|Page (1) of 1 - 06/02/11||email article||print page|
Guidance for Organizations Concerned With the Vulnerability of Authentication TokensTime to Turn on the Added Protection That You Already Have (June 02, 2011)
LEE, MA -- (Marketwire) -- 06/02/11 -- Amidst media reports that the nation's largest defense contractor experienced a network intrusion last week allegedly involving the use of RSA SecurID® tokens, organizations using tokens should consider additional measures for safeguarding their information and securing their network infrastructure. Incorporating device identification as a second layer of defense can help to thwart future cyber attacks, according to officials at Wave Systems Corp. (NASDAQ: WAVX).
"The Lockheed Martin breach has been a wake-up call for CSOs and CIOs, as this type of breach is a risk for any organization with the same vulnerability," commented Steven Sprague, CEO of Wave Systems, a leading provider of Trusted Computing solutions. "Security in today's IT infrastructure is more about layers than any single point of defense. We believe that organizations should add device identity as an independently managed layer for network access control, where only known devices -- those authorized by the organization -- are granted access to information and sensitive resources. This is device-based security."
Top Reasons Why device Identification Should Be Central To Your Security
- User identification with digital certificates, biometrics, one-time password tokens and smartcards may not be enough to prevent many types of breaches.
- When the device is known, IT can have a higher degree of confidence that information is being accessed by an authorized user.
- Device identification can mitigate the risk of unknown devices intentionally or unintentionally infecting the network.
- User authentication is stronger when an independent second factor (the device) is provided. Having two completely independent and parallel authentication systems can provide stronger security.
- Known devices will play an integral role in securing the cloud, defending against advanced persistent threats and securing mobile devices.
TPM Uniquely Suited for Device Identification
Traditional approaches to device identification center on using MAC addresses and user credentials in software to identify a device on the network. But this is subject to security vulnerabilities since MAC addresses and software-based user credentials can be spoofed, so another device can claim the same MAC address, for instance.
A better approach for device identification is through the use of the Trusted Platform Module (TPM). The TPM is a cryptographic security chip developed using a specification from the Trusted Computing Group (TCG). Among its many security features, the TPM has the ability to create, sign and store keys, which can be used to provide strong binding of machines and users to the device. Because the authentication keys are stored and protected within the hardware, they cannot be changed or stolen by malware. Benefits of the TPM include: persistent protection of identity information (keys); broad deployment (nearly half a billion TPMs have already shipped on PCs); and a low total cost of ownership, as there is no additional hardware to acquire or deploy.
One of the biggest hurdles preventing more widespread usage of the TPM has been a relative lack of awareness. But this is beginning to change. Consider:
- Earlier this year, the United Kingdom's Communications-Electronics Security Group (CESG) -- the government's technical authority for Information Assurance (IA), issued recommendations for the use of TPMs for devices within government agencies.
- In the U.S., the TPM is one of the authentication technologies considered as part of the White House's National Strategy for Trusted Identities in Cyberspace (NSTIC).
- The National Security Agency (NSA) has dedicated an entire Trusted Computing Division to drive research, hold conferences and educate the commercial sector on the benefits of Trusted Computing technology. Use of the TPM was a focal point for demonstrations and discussions at last year's Trusted Computing Conference, hosted by the agency.
- PwC, the world's largest provider of tax and advisory services, is in the process of migrating its 150,000+ users across 54 countries to TPM-based storage of private keys.
Wave has assembled a number of partners that can help enterprises leverage the TPM as part of its network security. Leveraging this already-deployed hardware security can supplement existing systems in a cost-effective and seamless manner. For more information, call (877) 228-WAVE or see the following link for additional information, resources and ways Wave can help: http://www.wave.com/solutions/Two-Factor_Authentication.asp.
About Wave Systems
Wave Systems Corp. (NASDAQ: WAVX) reduces the complexity, cost and uncertainty of data protection by starting inside the device. Unlike other vendors who try to secure information by adding layers of software for security, Wave leverages the security capabilities built directly into endpoint computing platforms themselves. Wave has been a foremost expert on this growing trend, leading the way with first-to-market solutions and helping shape standards through its work as a board member for the Trusted Computing Group.
Safe Harbor for Forward-Looking Statements
This press release may contain forward-looking information within the meaning of the Private Securities Litigation Reform Act of 1995 and Section 21E of the Securities Exchange Act of 1934, as amended (the Exchange Act), including all statements that are not statements of historical fact regarding the intent, belief or current expectations of the company, its directors or its officers with respect to, among other things: (i) the company's financing plans; (ii) trends affecting the company's financial condition or results of operations; (iii) the company's growth strategy and operating strategy; and (iv) the declaration and payment of dividends. The words "may," "would," "will," "expect," "estimate," "anticipate," "believe," "intend" and similar expressions and variations thereof are intended to identify forward-looking statements. Investors are cautioned that any such forward-looking statements are not guarantees of future performance and involve risks and uncertainties, many of which are beyond the company's ability to control, and that actual results may differ materially from those projected in the forward-looking statements as a result of various factors. Wave assumes no duty to and does not undertake to update forward-looking statements.
All brands are the property of their respective owners.
Wave Systems Corp.
Copyright @ Marketwire
Related Keywords: RSA SecurID breach, Lockheed Martin breach, TPM, trusted platform module, Wave Systems Corp., Storage,Security,Business Issues,Hardware,Services,Software,Misc,Security,Standards,Authentication,Threats,Authentication,Biometrics,Mac,OS9,OSX,USA,Marketwire,IT (Information Technology),Security,Financial,Other,