RSA Security Incident Management
A fundamental starting point in building critical advanced security operations is the capability to identify, investigate, and resolve security incidents. Security incident management is the first process that must be tackled within security operations before more sophisticated capabilities can be achieved.
RSA Security Incident Management integrates the RSA enVision security incident and event management (SIEM) platform with RSA Archer Incident Management to accelerate the identification, prioritization, investigation, and resolution of security incidents. The enVision SIEM platform collects and analyzes log and event data to quickly identify high-priority security incidents as they occur. Once critical events within the infrastructure are identified, RSA Archer Incident Management enables a security function to manage the complete investigation and resolution of the incident.
Integration between these two products allows security analysts to utilize enVision event data and information from the RSA Archer eGRC platform to add business context to the incident for quicker prioritization. The end result is the efficient and effective investigation and remediation of security incidents.