Dispatch From RSA Conference 2013: Improving Security Operations Management, While Moving SIEM Forward With Advanced Analytics

As we gather in Amsterdam for RSA Conference Europe, I am reminded about what an incredible journey 2013 has been.  We kicked off the year with the global launch of RSA Security Analytics, which has proven to be a truly game-changing solution in the SIEM/centralized security monitoring space.  RSA Security Analytics is helping to transform the entire SIEM category, by helping our customers to both improve their defenses against advanced threats AND to address their compliance and long-term retention requirements.

Today, we take the next step in this journey. RSA is announcing a combination of new products and services designed to help organizations develop and mature their security operations and accelerate their incident response.

CIR Pulse Blog_SecOpps Screenshot

First, we’re making significant enhancements to RSA Security Analytics to benefit those organizations that need much more from their SIEM. The RSA Security Analytics 10.3 solution is engineered to offer several important enhancements, including:

  • More flexible long-term retention options to help satisfy compliance requirements more cost effectively
  • Modular, real-time event stream analysis capabilities to help detect more advanced threats
  • New visualizations to help identify and investigate important issues

These new capabilities organizations handle everything from traditional SIEM requirements to more advanced analytics use cases, all from a single, integrated solution. RSA Security Analytics helps customers at different points in their security maturity, grow their security operations function.  Offering best-in-class detection and investigation capabilities while still satisfying retention and reporting requirements, cements the idea that there really doesn’t need to be a tradeoff between security and compliance.

We are also introducing a brand new solution that is designed to ease the burden of managing a Security Operation Center (SOC) and the team managing it.  RSA Security Operations Management solution helps organizations add a true management layer to their incident response program.  A SOC, by its very nature, is complex because it involves the orchestration and balanced interaction of people, process and technology.  The new solution provides a framework to help manage operations across three major areas:

1. Incident Management with integrated business/technical context and response procedures
2. Breach response with impact analysis framework
3. SOC team and overall SOC program management

 Finally, we are also announcing new Incident Response Services and education modules from the RSA Advanced Cyber Defense Practice to help security teams directly address their challenges in the areas of people and process.  RSA understands deeply that good security is not just an issue of using good security technology; good security is delivered through the right balance and use of all three areas including people, process and technology.

So what does all of this really mean?  We believe security maturity discussion is about having a balanced mix of people, processes and technology.  Today’s news offer solutions to address all three of those key pillars.  This exciting combination of new education services professional services and products are designed to holistically help customers build, grow, and mature their own world-class SOC.

About the Author: Bali Kuchipudi