Data Security updates in RSA Web Threat Detection
Originally Published: 2016-10-07
Article Number
Applies To
RSA Product/Service Type: Mitigator
RSA Version/Condition: 4.6, 5.x, 6.0
Issue
Example of a customer requirement --
Based on the security document provided by RSA**, it appears Silvertail/WTD uses RSA for encryption, which is an acceptable algorithm, however, RC4 is no longer accepted based on the current Payment Card Industry (PCI) standards.
An approved encryption algorithm that RSA Silvertail/WTD can use would be AES 128 bit is acceptable, but 256 bit would be much better.
** Last Data Access and Security document was published for Version 3.1 in 2012
Resolution
After investigating the issue, Engineering has determined the current state of WTD(version 6.0 and affecting all versions)
- AES-128 demonstrates a better security vs. performance ratio.
- Currently WTD uses a combination of RSA+RC4 key to encrypt logs.
- While PCI 3.1 recommended migrating from RC4 ciphers, PCI 3.2 (April 2016) obliges disabling weak ciphers such as RC4, MD5 etc.
To add support for stronger encryption, the client should have a choice what to use
- Our major concern is about data retention, which will have to include handling of both "old" and "new" ciphers.
- Current option on the table involves developing a tool to migrate(convert) encrypted logs from RC4 to the new AES cipher suite.
Project Management believes that this commitment to a fix should provide PCI compliance going forward.
Related Articles
AES XTS mode and java.security.InvalidKeyException: java.security.InvalidAlgorithmParameterException: Algorithm parameters… Number of Views Keeper Security - RSA Ready Implementation Guide Number of Views IBM Security Verify - RSA Ready Implementation Guide Number of Views December 10, 2019 Intel Security Advisories: Impact on RSA Products Number of Views How to handle a request for information on Access Control and Data Security in RSA Web Threat Detection Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
