See Everything. Fear Nothing.

Organizations continue to invest in traditional log-centric SIEM tools without seeing the benefits that they have been promised. Sure, most SIEMs do a fine job of log collection,  management and compliance reporting, but the outcome every enterprise wants – and wanted all along – is to detect and respond to the most lethal threats that can evade their security controls.

RSA Security Analytics is what SIEM was meant to be – superior threat detection and investigation.

Time and time again, traditional log-centric SIEMs have failed to properly protect organizations against attacks, especially advanced or targeted attacks.  According to the 2014 Verizon Data Breach Investigation Report 99% of successful cyber-espionage attacks went undiscovered by logs. At RSA, we’re not surprised by this statistic.  While log analysis can add value, by themselves logs alone are simply not enough to provide visibility to a determined threat. As your IT environment now spans from the endpoint to the cloud, so should your visibility.  After all: you cannot stop what you cannot see.

Visibility from the endpoint to the cloud

Enterprises are up against a battery of weapons in nation state sponsored attack campaigns, and need to spot a variety of steps in an attack: web shells, weaponized email attachments, lateral movement, data gathering and data exfiltration.  As the long time pioneers in network forensics we know that the visibility and context generated from network packets far outweighs a log-centric approach, which are virtually blind to the most common advanced adversary attacks.   With the latest release of RSA Security Analytics we build from our packet heritage to extend your visibility from the endpoint to the cloud.  Combining cloud activity with packet, log, NetFlow, and endpoint data provides analysts with a comprehensive view of the extended IT environment.

When packet data is combined with data from the cloud and application level visibility from RSA Web Threat Detection (both new features) as well as with endpoint data from RSA ECAT, and traditional log data, attackers have nowhere to hide.  In addition to simply collecting this raw data, Security Analytics adds context in real time by generating hundreds of metadata fields with Capture Time Data Enrichment.  In fact, RSA Security Analytics is the only tool that can correlate packet data and other security data together, enabling security teams to detect and investigate an incident quickly, before the attack can impact the business.

Bring Your Own Storage

Customers can also now choose the deployment that is right for them.  With this release customers will be able to leverage their own storage with RSA Security Analytics to cover their retention needs. This option reduces the total cost of ownership to deploy the solution. Organizations can also choose a new throughput-based pricing model. Throughput-based pricing gives customers the ability to tailor their purchase to their exact needs and incrementally expand it over time. Additionally, with this release customers and partners also have the option to shift to an operational expense model by leveraging subscription based pricing.

Data privacy

While comprehensive visibility is critical for any security team, some enterprises need ensure sensitive personal data is not visible. New data privacy capabilities make it possible to restrict potentially sensitive private information from the view of security analysts.  This feature ensures that the analyst can still protect the organization from attacks, while limiting the risk of exposing them to restricted or sensitive data.  While critical for many European countries, this capability has utility for all organizations that are concerned about limited visibility into employee sensitive data.

We’re incredible excited for these expanded capabilities of RSA Security Analytics, which further improve our ability to detect advanced attacks that are missed by other tools.  In addition to spotting attacks, we are providing the ability to understand the true nature and scope of an incident, not just what was logged, to stay one step ahead of attackers.

See Everything. Fear Nothing.

About the Author: Grant Geyer