Detection and Alerting
Analysts can discover attacks as they're happening by correlating logs, packets, netflow, and endpoint data. RSA Security Analytics detects and investigates attacks in real time that other systems can’t. For example, it can detect a PDF containing an executable, followed by encrypted traffic to a blacklisted country.
Contributing to this capability is capture time data enrichment. RSA Security Analytics inspects and performs deep-data enrichment right at the time of capture. This includes tagging threat indicators as well as interesting characteristics about the log or network session.