RSA still replacing tokens in Australian market

Company admits attack was by a nation state, denies claims replacement will cost US$1 billion

RSA Australia/NZ general manager, Andy Solterbeck

RSA Australia/NZ general manager, Andy Solterbeck

RSA has admitted it is still a few months away from replacing all of its customers' SecureID tokens in the Australian market. The company also says that the March 2011 attack was by a nation state.

Australia/NZ general manager, Andy Solterbeck, told Computerworld Australia that the company has "a few months to go" before all the tokens are replaced.

The company has offered large customers, such as ANZ Banking Group, an early renewal of their contracts along with new devices, while smaller users were able to get free contract extensions. It has also offered to help with risk mitigation.

"We’ve attempted to contact every single customer that we have installed in the Australian market and if we haven’t been able to reach them than we ask them to reach out to us," Solterbeck said.

While RSA does not break out its customers on a regional basis, he said that 10 per cent of its global customer base had decided to replace their RSA tokens.

“We have thousands of customers in Australia and the number of customers here who have chosen to replace their tokens is slightly higher than the global number," he said.

"The reason is that in Australia, the level and degree of reporting was much higher than any other country globally."

He added that the number quoted in some news reports of $US1 billion to replace all the tokens was “nowhere near the true amount” but RSA was “not at liberty” to say what the true cost was.

Solterbeck said there was "no question whatsoever" that the company suffered a nation-state-orientated advanced persistent threat (APT) attack.

"The reason we say that was because of the level of the sophistication of the attack and specifically what they went after," Solterbeck said.

“We believe that we were one of the only commercial organisations that caught an APT in flight. Unfortunately we didn’t stop it in time but we did see it,"

One of the tools that helped RSA discover the APT was Netwitness, which is a full packet capture forensics engine that allows organisations to see every packet that goes across the network. RSA acquired Netwitness in April.

The information taken from RSA was than used in an attempt to infiltrate US defence contractor, Lockheed Martin. Lockheed Martin was forced to pull access to its private virtual access network after hackers compromised the SecureID technology.

According to Solterbeck, Lockheed Martin still remained the only incident it knew of that used information taken from RSA.

"The attack on Lockheed was unsuccessful; they actually mitigated the attack, partly because they implemented some best practice methods we recommended, such as breach mitigation," he said.

RSA is now warning others not to be compromised in the same way it was.

"Organisations need to change their security posture from one of perimeter based defence such as firewalls and antivirus, which are important, from one to where you assume you have been breached," Solterbeck said.

"What an organisation needs to work out is how they locate that breach and mitigate breaches both from a governance perspective and from a technology perspective."

Within RSA ANZ, the company is moving into desktop virtualization because, according to Solterbeck, this will increase the level of security around the end user environment.

“We’ve even more aggressively segregated our network infrastructure and increased the rigour in terms of security incident management as a process inside the organisation," he said.

While the company will continue to sell SecureID tokens, it is also looking to other areas of the business such as software tokens and risk-based authentication for growth opportunities. Risk-based authentication is used by banks to check where customers who are using internet banking are logging in from and what cookies they have enabled.

"If they are suddenly in a different country and using a different PC than they will flag that and make people step up to change their authentication," Solterbeck said.

When asked his thoughts on companies such as CA and Netsafe that also sell tokens targeting its customers with advertising campaigns, he acknowledged that it was a "commercial world" and other security companies had every right to do what they needed to in order to run a business.

"All I will say is that our business had a record quarter last year and a record quarter this year from a SecureID perspective," he said. "We haven’t seen significant impact from that kind of campaign."

RSA was asked for comment on the news report that it had been compromised by a spear phishing email but declined to comment.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags rsa securitySecureIDsecurity

More about ANZ Banking GroupAPTCA TechnologiesetworkLockheed MartinNetsafeNetwitnessRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts