Detect & Investigate Threats. OVERVIEW

Similar documents
Discover & Investigate Advanced Threats. OVERVIEW

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

RSA Security Analytics Security Analytics System Overview

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

What s New in Security Analytics Be the Hunter.. Not the Hunted

The SIEM Evaluator s Guide

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Security Analytics for Smart Grid

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

RSA Security Analytics

IBM Security IBM Corporation IBM Corporation

IBM QRadar Security Intelligence April 2013

Boosting enterprise security with integrated log management

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Clavister InSight TM. Protecting Values

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

Getting Ahead of Advanced Threats

IBM Security QRadar SIEM Product Overview

Scalability in Log Management

Unified Security, ATP and more

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

IBM SECURITY QRADAR INCIDENT FORENSICS

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Dr. Konstantinos Ap. Eleftherianos Dr. Konstantinos Papapanagiotou. ISACA Athens Chapter Conference Athens 4/11/2013

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Log Management Solution for IT Big Data

RSA Security Anatomy of an Attack Lessons learned

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Combating a new generation of cybercriminal with in-depth security monitoring

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

QRadar SIEM 6.3 Datasheet

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Using Network Forensics to Visualize Advanced Persistent Threats

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Find the needle in the security haystack

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Win the race against time to stay ahead of cybercriminals

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

The webinar will begin shortly

Bridging the gap between COTS tool alerting and raw data analysis

THE EVOLUTION OF SIEM

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Advanced Threats: The New World Order

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

QRadar SIEM and FireEye MPS Integration

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

How To Buy Nitro Security

IBM Security Intelligence Strategy

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Extreme Networks Security Analytics G2 Vulnerability Manager

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Analyzing HTTP/HTTPS Traffic Logs

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

Using SIEM for Real- Time Threat Detection

IBM QRadar Security Intelligence Platform appliances

The Sumo Logic Solution: Security and Compliance

Cisco Cyber Threat Defense - Visibility and Network Prevention

How to Choose the Right Security Information and Event Management (SIEM) Solution

Speed Up Incident Response with Actionable Forensic Analytics

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

How To Manage Log Management

Enterprise Security Solutions

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

High End Information Security Services

Log management & SIEM: QRadar Security Intelligence Platform

The Next Generation Security Operations Center

End-user Security Analytics Strengthens Protection with ArcSight

The Sophos Security Heartbeat:

Caretower s SIEM Managed Security Services

IBM Security QRadar Vulnerability Manager

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

What is Security Intelligence?

Payment Card Industry Data Security Standard

Continuous Network Monitoring

The session is about to commence. Please switch your phone to silent!

Cloud and Data Center Security

Transcription:

Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide collection of network traffic and log event data is fused with automated threat intelligence and leveraged with high-powered analytics to enable fast threat discovery and investigations ADVANCED SECURITY THREATS DEMAND MORE EFFECTIVE SECURITY MONITORING To raise their game security teams need more effective threat detection and significantly faster investigations. Security teams need a system that can collect and manage a huge volume and wider scope of security data which will lead them to the most pressing security risks for their enterprise in the shortest amount of time. In the same vein, security teams need automated access to the best threat intelligence about the latest tools, techniques, and procedures in use by the attacker community and have this intelligence be immediately actionable through automated-enrichment on ingestion of telemetry. And they need this in one integrated security system, not multiple ones. When prevention fails all that is left is fast detection, investigation and remediation. DEEP VISIBILITY DRIVES DETECTION RSA Security Analytics is a security solution that helps security analysts detect and investigate threats that are often missed by other security tools. By combining big data security data collection, management, and analytics capabilities with full network and log-based visibility and automated threat intelligence, security analysts can better detect, investigate, and understand threats they could often not easily see or understand before. Ultimately this improved visibility and speed helps organizations reduce an attackers free time in their computing environment from weeks to hours, thus dramatically reducing the likely impact of an attack. DATA SHEET RSA Security Analytics is a solution which provides converged network security monitoring and centralized security information and event management (SIEM).

Unlike perimeter or signature based security solutions, which struggle to keep up with current risks, especially targeted attacks, RSA Security Analytics helps analysts discover interesting or anomalous behavior without being dependent on having foreknowledge of the attackers specific instances of malware or attack steps. RSA s security approach is akin to removing the hay (known good) until only needles (likely bad issues) remain, as opposed to traditional security approaches which attempt to search for needles in a giant haystack of data. Furthermore RSA Security Analytics helps analysts quickly understand alerts and unusual activity by correlating them with with network, log and event data as well as the most up-todate threat intelligence. The highly visual interface of RSA Security Analytics unifies security analysis, such as detection, investigation, alerting, reporting, and content and system administration into a single browser-based interface which puts enterprise-level visibility directly into the hands of the security analysts. This significantly increases the efficiency and effectiveness of the analysts as they don t have to flip from security tool to security tool to do their jobs. In short RSA Security Analytics takes traditional log-centric SIEM and re-conceives it and brings it forward to address the realities of today's threat landscape. HIGH POWERED ANALYTICS FOR ANALYSTS RSA Security Analytics enables comprehensive security monitoring, incident investigation, long term archiving and analytics, malware analytics, and compliance reporting via a unified, browser-based interface. It enables security analysts, whether part of a Security Operations Center (SOC), incident response team or neither, to be more effective and efficient in their job of protecting the organization's digital assets and IT systems. MONITORING & ANALYTICS Provides a single platform for capturing and analyzing large amounts of network, log, event, and other data Powerful streaming analytics for incident detection and alerting. Integration with RSA ECAT to extend detection and investigations to endpoints. Integration with RSA Security Operations Management for incident remediation. Automatically generates alerts to suspicious behavior by applying analytics and by leveraging external threat intelligence (delivered via RSA Live) fused with internally collected security data. RSA Live provides: security reports, open source community intelligence, command & control reports, exploit kit identification, blacklists, APT tagged domains, suspicious proxies, and others. Applies business context to security investigations helping analysts better prioritize their work.

INCIDENT INVESTIGATION Accelerates security investigations by enabling analysts to pivot through terabytes of meta-data, log data, & recreated network sessions with just a few clicks. Uses the industry s most comprehensive and easily understandable analytical workbench Leverages the best 3rd party research and research created by RSA FirstWatch, RSA s elite, highly trained global threat and intelligence research team BIG DATA ANALYTICS Provides a distributed computing architecture for sophisticated, advanced analysis of long term security data, delivering high performance and scalability. Scales linearly through the addition of high performance or high capacity compute nodes. Free text searching enables powerful retrieval of documents, information within or metadata about documents Provides an open interface for programmatic data access, transformation, and analysis. COMPLIANCE REPORTING Built-in compliance reports, covering a multitude of regulatory regimes (GLBA, HIPAA, NERC, SOX ) and industry requirements (PCI, BASEL II, ISO 27002 ). Automates regulatory or governance focused reporting. Also allows security teams to take advantage of business context gathered as part of their compliance program. Ties into the wider compliance reporting system through two-way integration with RSA Archer GRC. RSA Security Analytics supplies data and reports for compliance related control reports and consumes business context information about the value and purpose of individual IT systems and assets. MALWARE ANALYTICS Combines four distinct malware investigation techniques, including sandboxing, community intelligence, file content, and network behavior analysis to help the malware analyst discern if a file is malware or not. Identifies executable content wherever it exists, answers questions about the behavior of files taking into consideration where the malware was found and how it arrived into the IT environment. Incorporates anti-virus signatures only as one of multiple factors in determining the nature of the prospective malware. UNIFIED BROWSER-BASED DASHBOARD

HTML5 based user interface which enables customizable analysis and monitoring user interfaces. Monitoring, detection, investigation, and administration in a single integrated and customizable interface, driving analyst efficiency. Customized views based on the particular roles of the security analysts. BIG DATA SECURITY ANALYTICS INFRASTRUCTURE REAL TIME COLLECTION, ANALYSIS & INVESTIGATIONS Distributed collection infrastructure for simultaneous log and full network packet capture. Metadata parsing and management enables the blending of log, events, network, and other data for automated analytics, reporting, and analystdriven investigations. Event Stream Analysis engine provides advanced stream analytics such as complex event processing and correlation at high throughputs and low latency. Distributed data management optimized for near real-time analysis, reporting, and investigations. LONG TERM COLLECTION ARCHIVING, FORENSICS, ANALYSIS, & REPORTING Archiving engine enables long-term log archiving which is then optimized for long term data retention, forensic analysis and compliance reporting. Distributed warehouse and analytic engine for analysis, and reporting on security data, including logs, log meta data, network packet meta data, and select other content. Linearly scalable by adding warehouse nodes as analytic performance and capacity needs increase. KEY ARCHITECTURAL COMPONENTS RSA Security Analytics is a distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Key components of the architecture are: DECODER - Captures, parses, and reconstructs, all network traffic from Layers 2-7 or log and event data from hundreds of devices. CONCENTRATOR - Indexes metadata extracted from network or log data and makes it available for enterprise-wide querying and real-time analytics while also facilitating reporting and alerting. ANALYTIC SERVER/BROKER - Hosts the web server for reporting, investigation, administration, and other aspects of the analyst s interface. Bridges the multiple real-time data stores held in the various

decoder/concentrator pairs throughout the infrastructure. Also enables reporting on data held in the Warehouse and in archived storage. EVENT STREAM ANALYSIS ENGINE - Processes large volumes of disparate event data and brings meaning through correlation to the events flowing through your enterprise. ARCHIVER - Indexes and compresses log data and sends to archiving storage. The archiving storage is then optimized for long term data retention through compression, forensic analysis, and compliance reporting. WAREHOUSE - Hadoop based distributed computing system which collects, manages, and enables advanced analytics and reporting on longer term sets of various security data. The Warehouse can be made up of 3 or more nodes depending on the organization's analytic, and resiliency requirements. CAPACITY - RSA Security Analytics has a modular-capacity architecture, enabled with direct-attached capacity (DACs) or storage area networks (SANs), that adapt to the organization's short-term investigation and longerterm analytic and data-retention needs. THE SECURITY ANALYTICS INFRASTRUCTURE DEPLOYMENT FLEXIBILITY RSA Security Analytics provides large deployment flexibility as it can be architected using as many as multiple dozens of physical appliances down to a single physical appliance, based on the particulars of the customers' performance and security-related requirements. In addition the entire RSA Security Analytics system has been optimized to run on virtualized infrastructure.

CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller or visit us at www.emc.com/rsa. EMC2, EMC, the EMC logo, RSA are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware are registered trademarks or trademarks of VMware, Inc., in the United States and other jurisdictions. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. 10/13 Data Sheet H12632 EMC believes the information in this document is accurate as of its publication date. This information is subject to change without notice

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information