RSA Security Analytics Detect and Investigate Advanced Threats
COMPLETE VISIBILITY - FROM THE ENDPOINT TO THE CLOUD
DETECT AND ANALYZE ADVANCED ATTACKS
INVESTIGATE INCIDENTS AT WARP SPEED
CHOOSE THE DEPLOYMENT THAT IS RIGHT FOR YOU
Explore and Compare
Explore product options and get a quote
RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to one with better visibility, analysis, and workflow. With RSA Security Analytics, teams have the power to detect and analyze even the most advanced of attacks before they can impact their organization. Once spotted, security analysts can investigate, prioritize, and remediate incidents with unprecedented precision and speed.
RSA Security Analytics offers the following benefits:
- Visibility – Spot advanced attacks with complete visibility - from the endpoint to the cloud
- Eliminate blind spots where threats can take root with visibility across logs, networks, endpoints and cloud data
- Inspect every network, packet session, and log event for threat indicators at time of collection with capture time data enrichment
- Augment visibility with additional compliance and business context
- Analysis – Detect and analyze even the most advanced attacks in real time compared to days or even weeks with competitive solutions
- Discover attacks missed by traditional SIEM and signature-based tools with the only solution that can correlate network packets with other security data
- Begin finding incidents immediately with out-of-the-box reporting, intelligence, and rules
- Get deeper context than any other tool with power of Capture Time Data Enrichment. Capture Time Data Enrichment amplifies the value of your data by generating hundreds of metadata fields that can be used for both detection and investigation.
- Action – Investigate at warp speed to take targeted action on the most important incidents
- Prioritize investigations and streamline multiple analyst workflows in one tool, enabling incident response and escalation to begin immediately and putting the advantage of time back on the side of the defender. Understand exactly what is happening, what to do about it and how to prioritize your workflow.
- Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Separate the threats from the white noise, cutting hours or days from the threat detection process and eliminating time wasted due to false positives.
- Manage compliance and more proactively defend your network and assets with compliance and threat reporting in a single place.
- Understand the true nature and scope of an incident, not just what was logged
Our experience with hundreds of the world’s leading security operations teams has been encoded into our templates, workflows, and alerts, giving your current team the capabilities developed over years by the world’s best security operations personnel.
The RSA Security Analytics platform is comprised of two primary elements: the capture infrastructure and the analysis and retention infrastructure.
RSA's unique architecture allows organizations to collect and analyze large amounts of data and expand linearly. The federated infrastructure allows organizations to scale while still maintaining the ability to analyze and query seamlessly across the system, unlike other vendors who need to centralize all data for analysis and slow down as the central site becomes larger. In addition to improved scalability, security teams can also analyze and query seamlessly across the system at top speeds. The capture infrastructure consists of decoders for ingest, concentrators for indexing, and brokers/analytic server for querying.
RSA Security Analytics Decoder
The decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position the decoder(s) on the network egress, core, or segment.
- The packet decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.
- The log decoder leverages packet decoder architecture for hundreds of devices and common log formats. Additionally, the log decoder will collect endpoint and netflow data.
RSA Security Analytics Concentrator
The concentrator aggregates metadata from decoders to enable scalability and flexibility across network topologies and geographies. You can deploy them in tiers to provide high availability for multiple decoder locations.
RSA Security Analytics Broker/Analytic Server
The broker/analytic server facilitates queries across multiple concentrators. The broker provides a single point of access to security analytics metadata and operates and scales independently of network latency, throughput, or data volume. The analytic server hosts the web server required for investigation, reporting, and administration.
ANALYSIS AND RETENTION INFRASTRUCTURE
Unlike other tools, RSA Security Analytics has the ability to discover attacks as they're happening by correlating logs, packets, netflow, and endpoint data together. Security analytics also harnesses the power of big data and combines it with the data science techniques leveraged in the advanced analytics modules used with the RSA Warehouse, powered by Pivotal.
Event Stream Analysis (Detection)
Event stream analysis consists of powerful event stream analytics that support large data volumes to correlate logs, network, and endpoint data, detect incidents, and bring meaning to events flowing through your enterprise.
Archiver and Archive Storage
The archiver and archive storage provides long-term log retention, analysis, security, and compliance reporting.
Detection and AlertingDiscover attacks missed by traditional security information and event management (SIEM) and signature-based tools by correlating network packets, netflow, endpoints, and logs. By leveraging capture time data enrichment and event stream analysis for correlation, RSA Security Analytics identifies threats in real time compared to the days or even weeks required with competitive solutions.
RSA Security Analytics Investigation and TriageInstantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Investigations are driven by multidimensional visibility that eliminates blind spots where threats can take root.
RSA Live Intelligence SystemBegin finding incidents immediately with out-of-the-box reporting, intelligence, and rules that are automatically distributed and fused with your data.
RSA Security Analytics ReportingAutomate reporting for both proof of compliance and security.
RSA Malware Analysis WorkbenchIdentify and contextualize suspicious files by leveraging four different malware-analysis techniques.
RSA ECATExpose malware and other endpoint threats and instantly determine the scope of a compromise.
RSA Security Operations Management (SecOps)Orchestrate and manage a security operations center (SOC) or a critical incident response center (CIRC).
RSA Archer Governance Risk and Compliance
Build an efficient, collaborative governance, risk, and compliance (GRC) program across IT, finance, operations, and legal.
RSA ECAT detects targeted endpoint threats such as zero-day advanced malware attacks by leveraging innovative live memory analysis.
RSA Advanced Security Operations Center Solution
Detect and analyze even the most advanced of attacks before they can impact the business and take targeted action on the most critical incidents.
- ESG: Information-driven Security and RSA Security Analytics and RSA ECAT
- SANS: Building a World-Class Security Operations Center: A Roadmap
- SANS: Roadmap to creating a World-Class Security Operations Center - Infographic
Data and Spec Sheets
- RSA Security Analytics: Infrastructure
- RSA Security Analytics: Malware Analysis
- RSA Security Analytics: Network Forensics
- RSA Security Analytics: Overview
- RSA Security Analytics: What SIEM Was Meant to Be
- ADP on RSA Security Analytics
- Amit Yoran on RSA Security Analytics
- Be the Hunter: Pivoting into RSA ECAT Demo
- Be the Hunter: RSA SIEM Use Case Demo
- ESG on Information-driven Security Based on RSA Security Analytics and RSA ECAT
- Finding an Unknown Threat with RSA Security Analytics and RSA ECAT
- Logs are Just One Piece of the Puzzle
- Los Angeles World Airports on RSA Security Analytics and RSA ECAT
- RSA on Intelligence Driven Threat Detection and Response
- RSA Security Analytics Detects Heartbleed
- RSA Security Analytics: Achieve Data Privacy without Impacting the Investigation
- RSA Security Analytics: Gain Complete Visibility with Cloud Monitoring
- RSA Security Analytics: Investigate Faster with Prioritized Incident Workflows
- RSA Update: Latest Tools, Tactics and Procedures
- Intelligence Driven Threat Detection and Response
- RSA Discovers Massive Boleto Fraud Ring in Brazil
- The Critical Incident Response Maturity Journey
News & Blogs
Sep 09, 2014RSA Turns the Table on Cyber Attackers