I have used RSA Secure ID for many years.  I think almost every major company I have had the privledge of working for uses RSA Secure ID.  I think the RSA two factor authentication products have been the bell weather of authentication security.

There have been a number of companies that I have worked at where my IT security friends who still work there have been emailing me laughing about the misery at RSA.

The RSA press releases and conference calls have been vague at best.  The concept of an advanced persistent threat digging itself deep into the infrastucture of one of the major security technology vendors in the IT space is a mind boggling concept to digest.

Even if RSA had coded an NSA back door into the secure ID product, requiring the user asking for authentication to proivde a valid LAN ID and password would still protect the company from unauthorized access to the company network if the RSA Secure ID is used for VPN authentication.

I think the issue that will affect RSA is ultimately going forward is a companies trust in RSA and their security technology.

How does a malicious virus get installed on an RSA PC in the first place?   Lets go through a list of questions I would ask.

Did RSA have a content aware Firewall on company Internet access to look for malicious code coming down?

Did the RSA PC not have a white list of software that could be installed on the PC?

Did the RSA PC have split tunnelling enabled when not connected to the company VPN?

Even with negative answers to the questions, did RSA have network anomoly detection hardware installed on their network to detect a PC gaining access to the family jewels of security information from RSA?

If the PC infected with a malware virus bot was a develop with access to the source code AND serial number and seed database, why was that information not protected better.  Does a software developer with access to the code need access to the production seed and serial number database?  Again, if there was normal network traffic to either the source or the master database, there would have been a network anomonly detected accessing the other.

How did the malware connect to the command and control center on the Internet?  There are many content aware firewalls that have a black list of known black listed IP addresses and IRC networks.

The scope of the breach looks like RSA will be doing some serious soul searching and security architecture redesign.

And, we will see shortly if there was an RSA NSA back door coded into Secure ID if an exploit is released shortly.

The question is, what can RSA do to regain the trust of the companies who have selected RSA to protect company infrastructure and security.