Rivals move to plug gap left by RSA uncertainty


Rivals move to plug gap left by RSA uncertainty

Simon Quicke

Rivals have moved to plug the gap left by the uncertainty caused by the RSA server breach offering alternative protection as a well known research firm warns users not to use tokens that might have been compromised.

With criminals hacking into RSA's SecurID servers, which store details used as part of the two-factor authentication process, the discussion of the details of the attack has widened to cover the alternatives offered by token-less systems.

Those pushing alternatives have been bolstered by the views of security research specialists NSS Labs which has reacted to the RSA breach with a warning that could impact tens of thousands of users.

"NSS Labs recommends that RSA clients who use SecureID to protect sensitive information should consider eliminating remote access until this is resolved; perform an impact assessment of systems using this technology and identify critical assets and potential risks," it stated.

Then in a sentence that is manna from heaven to RSA's rivals it stated: "Furthermore, RSA clients should consider alternative 2-factor authentication solutions."

Even before that advice had been issued by NSS Labs, rivals had stepped up to deal with customer uncertainty, with IronKey focusing on banking customers and SecurEnvoy launching an offer of a free 30-day trial of its token-less product to any RSA licence holder.

Andrew Kemshall, technical director and co-founder of SecurEnvoy, said that there was a great deal of uncertainty across the RSA user base and channel and the channel could offer an alternative.

He added that because it didn't store details on centralised servers there would be customers keen to hear about other approaches to two-factor authentication.

Elsewhere others in the two-factor authentication market have also reacted to the fall out from the RSA breach.

"Criminals used an Advanced Persistent Threat (APT) attack to breach the RSA SecurID infrastructure, and can now combine that information with data-stealing malware in order to compromise high value online banking sites," said Dave Jevans, IronKey's founder and chairman.

"IronKey is already working with banks impacted by the RSA SecurID data breach in order to protect their customers," he added.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.