RSA Security Analytics
Discover and Investigate Advanced Threats
log-centric SIEM, forensics, compliance, and big data management and analytics.
Big Data Security
High-Powered Analytics
Threat Intelligence
Compliance Support
Details
RSA Security Analytics helps security analysts detect and investigate threats often missed by other security tools. Leveraging the proven technology of RSA NetWitness, Security Analytics provides converged network security monitoring and centralized security information and event management (SIEM).
Security Analytics combines big data security collection, management, and analytics; full network and log-based visibility; and automated threat intelligence – enabling security analysts to better detect, investigate, and understand threats they often could not easily see or understand before.
High-Powered Analytics
- Monitoring and Analytics – Provides a single platform for capturing and analyzing large amounts of network, log, and other data.
- Incident Investigation – Accelerates security investigations by enabling analysts to pivot through terabytes of metadata, log data, and recreated network sessions with just a few clicks.
- Long-Term Warehouse – Archives and analyzes long-term security data through a distributed computing architecture. Provides built-in compliance reports covering a multitude of regulatory regimes.
Platform
The RSA Security Analytics platform is comprised of two elements: the Capture Infrastructure and the Security Analytics Warehouse.
CAPTURE INFRASTRUCTURE
RSA Security Analytics Decoder
Decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position Decoder(s) on the network egress, core, or segment.
- The Packet Decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.
- The Log Decoder leverages Packet Decoder architecture for more than 200 devices and common log formats.
RSA Security Analytics Concentrator
Concentrator aggregates metadata from Decoders to enable scalability and flexibility across network topologies and geographies. They can be deployed in tiers to provide high availability for multiple Decoder locations.
RSA Security Analytics Broker/Analytic Server
The Broker/Analytic Server facilitates queries across multiple Concentrators. Broker provides a single point of access to Security Analytics metadata and operates and scales independently of network latency, throughput, or data volume. Analytic Server hosts the web server required for investigation, reporting, and administration.
RSA SECURITY ANALYTICS WAREHOUSE
Warehouse provides long-term archiving, forensics, analysis, and reporting. Leveraging Hadoop, it scales with storage capacity on a standardized hardware platform.
Applications
-
RSA Security Analytics Investigation
Leverage the primary interactive analysis module for the security analyst with proven analytic functionality. -
RSA Live Intelligence System
Gather advanced threat intelligence and content from the global security community and RSA FirstWatch. -
RSA Security Analytics Reporter
Automate reporting for both proof of compliance and security. -
RSA Security Analytics Alerter
Accelerate the discovery of advanced attacks through security alerts that leverage broad internal monitoring and external threat intelligence. -
RSA Security Analytics Warehouse
Improve security by collecting, archiving, analyzing, and reporting on security-relevant, enterprise data including logs, events, and network meta data.
Integration Options
-
RSA Data Discovery for Security Analytics
Discover IT assets and endpoints, and determine if sensitive information such as credit card data, privacy data, and IP resides in them. -
RSA Asset Criticality Intelligence (ACI)
Provide business context to help security operations centers (SOCs) prioritize security investigations according to the potential impact to the business. -
RSA Advanced Incident Management for Security (AIMS)
Automate the incident management workflow for critical security events from detection, investigation, analysis and resolution engaging key business stakeholders.
Related Offerings
Products
-
RSA Data Loss Prevention (DLP)
Discover, monitor, and protect the flow of sensitive data such as PII and intellectual property.
-
RSA Archer Governance Risk and Compliance
Build an efficient, collaborative governance, risk, and compliance (GRC) program across IT, finance, operations, and legal.
-
RSA ECAT
Detect advanced malware and quickly respond leveraging innovative live memory analysis.
Solutions
-
RSA Advanced Threat Management Solution
Defend against advanced threats by identifying, protecting, and rapidly responding to security incidents.
Resources
Data and Spec Sheets
- Discover and Investigate Advanced Threats. Analytics
- Discover and Investigate Advanced Threats. Infrastructure
- Discover and Investigate Advanced Threats. Overview
- Data Sheet: RSA Data Discovery For RSA Security Analytics
Solution Overviews
- Changing the Security Monitoring Status Quo
- Implementing a Security Analytics Architecture
- Stalking the Kill Chain