RSA Security Analytics Detect and Investigate Advanced Threats
GAIN COMPLETE VISIBILITY
DETECT AND ANALYZE
TAKE TARGETED ACTION
Explore and Compare
Explore product options and get a quote
RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to one with better visibility, analysis, and workflow. With RSA Security Analytics, teams have the power to detect and analyze even the most advanced of attacks before they can impact their organization. Once spotted, security analysts can investigate, prioritize, and remediate incidents with unprecedented precision and speed.
RSA Security Analytics offers the following benefits:
- Visibility – Gain complete visibility to identify and investigate attacks
- Eliminate blind spots where threats can take root with visibility across logs, networks, and endpoints
- Inspect every network, packet session, and log event for threat indicators at time of collection with capture time data enrichment
- Augment visibility with additional compliance and business context
- Analysis – Detect and analyze even the most advanced attacks in real time compared to days or even weeks with competitive solutions
- Discover attacks missed by traditional security information and event management (SIEM) and signature-based tools by correlating network packets, netflow, endpoints, and logs
- Begin finding incidents immediately with out-of-the-box reporting, intelligence, and rules
- Identify high-risk indicators of compromise by harnessing the power of big data and data science techniques
- Action – Take targeted action on the most important incidents
- Prioritize investigations and streamline multiple analyst workflows in one tool, enabling incident response and escalation to begin immediately and putting the advantage of time back on the side of the defender.
- Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Separate the threats from the white noise, cutting hours or days from the threat detection process and eliminating time wasted due to false positives.
- Manage compliance and more proactively defend your network and assets with compliance and threat reporting in a single place.
Our experience with hundreds of the world’s leading security operations teams has been encoded into our templates, workflows, and alerts, giving your current team the capabilities developed over years by the world’s best security operations personnel.
The RSA Security Analytics platform is comprised of two primary elements: the capture infrastructure and the analysis and retention infrastructure.
RSA's unique architecture allows organizations to collect and analyze large amounts of data and expand linearly. The federated infrastructure allows organizations to scale while still maintaining the ability to analyze and query seamlessly across the system, unlike other vendors who need to centralize all data for analysis and slow down as the central site becomes larger. In addition to improved scalability, security teams can also analyze and query seamlessly across the system at top speeds. The capture infrastructure consists of decoders for ingest, concentrators for indexing, and brokers/analytic server for querying.
RSA Security Analytics Decoder
The decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position the decoder(s) on the network egress, core, or segment.
- The packet decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.
- The log decoder leverages packet decoder architecture for hundreds of devices and common log formats. Additionally, the log decoder will collect endpoint and netflow data.
RSA Security Analytics Concentrator
The concentrator aggregates metadata from decoders to enable scalability and flexibility across network topologies and geographies. You can deploy them in tiers to provide high availability for multiple decoder locations.
RSA Security Analytics Broker/Analytic Server
The broker/analytic server facilitates queries across multiple concentrators. The broker provides a single point of access to security analytics metadata and operates and scales independently of network latency, throughput, or data volume. The analytic server hosts the web server required for investigation, reporting, and administration.
ANALYSIS AND RETENTION INFRASTRUCTURE
Unlike other tools, RSA Security Analytics has the ability to discover attacks as they're happening by correlating logs, packets, netflow, and endpoint data together. Security analytics also harnesses the power of big data and combines it with the data science techniques leveraged in the advanced analytics modules used with the RSA Warehouse, powered by Pivotal.
Event Stream Analysis (Detection)
Event stream analysis consists of powerful event stream analytics that support large data volumes to correlate logs, network, and endpoint data, detect incidents, and bring meaning to events flowing through your enterprise.
Archiver and Archive Storage
The archiver and archive storage provides long-term log retention, analysis, security, and compliance reporting.
RSA Analytics Warehouse (Powered by Pivotal HD)
The RSA Analytics Warehouse includes Hadoop infrastructure specifically designed to manipulate large amounts of data and run complex queries for advanced analysis. It leverages out-of-the-box analytics to take advantage of the data it has stored.
Detection and AlertingDiscover attacks missed by traditional security information and event management (SIEM) and signature-based tools by correlating network packets, netflow, endpoints, and logs. By leveraging capture time data enrichment and event stream analysis for correlation, RSA Security Analytics identifies threats in real time compared to the days or even weeks required with competitive solutions.
RSA Security Analytics Investigation and TriageInstantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Investigations are driven by multidimensional visibility that eliminates blind spots where threats can take root.
RSA Live Intelligence SystemBegin finding incidents immediately with out-of-the-box reporting, intelligence, and rules that are automatically distributed and fused with your data.
RSA Security Analytics ReportingAutomate reporting for both proof of compliance and security.
RSA Malware Analysis WorkbenchIdentify and contextualize suspicious files by leveraging four different malware-analysis techniques.
RSA ECATExpose malware and other endpoint threats and instantly determine the scope of a compromise.
RSA Security Operations Management (SecOps)Orchestrate and manage a security operations center (SOC) or a critical incident response center (CIRC).
RSA Archer Governance Risk and Compliance
Build an efficient, collaborative governance, risk, and compliance (GRC) program across IT, finance, operations, and legal.
RSA Data Loss Prevention (DLP)
Discover, monitor, and protect the flow of sensitive data such as personally identifiable information (PII) and intellectual property.
Detect advanced malware and quickly respond leveraging innovative live memory analysis.
RSA Advanced Security Operations Center Solution
Detect and analyze even the most advanced of attacks before they can impact the business and take targeted action on the most critical incidents.
Data and Spec Sheets
- RSA Security Analytics: Infrastructure
- RSA Security Analytics: Malware Analysis
- RSA Security Analytics: Network Forensics
- RSA Security Analytics: Overview
- RSA Security Analytics: SIEM and Beyond
- ADP on RSA Security Analytics
- Be the Hunter: Pivoting into RSA ECAT Demo
- Be the Hunter: RSA Security Analytics 10.4 Demo
- Be the Hunter: RSA SIEM Use Case Demo
- ESG on Information-driven Security Based on RSA Security Analytics and RSA ECAT
- Finding an Unknown Threat with RSA Security Analytics and RSA ECAT
- Improved Incident Response with RSA Security Analytics and RSA ECAT
- Los Angeles World Airports on RSA Security Analytics and RSA ECAT
- RSA on Intelligence Driven Threat Detection and Response
- RSA Security Analytics Detects Heartbleed
- Using Endpoint Visibility to Protect Your Enterprise with RSA Security Analytics and RSA ECAT
- Intelligence Driven Threat Detection and Response
- RSA Discovers Massive Boleto Fraud Ring in Brazil
- Taking Charge of Security in a Hyperconnected World
- The Critical Incident Response Maturity Journey
News & Blogs
Sep 09, 2014RSA Turns the Table on Cyber Attackers