To NCA RSA Security Customers,
As you may be aware, RSA has recently released an open letter stating that the security breach which took place in March of this year did indeed comprise an element of its SecurID two-factor authentication solution. We have included a copy of the letter sent by Art Coviello, the Executive Chairman of RSA, which explains this further. As indicated in his letter, RSA's SecurID product has now been verifiably implicated in a recent (but unsuccessful) attack against Lockheed Martin.
While RSA has taken precautions to ensure that this will not happen to other government agencies or businesses, NCA is fully committed to putting the protection of our clients above all other interests. It is with this commitment to our customers, and our deep belief in being a trustworthy trusted advisor that we make the following comments and recommendations.
It is important to understand that RSA continues to have confidence in its SecurID product – with the caveat that tokens issued before the March 2011 breach should be replaced for those customers that meet certain risk criteria. RSA has established an entire program to "reinforce customers' trust in RSA SecurID and in their overall security posture". In addition to the guidance and recommendations that were originally issued on March 17th, this program now includes:
- An offer to replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
- An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.
In essence, this process involves expiring your existing tokens, and reissuing new tokens that were generated after the breach occurred. Customers wishing to discuss these options, and/or learn more about this process are encouraged to contact their NCA Account Executive, or reach out directly to RSA by calling 1-800-782-4362 (Option #5 for RSA, Option #1 for the RSA SecurID Remediation Program). For those customers that are especially concerned about this issue, and are looking for more detailed information and/or recommendations, NCA is available to meet with you to discuss the risks and options that are specific to your unique business needs.
Regardless of the direction you choose to take, as a customer of NCA, we highly recommend an increased vigilance in reviewing log files and investigating suspicious activities. Security breaches are rarely based on the failure of a single security control, but are rather the result of multiple cascading failures in the overall defense of an organization's information assets. The ability to detect and respond to potential security incidents in a timely manner is an absolutely essential component of any security program. NCA has worked with countless clients to address log management challenges, implement event and incident management technologies, develop incident response plans, and investigate/recover from security breaches. During this challenging time, we encourage all customers to revisit their existing breach detection and response capabilities and engage with NCA to address any concerns that you may have.
In summary, protecting our customers is our utmost priority. Right now you have a number of choices to make depending on your current risk profile and risk tolerance level. No matter what you choose to do; NCA's highly skilled security team stands ready to assist. Again, if you have any questions regarding our services, or any other topic covered in this letter, please contact your NCA Account Executive or call our corporate headquarters at 800-604-6536.
Thank you for your time and attention.
Network Computing Architects