RSA Breach: Customer's Perspective

Tenable CSO Ranum Says Incident is a 'Teaching Moment'

By , March 22, 2011.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
RSA Breach: Customer's Perspective
Read Transcript

Marcus Ranum isn't just a well-regarded information security expert. He's also a customer of the RSA SecurID product, and he's got some strong feelings about the RSA breach and how the industry has responded to it."I'm torn," says Ranum, CSO of Tenable Network Security, explaining why he chose to speak out about the impact of the RSA breach on his company and on the industry. "On one hand, it's a media circus," he says. "It's showing once again that breaches get maybe an unwarranted level of attention, but it's also showing that [RSA's response] is a really effective and mature, responsible way to handle a breach."

The breach impact on Tenable is negligible, he says. "We may have to upgrade some software." But his company, which employs SecurID for remote access via VPN, is using the incident as a security lesson for employees. "We're using this as a teaching moment, as they say, to remind people of the importance of social engineering and to be ready to avoid that kind of thing."

The industry impact is more significant. "This is a decent wakeup call," Ranum says. "It shows that malware is not something that you can just blow off. These spear phishing attacks and these types of deep penetration are a serious problem."

In an exclusive interview about the RSA breach, Ranum discusses:

  • What RSA has told its customers;
  • The significance of the breach to the industry;
  • How the marketplace has responded to the breach.

Ranum is CSO of Tenable Network Security. Since the late 1980s, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Ranum has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and also holds the ISSA lifetime achievement award. In 2005 he was awarded Security Professional of the Year by Techno Security Conference.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE IG Disputes TSA Edits of Security Audit

The Department of Homeland Security's inspector general is protesting redactions made by the...

Latest Tweets and Mentions

ARTICLE IG Disputes TSA Edits of Security Audit

The Department of Homeland Security's inspector general is protesting redactions made by the...

The ISMG Network