New RSA Innovation Helps Thwart “Smash-and-Grab” Credential Theft
RSA Distributed Credential Protection is Engineered to Remove Primary Points of Compromise; Scrambles, Randomizes and Splits Authentication Credentials Across Multiple Servers, Data Centers and the Cloud
- RSA has introduced a unique technology to mitigate the risk of stolen passwords, answers to security questions, and other stored credentials and secrets.
- RSA Distributed Credential Protection is designed to eliminate a primary point of compromise by proactively or reactively scrambling, randomizing, and splitting sensitive data across multiple locations.
- Innovative new technology developed by RSA® Labs bolsters the defense-in-depth strategy for enterprise portals and web portal providers while limiting impact to usability.
RSA, The Security Division of EMC (NYSE: EMC), today introduced an innovative new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.
RSA ® Distributed Credential Protection is engineered to scramble, randomize and split secrets and authentication credentials into two separate locations. Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of successful “smash-and-grab” attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.
With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information. As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.
Engineered by RSA Labs, this new capability is the result of groundbreaking work in Split Value Cryptographic Authentication. Credentials secured by RSA Distributed Credential Protection benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.
According to the Verizon 2012 Data Breach Investigation Report , of the data breaches investigated in 2011, servers were among the primary target assets in 64% of investigations and those accounted for 94% of compromised records. Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction and customer attrition. By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today.
Key benefits of RSA Distributed Credential Protection:
- Designed to reduce the risk of bulk credential data loss that so often results from “smash-and-grab” cyber attacks.
- Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
- If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
- Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
- Deployment is transparent to end users.
- A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.
Available in Q4 2012, RSA will showcase RSA Distributed Credential Protection at RSA ® Conference Europe 2012 in London.
RSA Executive Quote:
Dan Schiappa, Senior Vice President of Identity and Data Protection, RSA
“RSA Distributed Credential Protection is the result of several years of incredible research and development innovation at RSA Labs. This technology offers a unique way to truly protect bulk data stores of passwords, secrets and other credentials from even highly sophisticated attacks. This new approach to credential protection will be a game-changer for organizations responsible for the security of very large numbers of end user access credentials.”
Scott Crawford, Managing Research Director, Enterprise Management Associates
“Recent, high profile breaches have highlighted the inadequacies of some implementations of credential protection techniques such as hashing and salting. Given the threats posed by attackers seeking to compromise large sources of access credentials and other high-value information, organizations must take these risks seriously and, in some cases, consider new approaches, such as that introduced by RSA.”
- RSA Video: With RSA DCP, a Security Breach Doesn't Equal Credential Loss
- RSA Video: Introducing RSA Distributed Credential Protection
- RSA Blog: Mobile Phones and “Mobile” Adversaries: Announcing RSA Distributed Credential Protection – By Dr. Ari Juels, RSA Labs Chief Scientist
- RSA Blog: Adapt or Die – Even Passwords Can Get Tougher – By Sam Curry, CTO, RSA Identity & Data Protection
- RSA Podcast: A Revolutionary Way to Secure Bulk Credentials – RSA Distributed Credential Protection
EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset — information — in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at www.EMC.com
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.
RSA, The Security Division of EMC
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.