Go F-Secure - Researcher finds the RSA email in VirusTotal haystack

F-Secure research Timo Hirvonen (who sounds like he should be playing in the NHL) recently wrote a tool to look for flash objects in the gigantic DB that is VirusTotal and came up with what appears to be the exact email that was sent to EMC/RSA employees with the attached excel file that included the malicious flash code that was eventually opened. The rest is now history and the security giant is still keeping relatively quiet while looking at the world now through a bruised and blackened eye. The Network World article spells it out very well so I won't get into the details, but what it clearly illustrates to me is the expanding need for things I've touched upon before (here, here and here, and in this interview) :

1. Data loss needs to be publicized much further so the general public (and press) has a better understanding of the scale of what is going on in the cybercriminal and nation-state espionage worlds
2. REAL Security Awareness programs. Lance Spitzner's work on Securing the Human is excellent and take his SANS course, it's great.
3. Application Whitelisting. If you are only allowing business approved applications to run on your hosts, you have thwarted the ability to run malicious code.
4. Identity based profiling, authorization and access controls. Identity at the packet layer and the ability to tie that back to an authorization directory and create dynamic rules on the fly of what that packet (person) can access. You now have an inventory of everything that is authorized to connect to your network, where they are and what they can do. That almost sounds too good to be true, and, yes, I'm specifcally refering to Cisco's ISE. Just wait until they add NAC posturing to it.
5. Information classification programs and policies. KNOW what you are protecting and its business criticality.
6. Peer groups. Executive periodic peer group discussions to review trends, methods, controls and metrics.