Discover & Investigate Advanced Threats. OVERVIEW



Similar documents
Detect & Investigate Threats. OVERVIEW

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

RSA Security Analytics Security Analytics System Overview

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

The SIEM Evaluator s Guide

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Clavister InSight TM. Protecting Values

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Dr. Konstantinos Ap. Eleftherianos Dr. Konstantinos Papapanagiotou. ISACA Athens Chapter Conference Athens 4/11/2013

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

RSA Security Analytics

Getting Ahead of Advanced Threats

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Using Network Forensics to Visualize Advanced Persistent Threats

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

What s New in Security Analytics Be the Hunter.. Not the Hunted

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Security Analytics for Smart Grid

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Boosting enterprise security with integrated log management

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

IBM Security IBM Corporation IBM Corporation

IBM QRadar Security Intelligence April 2013

RSA Security Anatomy of an Attack Lessons learned

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

IBM SECURITY QRADAR INCIDENT FORENSICS

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Scalability in Log Management

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

IBM Security QRadar SIEM Product Overview

Unified Security, ATP and more

Win the race against time to stay ahead of cybercriminals

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

Find the needle in the security haystack

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Using SIEM for Real- Time Threat Detection

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Enterprise Security Solutions

Log Management Solution for IT Big Data

QRadar SIEM 6.3 Datasheet

IBM Security Intelligence Strategy

Extreme Networks Security Analytics G2 Vulnerability Manager

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

The webinar will begin shortly

Bridging the gap between COTS tool alerting and raw data analysis

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

The Next Generation Security Operations Center

Log management & SIEM: QRadar Security Intelligence Platform

Continuous Network Monitoring

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

How RSA has helped EMC to secure its Virtual Infrastructure

Combating a new generation of cybercriminal with in-depth security monitoring

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

QRadar SIEM and FireEye MPS Integration

How To Manage Log Management

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

How To Buy Nitro Security

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

IBM QRadar Security Intelligence Platform appliances

IBM Security QRadar Vulnerability Manager

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Analyzing HTTP/HTTPS Traffic Logs

Advanced Threats: The New World Order

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

How to Choose the Right Security Information and Event Management (SIEM) Solution

Caretower s SIEM Managed Security Services

Find the intruders using correlation and context Ofer Shezaf

Speed Up Incident Response with Actionable Forensic Analytics

Cloud and Data Center Security

Payment Card Industry Data Security Standard

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

The Sumo Logic Solution: Security and Compliance

IBM QRadar as a Service

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

EnCase Analytics Product Overview

RAVEN, Network Security and Health for the Enterprise

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Vulnerability Management

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Intelligence Driven Security

Trend Micro. Advanced Security Built for the Cloud

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Transcription:

Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide collection of network traffic and log event data is fused with automated threat intelligence and leveraged with high-powered analytics to enable fast threat discovery and investigations ADVANCED SECURITY THREATS DEMAND MORE EFFECTIVE SECURITY MONITORING To raise their game security teams need more effective threat detection and significantly faster security investigations. Security teams need a system that can collect and manage a huge volume and wider scope of security data which will lead them to the most pressing security risks for their enterprise in the shortest amount of time. In the same vein, security teams need automated access to the best threat intelligence about the latest tools, techniques, and procedures in use by the attacker community and have this intelligence be immediately actionable through automated delivery directly into the system. And they need this in one integrated security system, not multiple ones. When prevention fails all that is left is fast detection and remediation. VISIBILITY DRIVES DETECTION RSA Security Analytics is a security solution that helps security analysts detect and investigate threats that are often missed by other security tools. By combining big data security data collection, management, and analytics capabilities with full network and log-based visibility and automated threat intelligence, security analysts can better detect, investigate, and understand threats they could often not easily see or understand before. Ultimately this improved visibility and speed helps organizations reduce an attackers free time in their computing environment from weeks to hours, thus dramatically reducing the likely impact of an attack. DATA SHEET RSA Security Analytics is a solution from RSA which leverages the proven technology of RSA NetWitness to provide converged network security monitoring

and centralized security information and event management (SIEM). Unlike perimeter or signature based security solutions, which struggle to keep up with current risks, especially targeted attacks, RSA Security Analytics helps analysts discover interesting or anomalous behavior without being dependent on having foreknowledge of the attackers specific tools or techniques. RSA s security approach is akin to removing the hay (known good) until only needles (likely bad issues) remain, as opposed to traditional security approaches which attempt to search for needles in a giant haystack of data. Furthermore RSA Security Analytics helps analysts quickly understand alerts and unusual activity by correlating them with with network and log data as well as the most up-to-date threat intelligence. The highly visual interface of RSA Security Analytics unifies security analysis, such as detection, investigation, reporting, and content and system administration into a single browser-based interface which puts enterprise-level visibility directly into the hands of the security analysts. This significantly increases the efficiency and effectiveness of the analysts as they don t have to flip from security tool to security tool to do their jobs. In short RSA Security Analytics takes traditional log-centric SIEM and re-conceives it and brings it forward to address the realities of today's threat landscape. HIGH POWERED ANALYTICS FOR ANALYSTS RSA Security Analytics enables comprehensive security monitoring, incident investigation, long term archiving and analytics, malware analytics, and compliance reporting via a unified, browser-based interface. It enables security analysts, whether part of a Security Operations Center (SOC) or not, to be more effective and efficient in their job of protecting the organization's digital assets and IT systems. MONITORING & ANALYTICS Provides a single platform for capturing and analyzing large amounts of network, log, and other data Automatically alerts to suspicious behavior by applying analytics and by leveraging external threat intelligence (delivered via RSA Live) fused with internally collected security data. RSA Live provides: security reports, open source community intelligence, command & control reports, exploit kit identification, blacklists, APT tagged domains, suspicious proxies, and others. Applies business context to security investigations helping analysts better prioritize their work. INCIDENT INVESTIGATION Accelerates security investigations by enabling analysts to pivot through terabytes of meta-data, log data, & recreated network sessions with just a

few clicks. Uses the industry s most comprehensive and easily understandable analytical workbench Leverages the best 3rd party research and research created by RSA FirstWatch, RSA s elite, highly trained global threat and intelligence research team LONG TERM WAREHOUSE Provides a distributed computing architecture for archiving and analysis of long term security data, delivering high performance and scalability. Scales linearly through the addition of high performance or high capacity compute nodes. Enables compliance and detective oriented reporting and alerting through its data management infrastructure incorporating both data parsing and full text search. Provides an open interface for programmatic data access, transformation, and analysis. COMPLIANCE REPORTING Built-in compliance reports, covering a multitude of regulatory regimes (GLBA, HIPAA, NERC, SOX ) and industry requirements (PCI, BASEL II, ISO 27002 ). Automates regulatory or governance focused reporting. Also allows security teams to take advantage of business context gathered as part of their compliance program. Ties into the wider compliance reporting system through two-way integration with RSA Archer GRC. RSA Security Analytics supplies data and reports for compliance related control reports and consumes business context information about the value and purpose of individual IT systems and assets. MALWARE ANALYTICS Combines four distinct malware investigation techniques, including sandboxing, community intelligence, file content, and network behavior analysis to help the malware analyst discern if a file is malware or not. Identifies executable content wherever it exists, answers questions about the behavior of files taking into consideration where the malware was found and how it arrived into the IT environment. Incorporates anti-virus signatures only as one of multiple factors in determining the nature of the prospective malware. UNIFIED BROWSER-BASED DASHBOARD HTML5 based user interface which enables customizable analysis and monitoring user interfaces.

Monitoring, detection, investigation, and administration in a single integrated and customizable interface, driving analyst efficiency. Customized views based on the particular roles of the security analysts. BIG DATA SECURITY ANALYTICS INFRASTRUCTURE REAL TIME COLLECTION, ANALYSIS & INVESTIGATIONS Distributed collection infrastructure for simultaneous log and full network packet capture. Metadata parsing and management enables the blending of log, network, and other data for automated analytics, reporting, and analyst-driven investigations. Distributed data management optimized for near real-time analysis, reporting, and investigations. LONG TERM COLLECTION ARCHIVING, FORENSICS, ANALYSIS, & REPORTING Distributed warehouse and analytic engine for long-term archiving, analysis, and reporting on security and compliance data, including logs, log meta data, network packet meta data, and select other content. Industry leading data compression to maximize archive capacity. Linearly scalable by adding warehouse nodes as analytic performance and capacity needs increase. Built-in resiliency and high-availability features inherent in the Hadoop-based architecture. KEY ARCHITECTURAL COMPONENTS RSA Security Analytics is a distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Key components of the architecture are: DECODER - Captures, parses, and reconstructs, all network traffic from Layers 2-7 or log and event data from hundreds of devices. CONCENTRATOR - Indexes metadata extracted from network or log data and makes it available for enterprise-wide querying and real-time analytics while also facilitating reporting and alerting. WAREHOUSE - Hadoop based distributed computing system which collects, manages, and enables analytics and reporting on longer term (months/years) sets of security data. The Warehouse can be made up of 3 or more nodes depending on the organization's analytic, archiving, and resiliency requirements. ANALYTIC SERVER/BROKER - Hosts the web server for reporting, investigation, administration, and other aspects of the analyst s interface.

Bridges the multiple real-time data stores held in the various decoder/concentrator pairs throughout the infrastructure. Also enables reporting on data held in the Warehouse. CAPACITY - RSA Security Analytics has a modular-capacity architecture, enabled with direct-attached capacity (DACs) or storage area networks (SANs), that adapt to the organization's short-term investigation and longerterm analytic and data-retention needs. THE SECURITY ANALYTICS INFRASTRUCTURE DEPLOYMENT FLEXIBILITY RSA Security Analytics provides large deployment flexibility as it can be architected using as many as multiple dozens of physical appliances down to a single physical appliance, based on the particulars of the customers' performance and security-related requirements. In addition the entire RSA Security Analytics system has been optimized to run on virtualized infrastructure. CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller or visit us at www.emc.com/rsa. EMC2, EMC, the EMC logo, RSA are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware are registered trademarks or trademarks of VMware, Inc., in the United States and other jurisdictions. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. 08/12 Data Sheet EMC believes the information in this document is accurate as of its publication date. This information is subject to change without notice

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information