- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Last April's RSA security breach was engineered by a nation-state whose ultimate goal was not to steal secrets about SecurID tokens but rather to use those secrets to compromise U.S. military contractors that protected their networks with the devices, RSA officials say.
To execute that scheme, the attackers started off by compromising the network of a trusted RSA business partner and used that infiltration to send a spear phishing email to an RSA employee who fell for the ruse, according to RSA officials talking at a recent meeting with reporters at its headquarters.
The company hosted a media day to air out the breach in an attempt to put it behind them before the RSA 2012 security conference that starts Feb. 27 and shift focus to its upcoming product road map. During the session executives talked about the breach in some detail, characterizing it as an unfortunate incident that has valuable lessons for any organization.
If breaking into a military contractor's network was the ultimate goal of the RSA breach, the attackers were successful. RSA's CEO Tom Heiser says the breach of Lockheed Martin's network in May was made possible at least in part by the stolen RSA secrets. But, he says, that is the only known breach attributable to the theft. "There is no one [else] we know of that's had an active attack due to RSA, period," he says.
After an initial frantic time spent explaining to customers what happened and what to do about it, the company shifted to try to meet customer demand for new tokens despite RSA's belief that they weren't necessary. To do so they put in place half a dozen or so new robots, boosting production seven-fold, he says.
Heiser seemed exhilarated recounting how the company responded to the breach, calling on teams of engineers to answer questions and setting up a network of executives around the world to answer questions no matter the time of day.
Initially the company did triage - "to stop the bleeding" - and address customer needs and the safety of their networks, but during the summer shifted to the offensive. It set up Project Phoenix designed to put the focus on advanced threats like the one it fell prey to, setting up 15 to 20 small conferences around the world since then to discuss the problem, Heiser sys.
He says the satisfaction of customers lagged after the breach when they were mainly upset about the problems it was causing them. Now, though, they are committed to RSA products for the long term, he says. The company claims a net gain in customers since the breach.
Angry customers said immediately afterward that they weren't getting enough information from RSA and that in order to get it had to sign non-disclosure agreements.
RSA Executive Chairman Art Coviello tries to put a rosy complexion on the impact of the breach. He claims RSA lost "not a single significant customer" as a result. "There was virtually non-existent churn that we've been able to detect," he says. Overall, the company has about 35,000 SecurID customers.