RSA Security Analytics Detect and Investigate Advanced Threats
GAIN COMPLETE VISIBILITY
DETECT AND ANALYZE
TAKE TARGETED ACTION
Details & Benefits
RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to a solution with better visibility, analysis, and workflow. With RSA Security Analytics, teams have the power to detect and analyze even the most advanced of attacks before they can impact their organization. Once spotted, security analysts can then investigate, prioritize, and remediate incidents with unprecedented precision and speed.
- Gain complete Visibility to identify and investigate attacks
- Eliminate blind spots where threats can take root with visibility across logs, networks, and endpoints
- Inspect every network, packet session, and log event for threat indicators at time of collection with Capture Time Data Enrichment
- Augment visibility with additional compliance and business context
- Detect and Analyze even the most advanced attacks in real time, versus days or even weeks with competitive solutions
- Discover attacks missed by traditional SIEM and signature-based tools by correlating network packets, netflow, endpoints, and logs
- Begin finding incidents immediately with out-of-the-box reporting, intelligence, and rules
- Identify high-risk indicators of compromise by harnessing the power of Big Data and data science techniques
- Take targeted Action on the most important incidents
- Prioritize investigations and streamline multiple analyst workflows in one tool, enabling incident response and escalation to begin immediately and putting the advantage of time back on the side of the defender
- Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Separate the threats from the white noise, cutting hours or days from the threat detection process and eliminating time wasted due to false positives
- Compliance and threat reporting in one place enables your current team to manage compliance and more proactively defend your network and assets
Our experience with hundreds of the world’s leading security operations teams has been encoded into our templates, workflows, and alerts, giving your current team the capabilities developed over years by the world’s best security operations personnel.
The RSA Security Analytics platform is comprised of two primary elements: the Capture Infrastructure and the Analysis and Retention Infrastructure.
RSA’s unique architecture allows organizations to collect and analyze large amounts of data and expand linearly. The federated infrastructure allows organizations to scale while still maintaining the ability to analyze and query seamlessly across the system, unlike other vendors who need to centralize all data for analysis and slow down as the central site becomes larger. In addition to improved scalability, security teams can also analyze and query seamlessly across the system at top speeds. The capture infrastructure is comprised of decoders for ingest, concentrators for indexing, and brokers/analytic server for querying.
RSA Security Analytics Decoder
Decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position Decoder(s) on the network egress, core, or segment.
- The Packet Decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.
- The Log Decoder leverages Packet Decoder architecture for hundreds of devices and common log formats. Additionally, the log decoder will collect endpoint and netflow data.
RSA Security Analytics Concentrator
Concentrator aggregates metadata from Decoders to enable scalability and flexibility across network topologies and geographies. They can be deployed in tiers to provide high availability for multiple Decoder locations.
RSA Security Analytics Broker/Analytic Server
The Broker/Analytic Server facilitates queries across multiple Concentrators. Broker provides a single point of access to Security Analytics metadata and operates and scales independently of network latency, throughput, or data volume. Analytic Server hosts the web server required for investigation, reporting, and administration.
ANALYSIS AND RETENTION INFRASTRUCTURE
Unlike other tools, RSA Security Analytics has the ability to discover attacks as they're happening by correlating logs, packets, netflow, and endpoint data together. Security analytics also harnesses the power of Big Data and combines it with the data science techniques leveraged in the Advanced Analytics modules used with the RSA Warehouse, powered by Pivotal.
Event Stream Analysis (detection)
Powerful event stream analytics that support large data volumes to correlate logs, network, and endpoint data; detect incidents; and bring meaning to events flowing through your enterprise.
Archiver & Archive Storage
Long-term log retention, analysis, security, and compliance reporting.
RSA Security Analytics Warehouse (powered by Pivotal)
Hadoop infrastructure specifically designed to manipulate large amounts of data and run complex queries for advanced analysis, the Warehouse leverages out-of-the-box analytics to take advantage of the data it has stored.
Detection & AlertingDiscover attacks missed by traditional SIEM and signature-based tools by correlating network packets, netflow, endpoints, and logs. By leveraging Capture Time Data Enrichment and Event Stream Analysis for correlation, RSA Security Analytics identifies threats in real time, versus the days or even weeks required with competitive solutions.
RSA Security Analytics Investigation & TriageInstantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Investigations are driven by multi-dimensional visibility that eliminates blind spots where threats can take root.
RSA Live Intelligence SystemBegin finding incidents immediately with out-of-the-box reporting, intelligence, and rules that are automatically distributed and fused with your data.
RSA Security Analytics ReportingAutomate reporting for both proof of compliance and security.
RSA Malware Analysis WorkbenchIdentify and contextualize suspicious files by leveraging four different malware-analysis techniques.
RSA Data Discovery for Security AnalyticsDiscover IT assets and endpoints, and determine if sensitive information such as credit card data, privacy data, and IP resides in them.
RSA Security Operations Management (SecOps)Orchestrate and manage a Security Operation Center (SOC) or Critical Incident Response Center (CIRC).
RSA Data Loss Prevention (DLP)
Discover, monitor, and protect the flow of sensitive data such as personally identifiable information (PII) and intellectual property.
RSA Archer Governance Risk and Compliance
Build an efficient, collaborative governance, risk, and compliance (GRC) program across IT, finance, operations, and legal.
Detect advanced malware and quickly respond leveraging innovative live memory analysis.
RSA Critical Incident Response Solution
Detect security threats, prioritize actions based on business impact, and expand your analysts’ expertise.
Data and Spec Sheets
- Detect and Investigate Advanced Threats: Analytics
- Detect and Investigate Advanced Threats: Infrastructure
- Detect and Investigate Advanced Threats: Overview
- Accelerating Threat Detection and Analysis with RSA Security Analytics
- IT-Harvest interview with RSA on Security Analytics
- RSA on Intelligence-driven Threat Detection and Response
- RSA Security Analytics Detects Heartbleed
- ESG on Information-driven Security Based on RSA Security Analytics and RSA ECAT
- Los Angeles World Airports on RSA Security Analytics and RSA ECAT
- Be the Hunter: RSA Security Analytics 10.4 Demo
- Be the Hunter: Pivoting into RSA ECAT Demo
- Be the Hunter: RSA SIEM Use Case Demo
News & Blogs
Oct 29, 2013New RSA Products and Services Improve Security Operations; Eliminate Security and Compliance Trade-Offs
Oct 29, 2013RSA Extends Big Data Analytics to Help Organizations Identify Highest Risk Vulnerabilities
Jan 30, 2013RSA Security Analytics Leverages Big Data to Help Transform How Organizations Address Their Biggest Security Challenges