RSA envision to RSA Security Analytics. Successful Migration in a Managed Environment



Similar documents
What s New in Security Analytics Be the Hunter.. Not the Hunted

Detect & Investigate Threats. OVERVIEW

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Discover & Investigate Advanced Threats. OVERVIEW

MANAGED SECURITY SERVICES (MSS)

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

Managed Security Service Providers vs. SIEM Product Solutions

How To Manage Log Management

Security Analytics Topology

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

Caretower s SIEM Managed Security Services

RSA Security Analytics Security Analytics System Overview

MANAGED SECURITY SERVICES (MSS)

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

IT Security Strategy and Priorities. Stefan Lager CTO Services

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

THE EVOLUTION OF SIEM

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

How to Define SIEM Strategy, Management and Success in the Enterprise

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Click to edit Master title style. How To Choose The Right MSSP

GETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE

How RSA has helped EMC to secure its Virtual Infrastructure

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Converting Security & Log Data into Business Intelligence: Art or Science? Phone Conference

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

World Security Information and Event Management (SIEM) and Log Management Products Market

RSA Security Analytics Certified Administrator (CA) Certification Examination Study Guide

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

Security Information and

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

2012 North American Managed Security Service Providers Growth Leadership Award

Solution Briefing. Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

NEC Managed Security Services

Advanced Threats: The New World Order

Don t let your SIeM become your Nightmare!

CONTINUOUS LOG MANAGEMENT & MONITORING

RSA Security Analytics

SIEM AND THE ART OF LOG MANAGEMENT Trustwave Holdings, Inc.

The SIEM Evaluator s Guide

Clavister InSight TM. Protecting Values

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

State of Security Monitoring of Public Cloud

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

How To Buy Nitro Security

The session is about to commence. Please switch your phone to silent!

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

The Case for Managed Security Services for Log Monitoring and Management

Data Science Transforming Security Operations

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

DYNAMIC DNS: DATA EXFILTRATION

Swordfish

Scalability in Log Management

SECURITY OPERATIONS CENTER (SOC) Implementing Security Monitoring in Small and Mid-Sized Organizations

1 Introduction Product Description Strengths and Challenges Copyright... 5

Enabling Security Operations with RSA envision. August, 2009

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

RSA Security Analytics

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

MicroStrategy Cloud Enterprise User Guide Version 2

BlackStratus for Managed Service Providers

Security Monitoring and Alerting: Managed Security Service Providers (MSSP) vs. Security Incident & Event Management (SIEM)

The Five W's of SOC Operations. Kevin

Evaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University

Securing SharePoint 101. Rob Rachwald Imperva

The Future of the Advanced SOC

RSA Security Anatomy of an Attack Lessons learned

nfx One for Managed Service Providers

IBM QRadar as a Service

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

IBM Security QRadar SIEM Product Overview

Compliance Management, made easy

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Sourcefire Customer Case Study Nokia Siemens Networks: Creating Actionable Security Intelligence for Global IT Infrastructures

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

SIEM just another acronym? What is it Why Advanced Persistent Threats (APTs) Audit Objectives Audit Program

Transcription:

RSA envision to RSA Security Analytics Successful Migration in a Managed Environment

Nathan Sherlock, VP of Managed Services 2

Reasons to Migrate from envision to SA Easier to move from envision to RSA SA, as opposed to any other SIEM solution Ingest, integrate and correlate log and packet events within one platform RSA SA Investigate and analyze TB s of data using pivot tools RSA SA Take incident analysis capabilities to another level 3

Use an MSSP to Migrate from envision to SA MSSP (Managed Security Services Provider) can manage both platforms in parallel during the transition one stop shop for all phases of the project MSSP can manage the envision-to-sa integration, ensuring both platforms live side-by-side and complement one another. MSSP must leverage, monitor and maintain: SA s ability to pull reports from data which resides in the envision data structure, the IPDB. envision s ability to forward logs and events which it has collected directly to the SA platform for storage, analysis, and investigative support. 4

Use an MSSP to Migrate from envision to SA MSSP 24/7/365 Security Analysts must continue security monitoring uninterrupted during the migration should not be an issue if the MSSP s alert framework is applied to both platforms MSSP objective must be RSA SA Operational Readiness, going beyond technology migration MSSP will help set a deadline for envision to be decommissioned important milestone and must be realistic typically 3-6 months 5

High-Level Transition Checklist Stand up SA for Log Data and Network Data Collection The log decoder work effort is separate from setting up network decoders but both can be done in parallel. MSSP s 24/7/365 SOC can start monitoring for network-oriented attacks via network decoders while log decoders are being setup. Enable Z-Connector on envision to send all logs to SA. Copy of logs is still kept in envision Configure alerting/reporting framework on SA - transition legacy reports and alerts to SA that are still relevant Transition device log collection to SA. This can be done over time phased approach Confirm all requirements are met and decommission the envision appliances 6

Detailed Operational Readiness Checklist (ORC) What devices currently log to envision? Use this migration to log net new devices. Is there a NEW list of all devices/assets to be monitored by RSA SA? What alerts and reports were configured on RSA envision? What stays with the new RSA SA, what goes? Use this migration to purge useless reports/alerts/dashboards. Which net new devices are natively supported by RSA SA, and which ones require a custom parser? Is RSA SA required to meet some form of compliance (ex HIPAA, PCI, SOX)? Are the in-scope devices classified by criticality, compliance (ex HIPAA, PCI, SOX? 7

ORC continued. Regardless of any compliance requirements, which devices (new or old) are most critical and why? How are the monitored devices geographically dispersed? This affects the number and distribution of required log decoders. Is their a requirement to incorporate network data elements into RSA SA? This goes beyond logging/syslog. Network decoders are fantastic when positioned and used wisely. Any specific egress points in-scope for network data collection? This affects the number and distribution of required network decoders. Is the security monitoring escalation process documented and clearly defined? 8

THANK YOU

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information