery. With these technologies, businesses get visibility into where PII resides, helping them to evaluate whether appropriate controls are in place to prevent a breach.
  • For organizations striving to address both the discovery of PII and an understanding of how such data move across the network, the third package offers RSA Data Loss Prevention Network and RSA Data Loss Prevention Endpoint & Datacenter Discovery.

    RSA PII Services

    The RSA DLP RiskAdvisor service may be the first step for organizations to address the U.S. Data Breach Notification challenges. RSA DLP RiskAdvisor is designed to discover PII and provide a high-level mapping of business functions to sensitive information, helping organizations to understand where PII exists across the enterprise so that it can be consistently managed and protected across the information lifecycle. RSA Professional Services leverages the RSA Data Loss Prevention Suite for discovery of PII and provides a view into potential exposure.

    Beyond the RSA Packages for Protecting PII

    In addition to technologies found within the new packages " two-factor authentication, security information and event management and data loss prevention -- RSA's technology solutions for helping to secure PII include adaptive authentication, web access management, encryption and encryption key management. These technologies provide key controls necessary to secure PII - at rest, in motion and in use, thereby mitigating the risk of data breaches, and helping to enable organizations to meet U.S. Data Breach Notification Laws and other regulation requirements in the most consistent, scalable manner possible. Moreover, EMC's Physical Security Solutions are engineered to enable organizations to manage, archive, protect, authenticate, and scale security systems and video surveillance information in order to control the physical access to records and to storage areas of records containing PII.

    About RSA

    RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle " no matter where it moves, who accesses it or how it is used.

    RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13864
    PUBLISHED: 2020-06-05
    The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
    CVE-2020-13865
    PUBLISHED: 2020-06-05
    The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
    CVE-2020-11696
    PUBLISHED: 2020-06-05
    In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
    CVE-2020-11697
    PUBLISHED: 2020-06-05
    In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
    CVE-2020-13646
    PUBLISHED: 2020-06-05
    In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.