RSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief



Similar documents
RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

Scalability in Log Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Boosting enterprise security with integrated log management

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Clavister InSight TM. Protecting Values

SANS Top 20 Critical Controls for Effective Cyber Defense

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Payment Card Industry Data Security Standard

White paper. Four Best Practices for Secure Web Access

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

RSA SecurID Two-factor Authentication

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Detect & Investigate Threats. OVERVIEW

Discover & Investigate Advanced Threats. OVERVIEW

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

How To Buy Nitro Security

Compliance Management, made easy

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Strengthen security with intelligent identity and access management

Enforcive / Enterprise Security

White Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia

CyberArk Privileged Threat Analytics. Solution Brief

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

Preemptive security solutions for healthcare

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

CA Service Desk Manager

Best Practices for Building a Security Operations Center

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

TRIPWIRE NERC SOLUTION SUITE

Enabling Security Operations with RSA envision. August, 2009

IBM QRadar Security Intelligence April 2013

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

AlienVault for Regulatory Compliance

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Network Performance + Security Monitoring

Cisco SAFE: A Security Reference Architecture

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

QRadar SIEM 6.3 Datasheet

Information Technology Policy

Trend Micro. Advanced Security Built for the Cloud

8 Steps to Holistic Database Security

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Simply Sophisticated. Information Security and Compliance

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

End-user Security Analytics Strengthens Protection with ArcSight

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Seven Things To Consider When Evaluating Privileged Account Security Solutions

IBM Tivoli Compliance Insight Manager

Security management solutions White paper. Extend business reach with a robust security infrastructure.

White Paper. Imperva Data Security and Compliance Lifecycle

End-to-end Solutions to Enable Log Management Best Practices

Meeting PCI Data Security Standards with

HP and netforensics Security Information Management solutions. Business blueprint

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Vulnerability Management

The syslog-ng Store Box 3 F2

BlackStratus for Managed Service Providers

Injazat s Managed Services Portfolio

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Teradata and Protegrity High-Value Protection for High-Value Data

The SIEM Evaluator s Guide

FISMA / NIST REVISION 3 COMPLIANCE

Analyzing HTTP/HTTPS Traffic Logs

IBM Security QRadar Risk Manager

The Impact of HIPAA and HITECH

Ecom Infotech. Page 1 of 6

Configuring Celerra for Security Information Management with Network Intelligence s envision

1. Thwart attacks on your network.

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

IBM Security QRadar Vulnerability Manager

SIEM and DLP Together: A More Intelligent Information Risk Management Strategy

Transcription:

RSA Solution Brief The RSA envision Platform A Single, Integrated 3-in-1 Log Management Solution RSA Solution Brief

The RSA envision Platform at a Glance The RSA envision platform gives organizations a single, integrated 3-in-1 log management solution for simplifying compliance, enhancing security and risk mitigation, and optimizing IT and network operations through the automated collection, analysis, alerting, auditing, reporting and secure storage of all logs. Collection and Management Records and stores everything that happens on the network, as it happens Is easy to set up, with no agents to be installed on your network Integrates with hundreds of different networked devices, right out of the box Analysis and Alerting The platform s knowledge base learns, grows and adapts to reflect a constantly changing compliance and security landscape Applies actionable intelligence, forensics and reporting to identify critical events and trends for immediate action and resolution Gives a clear and comprehensive overview of overall network activity with real-time monitoring, alerts and understanding of unusual events, tracked against an observed baseline Auditing and Reporting Scales to manage tens-of-thousands of network, security, host, application/ databases and storage devices across multiple geographies Storage Stores your data more efficiently and optimizes access whenever information is needed Provides complete, accurate and verifiable storage to meet compliance standards A Proven Solution Provides a scalable, distributed architecture to collect, store, manage, protect and analyze event log data without data loss or corruption, both locally and remotely Is proven to take the cost and complexity out of compliance and security for more than 1,000 customers worldwide From an analyst-recognized leader in security and event management, with a heritage in security and the breadth of management and storage expertise as part of EMC Backed by RSA s expert professional services team to deliver an aggressive ROI and an immediate payoff in improved business continuity and performance. Includes more than 1,100 easy to customize built-in reports covering a vast range of user-defined issues, internal security policies and compliance regulations For more than 1,000 organizations including some of the largest global Fortune 100 enterprises RSA envision platform technology is crucial to monitoring and enforcing complex and exhaustive security and compliance policies and procedures. 1 RSA Solution Brief

Server engineering Business operations Compliance/ audit Risk Management Security operations Desktop operations Network operations Application & database Information Management for Compliance, Security, and IT and Network Operations RSA envision 3-in-1 functionality eliminates the cost, time and stress of log management and provides the net- Log management Active identification Baseline Report Alerts Forensics Incident management work-wide visibility and tools needed to monitor and enforce security policy and regulatory compliance. Compliance Operations IT & Network Operations Security Operations Log Management Total Visibility. Total Control. A 3-in-1 Log Management Solution In any IP network, almost every device from firewalls to servers generates logs of the traffic it carries, the transactions it makes and the activities it conducts. This data is vital to secure successful use of the network. It helps you optimize security, business continuity and network performance and provides an essential record of all network events and user activity, helping your organization comply with government, industry and internal regulations. But monitoring thousands of devices and then handling and protecting the event log data each device produces covering many thousands of events, every second of every day can be a huge challenge. The RSA envision platform makes it easy for your compliance, security and network professionals to identify, explore and resolve critical events and trends by building a clear and comprehensive picture of the activity on your network. The RSA envision platform gives organizations a single, integrated 3-in-1 log management solution for Simplifying compliance Enhancing security and risk mitigation and Optimizing IT and network operations. It provides automated collection, analysis, alerting, auditing, reporting and secure storage of all logs. It is a proven solution already deployed in more than 1,000 leading organizations worldwide. The RSA envision platform is a scalable, highavailability solution for Security Information and Event Management (SIEM). It is able to capture all the log data on your network, all the time. It continuously records and stores every event log generated by any device on the network, ensuring each log event is complete, accurate and verifiable. It also offers powerful analytical tools to help you simplify compliance, enhance security and risk mitigation, and optimize IT and network operations. Quite simply, you gain three solutions in the same box: RSA Solution Brief 2

Compliance auditors have a complete set of authentic and verifiable data to help them meet reporting requirements Risk-management and security operations staff are better able to protect their network, data and assets empowered by real-time visibility and understanding of suspicious network activity and susceptible network vulnerabilities IT and network administrators have a record of everything that has happened and is happening in the network as well as insight into what might happen, helping to optimize network performance and guide their activities and investments Log Management for Simplifying Compliance All the Evidence You Need to Demonstrate Corporate Responsibility The RSA envision platform simplifies and streamlines your compliance procedures by collecting All the Data that drives your business, storing it in a compliant, protected manner and automatically generating noncompliance alerts against an observed baseline. Armed with this information, you can ensure and prove compliance and give customers and trading partners greater confidence in doing business with you, helping to build your brand. Should the need arise you can call up verifiable crucial evidence to support or contest legal action in cases of wrongful dismissal, breaches of information privacy laws or intellectual property theft. A Complete Record of Activity Whatever the regulatory environment, organizations must have systems in place to capture, collect and protect all their event data. It must be captured across the entire network, be readily accessible for inspection and audit by government and regulatory bodies and stored securely for many years to come, as dictated by the individual regulatory requirements. The RSA envision platform provides you with a full account of network activity and the means to meet all the compliance demands of access and configuration control, malware detection, policy enforcement, user monitoring and management, and environment and transmission security. It does this by: Efficiently and securely collecting, protecting and storing data exactly as network devices have recorded it Establishing baselines of activity for the entire network environment to define what constitutes normal activity and detect any deviations from the baseline Alerting affected parties to deviations from baseline activities and detecting complex patterns of malicious activity across multiple, network, security and storage devices and across multiple host applications Generating summary and detailed reports for mandated periods of time, using real-time and historic data Carrying out forensic analysis to correct policies and settings on systems and provide a debug-level view of all changes and the effect they have on the environment Establishing incident management tools to closely monitor and correct violations and making sure they are recorded, escalated and corrected in a timely and thorough manner Easy Compliance Assessments The RSA envision platform s reporting engine provides quick and easy access to and analysis of compliancesensitive data. Administrators can create their own reports based on your organization s specific compliance policies using an intuitive wizard interface, and they can utilize more than 1,100 built-in graphic and tabular reports covering a vast range of user-defined issues and all the major global compliance regulations, including: 3 RSA Solution Brief

Sarbanes-Oxley (SOX) Health Insurance Portability and Accountability Act (HIPAA) US Patriot Act Gramm-Leach-Bliley Act (GLBA) Basel II Payment Card Industry (PCI) ISO27001/ISO17799 Federal Information Security Management Act of 2002 (FISMA) California Senate Bill 1386 Statement on Auditing Standard 70 (SAS 70) Emerging European Union (EU) regulations governing data security, cyber-crime and terrorism Future-proof Compliance Archival Because it stores the complete log records from your devices, without filtration or normalization, the RSA envision platform equips you to respond to future compliance requirements, however unexpected. With storage limited only by your physical infrastructure, there is no risk of deleting anything that could one day prove critical to new compliance requirements and you can be certain of being able to verify its accuracy or completeness against any new standard. Log Management for Enhancing Security and Risk Mitigation Protecting Your Data, Your Business and Your Reputation Even the toughest perimeter defenses cannot stop all of today s external security threats and they are virtually useless against internal threats. Intruders are becoming increasingly clever and creative in identifying loopholes and exploiting vulnerabilities in network security, often hiding their attacks in ingenious depths of complexity. The RSA envision platform is the only SIEM solution that can deliver 100% visibility into security threats occurring inside your network and at the perimeter. It does this by aggregating and analyzing all the event log data it collects from switches, routers, security devices, hosts, applications, servers and storage into its database, then processing this raw information quickly to identify and prioritize security insights. Intelligent Baselining The first step to identifying security issues is to build a picture or baseline of the infrastructure as it should look, including which users are accessing which applications, what are common traffic patterns and what kind of devices reside on the network. The RSA envision platform combines a knowledge base of tensof-thousands of known log messages with an open classification dictionary (taxonomy). It can learn network patterns over time and automatically establish appropriate baselines to detect anomalies and unusual patterns and track specific groups of devices and events. The RSA envision platform collects, processes and stores unstructured data without any filtering or data normalization. It also maintains a digital chain of custody for all the event log data. Data is stored unchanged, intact and tamper-proof, and can be accessed and retrieved for any compliance purpose, now or in the future. RSA Solution Brief 4

A Close Watch Through real-time monitoring, the RSA envision platform gives you a single, complete view of the relationships between events that occur throughout your network. It automatically monitors and helps enforce access controls so that you can see misuse immediately and make users accountable for both privileged and non-privileged access to all network, computing and application components, thereby minimizing the risk from insider threats. It also detects any rogue network services that use open paths through network defenses, allowing you to shut down network access in time to protect your organization from information leaks, privacy breaches and illegal content. Plus it enables you to track the source of potential breaches using watch lists that monitor the network addresses and names of users who target specific services and systems. Early Warning Alerts can be set to trigger whenever established baseline thresholds are exceeded, known offenders become active, unauthorized network access or rogue services are detected or when a specific custom rule is broken relating to any geography, service or device. The RSA envision platform correlates this event data against its extensive knowledge base of known vulnerabilities and the assets in your networks. Assisted by the on-board Task-Triage ticketing system, this helps your managers to distinguish serious events from false positives and prioritize resources for events that pose a genuine risk to network and business assets. Security Reporting The 1,100-plus built-in reports provide extensive tabular and graphical analysis of security-affecting events, helping to enforce access controls for any asset on the network. All reports can be modified, exported and set to cover any time period extremely quickly, enabling prompt action to be taken. Event Explorer The RSA envision Event Explorer is an advanced analytics module that enables you to dynamically view network behavior across application, firewall, IDS and other types of data, assessing the source, cause and effect of a breach for its risk level, range and severity. Enhancing your ability to conduct real-time and historical forensic investigations, you can drill down into the data, explore it from a variety of perspectives and investigate a range of issues simultaneously with sophisticated querying, filtering, searching and sorting tools. Correlated threat detection enables you to examine and compare patterns of network behavior enterprise-wide, automatically assessing it in terms of vulnerability, risk and threat. Finding a needle in a haystack the RSA envision platform s dashboard, real-time alerts and powerful forensic and analytical tools make it quick and easy to dig for evidence and identify and measure unusual activity for further investigation and action. 5 RSA Solution Brief

Event Explorer View 1 Event Explorer View 2 Event Explorer Event Explorer View 3 Security breaches leave a trail of forensic evidence. Event Explorer enables you to trace it back to the source. APPLICATION SERVER Network Intelligence SERVER REMOTE WINDOWS SERVERS NETSCREEN FIREWALL WINDOWS WORKSTATION APPLICATION SERVER APPLICATION SERVER WINDOWS SERVERS CUSTOMER B CENTER #1 SERVER SERVER TREND MICRO ANTIVIRUS NETAPP FILESERVER ORACLE FINANCIAL CENTER #2 NETAPP FILESERVER ORACLE FINANCIAL CUSTOMER A Log Management for Optimizing IT and Network Operations Cut through the complexity for a clearer view of user activity and network performance. The RSA envision platform is unique in its ability to collect all the IP activity logs generated on your network, and then, using a revolutionary database technology, powerful correlation capabilities and advanced analytics, transform this mass of unstructured, seemingly unrelated event data into understandable information that details exactly what is happening within the enterprise network and across all the IT systems. Our appliances can be deployed individually, as a complete, self-contained solution for smaller networks, or as part of a larger distributed architecture that enables the rapid collection of event log data from anywhere on a network, regardless of geographical location or network size. Once collected, this information is key to verifying compliance with regulations and security policies, generating alerts for possible security breaches, mitigating network risk, and analyzing and reporting on network performance. The RSA envision platform can capture, analyze and manage all the events from the entire network infrastructure out-of-the-box, without requiring any agents, using event transport protocols, including: Syslog over UDP Syslog over TCP ODBC Windows Agent-less SNARE Agents SNMP Check Point LEA Secure file transfer (including mainframe) RSA Solution Brief 6

Optimizing IT and Network Operations IT organizations can leverage the platform to track and manage activity logs for servers, networking equipment and storage platforms, and monitor network assets, availability and the status of people, hardware and business applications. The RSA envision platform provides an intelligent forensic tool for troubleshooting infrastructure problems and protecting infrastructure resources, and it assists IT managers in help desk operations and provides granular visibility into specific behaviors by end-users. A Shortcut to Visibility into Your Network Infrastructure Installation of your RSA envision appliances is simple. Individual appliances need only to be plugged into a power source and attached to the network for you to be up and running in an hour. Event log data is collected from all IP devices in the network without having to deploy collecting agents on each IP device: meaning there s no overhead on the device s performance and no additional software to manage, maintain and update. All the Data All the Time The RSA envision platforms can collect all the event data, all the time even in the busiest data-intensive operations. Data collection devices can be duplicated for high availability, providing immediate fail-over if the primary collector fails. Real-time alerts, reports and statistical analysis are brought together and presented graphically through a dashboard facility, making it easy for you to watch and understand events as and when they happen. For businesses with larger networks, the RSA envision appliance-based solutions scale easily to cope with the demands that come from collecting, storing and analyzing data in real-time from thousands of network devices, which may be distributed across continents as well as countries. Our scalable solutions can easily handle the storage demands of hundreds of gigabytes of data, and have the proven ability to collect and process hundreds of thousands of events per second. These solutions are delivered on a standardized, controlled combination of hardware, OS and software, meaning that performance levels are predictable, reproducible and guaranteed. Real-time Analysis The RSA logsmart Internet Protocol Database allocates data to different media depending on its value, archival duration and demands for rapid access, while allowing real-time data analysis. 8 RSA Solution Brief

Keeping Pace The RSA envision platform learns as it goes, gathering information into its knowledge base in real time. In this way it builds a clear and comprehensive view of how your network and users operate. The solution automatically sets and updates benchmarks (baselines) for normal activity and uses them to detect any unusual levels of activity and complex patterns of suspicious activity across multiple, disparate devices. Real-time alerts can be set to trigger the moment activity deviates from the baseline. Integrity Assured The RSA envision platform stores event data exactly as it is received; it doesn t normalize the data or modify it in any way. During storage, the appliance renders the data tamperproof using the latest write-once-readmany (WORM) storage technology. Data cannot be changed, lost or damaged, and specific records can be rapidly and instantly retrieved as your users require for reporting, forensic analysis or exploration. Fast, Intelligent Data Storage At the heart of the platform is the patented RSA envision LogSmart Internet Protocol Database (IPDB). It enables more data to be captured, managed, stored and analyzed faster than other technologies, while reducing the relative cost of data storage. Data archival and access is optimized using tiered storage across a range of online, near-line and offline systems and media to reflect how often each file needs to be accessed and for how long it must be retained. Organizations choose RSA envision technology because it s a single, 3-in-1 integrated solution for simplifying compliance, enhancing security and risk mitigation, and optimizing IT and network operations. It is one comprehensive, plug-and-play solution. RSA Solution Brief 9

Why Choose the RSA envision Platform? The RSA envision platform is the market leading SIEM technology platform, able to meet the demands of networks of any size without losing any of the data and ensuring that once data is collected it cannot be edited or changed. Designed to make life simple, the security-hardened RSA envision appliances integrate right out-of-the-box with hundreds of different event source types and start gathering information from your infrastructure from the moment you plug them in without the need for having to install agents on network devices. Once collected, stored and secured, this data is then available to all authorized administrators within an organization, providing a common platform for data analysis for all interested parties. For the first time, compliance officers, security officers and IT managers can implement a shared infrastructure that meets their individual needs and provides flexible, customizable reporting on data extracted from a shared, global database. The RSA envision Family of Appliances With best-in-class services products and partnerships, RSA provides a comprehensive solution for Information Risk Management, which is a holistic strategy for mitigating the risks to which information is exposed throughout its lifecycle. The RSA envision platform s wide range of appliances meets the SIEM needs of every organization and supports enterprisewide Information Risk Management initiatives. The ES Series of self-contained standalone appliances provides log management for up to 7,500 events per second and up to 1,250 devices. Larger, more complex infrastructures are best served by a distributed, scalable infrastructure combining the LS Series of Data Collectors, Data Servers and Application Servers for greater performance and redundancy. Remote Collectors can also be used to gather data from branch offices or remote overseas locations. Take Action Today From the earliest planning stages through to final deployment, RSA experts can work with you to identify the specific business and compliance requirements that apply in your industry and business, then smoothly deploy the RSA envision platform that fully addresses your needs for simplifying compliance, enhancing security and risk mitigation, and optimizing IT and network operations. To find out more about how your organization could benefit from the RSA envsion platform, please contact your local EMC or RSA Sales representative, or visit: www.rsa.com or www. EMC.com. 10 RSA Solution Brief

RSA Solution Brief 11

RSA is your trusted partner RSA, the Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. RSA s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention & encryption, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.rsa.com and www.emc.com. 2008 RSA Security Inc., all rights reserved. RSA, the RSA logo, envision, LogSmart, Event Explorer and All the Data are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and services mentioned are trademarks of their respective companies. 3IN1 SB 0208

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information