*>>It seems there is more to the RSA intrusion than was made public.*
I was pretty sure of that from the beginning... I expect them to cough up more details if the frequency of attacks against their customers increases OR when they have made a substantial change to the underlying infrastructure that was attacked earlier this year. *>>Has anyone read how LM detected the attack? I'm guessing that their SEIM alerted to an increase in RSA account lockouts?* That hasn't been officially disclosed as yet, from what I can tell, but I imagine that their network and security monitoring tools were key here. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Tue, May 31, 2011 at 10:31 AM, Kevin Lundy <klu...@gmail.com> wrote: > It seems there is more to the RSA intrusion than was made public. > > Has anyone read how LM detected the attack? I'm guessing that their SEIM > alerted to an increase in RSA account lockouts? > > On Tue, May 31, 2011 at 9:42 AM, Andrew S. Baker <asbz...@gmail.com>wrote: > >> *In today’s security news…* >> >> Good morning: >> >> There was sustained attach on the network of Lockheed Martin, which >> appears to be related to the earlier attack on RSA’s security token >> infrastructure<https://www.nsslabs.com/research/analysis-briefs/rsa-breach.html> >> . >> >> · >> http://www.computerworld.com/s/article/9217125/Lockheed_Martin_Attack_Signals_New_Era_of_Cyber_Espionage >> >> · >> http://www.computerworld.com/s/article/9217126/Lockheed_Martin_acknowledges_significant_cyberattack >> >> Thankfully, it was unsuccessful, due to the diligent efforts of the >> security team at Lockheed Martin (and possible support from Homeland >> Security), but I expect that it will be the first of many attempts against >> other organizations that use RSA tokens… >> >> >> >> *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) >> *Harnessing the Advantages of Technology for the SMB market... >> >> * >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin