Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/17/2011
12:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA Combines Blacklist Data Feeds And Threat Monitoring In RSA CyberCrime Intelligence Service

RSA CyberCrime Intelligence Service offers new daily reports on black-listed hosts and IP addresses

BEDFORD, Mass., Aug. 17, 2011 /PRNewswire/ --

News Summary:

-- RSA announces significant new features available in the RSA(SM) CyberCrime Intelligence Service -- RSA CyberCrime Intelligence is a managed service engineered to provide information about external threats and data compromise to help enterprises monitor and harden their infrastructure against malware infection and data loss -- New daily "blacklist" reports on live malware domains can help organizations proactively block malicious traffic from Trojans and phishing sites -- Professional services consulting to help organizations improve security policies and controls

RSA, The Security Division of EMC (NYSE: EMC) announced significant updates to its RSA(SM) CyberCrime Intelligence Service designed to help enterprises monitor and harden their infrastructure against malware infection and data loss. Offered to complement RSA's broad portfolio of security and threat management solutions, the RSA CyberCrime Intelligence Service is a managed service that is designed to provide information on corporate end points, network resources, access credentials and other systems that may have been compromised by malware. Security professionals can use this information to help identify corporate end points and resources that may be at risk as a result of malware infection and remediate incidents of potential data exposure in the enterprise.

In addition to gaining insight into malware-infected resources, the RSA CyberCrime Intelligence Service offers new daily reports on black-listed hosts and IP addresses used by cybercriminals for launching attacks and communicating updates to malware-infected computers that may be part of a botnet. When automatically fed into web filtering software, intrusion detection/prevention systems and other network monitoring and security solutions, this threat intelligence feed can be used to help sever the communication channels of existing malware, eliminating its ability to siphon information from companies and gain new instructions from command and control points.

"IT organizations have traditionally focused on layered security which protects the perimeter. Now is the time to provide the same layered security model internally as well. That model, based on Governance, Risk and Compliance, must assume that malware has penetrated the enterprise and mitigate any damage which might occur," said Phil Blank, Managing Director, Security, Risk and Fraud at Javelin Strategy & Research. "By employing actionable information contained in threat intelligence reports and supplemented by active blacklist feeds to help prevent communications with command and control servers and data leakage, an enterprise can significantly improve their security posture and reduce their risks."

Advanced forms of malware such as the Zeus and SpyEye Trojans can silently capture and exfiltrate a wide variety of data and credentials contained on enterprise endpoints, including proprietary information such as legal documents, healthcare records and corporate secrets. However, many organizations are unaware of the impact of malware within their systems that pose a significant threat to their information and bottom line.

"Corporate internet users increasingly represent the largest source of infection in the enterprise by data-stealing malware via spear-phishing emails and social engineering attacks," said Sam Curry, Chief Technology Officer for RSA's Identity and Data Protection group. "The RSA CyberCrime Intelligence Service helps IT professionals further understand and isolate possible points of exposure within their enterprise so they can adjust security controls and close gaps to better protect their organizations against malware and data loss."

The RSA CyberCrime Intelligence Service is designed to offer companies insight into potential compromises through a variety of regular reports and automated data feeds that provide lists of recovered data related to an organization's:

-- Systems, applications and resources derived from monitoring corporate URLs -- Communication done over corporate email domains -- Resources based on IP addresses of infected machines

The information offered through the RSA CyberCrime Intelligence Service is gleaned from the RSA Trojan Research Labs and a network of anti-virus, firewall, anti-spam and Web crawling partners. RSA aggregates and analyzes this information to provide customers with continuous updates and broad visibility on the latest malware and malicious hosts found on the internet.

Customers can also opt to receive an additional level of security consulting expertise integrated with their RSA CyberCrime Intelligence Service offering, to help identify and implement actionable plans to reduce cybercrime risk through:

-- Exposure analysis in social media and general web presence -- Business process mapping, risk modeling and vulnerability and exposure analysis -- Understanding industry and geographic trends -- Ongoing monthly consulting for defensive and intelligence needs

Availability

Offered as a managed service, the RSA CyberCrime Intelligence Service is designed to be quickly deployed and enables organizations to minimize resource investments. The RSA CyberCrime Intelligence Service is available worldwide this month. For more information, visit www.rsa.com/cybercrime or call RSA Product Sales at +1-800-495-1095.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

EMC, RSA and FraudAction are registered trademarks of EMC Corporation in the United States and other countries. All other products and/or services are trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.