Adding context to security data to achieve visibility into attacks
At RSA Conference 2015, RSA announced new capabilities have been added to its Security Analytics solution, which is engineered to give organizations the necessary context to help detect and respond to today’s advanced attack campaigns before they can damage the business.
While logs are a valuable piece of the puzzle, they’re limited by what the preventative controls they monitor can detect, and alone are not enough to identify advanced attacks. In fact, most successful attacks go undiscovered by logs alone. In addition, even when log-based Security Incident and Event Management (SIEM) systems are able to detect the faint signals of an attack, they are unable to piece them together to provide security analysts with the understanding to quickly respond to and disrupt the attack. Instead they overwhelm analysts with alerts that lack the context needed to take action.
RSA Security Analytics is designed to aggregate logs, along with data from network packets, endpoints, and now the cloud, and contextually analyzes the data to help allow organizations to quickly and fully understand what was targeted, the attacker’s strategy and actions within the organization, and the magnitude of the attack such that they can respond before a breach of confidential information can occur.
This release also is engineered to introduce the ability for customers also leveraging RSA Web Threat Detection to correlate enterprise attacks with web and mobile application exploitation, which is designed to help organizations defend against both security attacks and fraudulent user activity that targets their critical customer-facing web and mobile applications.
Additionally, the solution is now more accessible to customers and channel partners through the addition of flexible pricing and packaging options. Organizations can now choose from deployment models that include throughput based pricing, subscription options and use case based packages. With this release customers can also leverage their own storage with RSA Security Analytics.
Throughput based pricing lets customers tailor their purchase to fit their exact needs and, by leveraging existing storage, could potentially lower the total cost of ownership to deploy. Customers and partners also have the option to shift to an operational expense model by leveraging subscription based pricing.
Finally, RSA Security Analytics is now engineered to include new data privacy capabilities. This feature is designed to offer the ability to share valuable insight to security analysts without exposing them to their organization’s or employees’ most sensitive data, like PII. The ability to redact specific information will allow users to focus on safeguarding their organization without violating data privacy guidelines.