RSA Security Analytics

Threats of information security become more and more sophisticated, and the konsyyumerization of IT and universal use of mobile devices very much complicated already difficult problem of their timely identification. Traditional monitors of security become insufficiently effective: from the attack moment before its detection there passes too much time, and this time works for benefit of the malefactor. RSA Security Analytics, the security technology of new generation, uses analytics of Big Data and intellectual methods of detection of threats, reducing time and costs for their identification and elimination.

Using RSA Security Analytics of the enterprise and the organization will be able to reduce time of investigation of threats from several days to several minutes, time from the beginning of the attack before its detection since several weeks till several o'clock and also to eliminate "dead bands", i.e. the fields of insufficient control in terms of cybersecurity and to receive a complete overview on the scale of all enterprise.

The solution RSA Security Analytics created on the basis of  the architecture of RSA NetWitness which proved the efficiency  integrates possibilities of analytics of technologies of Big Data, SIEM and network monitoring in one platform which will become a basis of command centers information security of new generation.   Any initiative in information security field needs to be begun with studying of risks to which the organization is subject. Many modern technologies of data protection lack this component, including SIEM systems. They are not able to provide rather deep cut of information on relevant threats and, often, do not correspond to current demands in the field of analytics.   Due to providing professionals on information security with powerful  tools of visualization of vulnerabilities  and threats, RSA Security Analytics gives an opportunity to detect risks as soon as they arise that is essential — from several days to several minutes — reduces time required for investigation of an incident of information security. Thanks to  the best I understand the information risks arising as inside, and out of the organization, professionals in the field of security will be able to protect more reliably the assets, including intellectual property and other confidential data and also to reduce time and costs connected with management of threats (threat management) and preparation of the reporting.   The RSA Security Analytics Unified Platform platform provides:

• Operational collecting and analysis. All data concerning information security, including complete network packets, magazines, information on threats  gather and are at once analyzed for acceleration of detection of potential threats.
• Powerful tools of analytics. Expand the range of the collected data and use new more powerful methods of analytics, than offer traditional approaches to SIEM.
• The integrated information on threats. Helps the organizations to use different  information flows about threats  for acceleration of detection and studying of tools and methods of the potential attacks.
• Context of threats – Thanks to integration into the RSA Archer GRC platform and RSA Data Loss Prevention (DLP) systems of suite and also use of the data provided by other solutions, analysts have an opportunity to use a business context to place priorities and to redistribute resources for fight against the threats constituting the greatest danger.
• Identification of the malware – using different analysis techniques the solution reveals much broader spectrum of the attacks which are carried out using the malware.

Automatic drawing up reports – Implementation of qualitative techniques of security helps to provide compliance to regulatory requirements.

Integration  of the proved technologies of Big Data and analytical methods with security protections is capable to raise the overall level of data protection significantly. The RSA Security Analytics platform uniting the advanced visualization tools and the analysis and also possibilities of technologies of Big Data is capable to reveal suspicious activity, to effectively counteract threats and to provide compliance to regulatory requirements.

Partnership of RSA and Juniper

In February, 2013 RSA and Juniper Networks company announced the intention to expand technology partnership to help customers to protect networks from threats to the increased complexity and to provide safe use of mobile devices for increase in efficiency.

Restrictions of traditional security technologies — such as reputation databases of the IP addresses and anti-virus software on the basis of signatures — become more obvious. So, customers feel even stronger the need for the intellectual analysis of threats which would allow to cope with the attacks of the increased complexity. In the modern world success of operations on collecting of analytical information, whether it be in the field of defense, fight against terrorism or cyber security, depends on the width of range of sources and maximum efficiency of the used methods. Unfortunately, possibilities of large-scale exchange of analytical information between suppliers of means of IT security are limited. It leads to the fact that at customers incomplete idea of a modern landscape of threats forms.

RSA and Juniper intend to overcome these restrictions by creation of technology partnership which will provide broad exchange of analytical information between service of analytics of threats RSA Live and global service Juniper Networks Junos Spotlight Secure. The RSA company is going to use these opportunities for expansion of visualization tools and analytics of threats in RSA Security Analytics. Such solution will provide to customers deeper vision and understanding of a situation. The Juniper company is going to build in this additional analytical information components of gain of security of network (such as Juniper Networks SRX Series Services Gateway firewall) for increase in efficiency of blocking of threats in real time.

The global service for collection of information about malefactors of Junos Spotlight Secure collects and distributes digital fingerprints of the attacking devices in real time, providing higher accuracy of tracking and blocking of malefactors, than reputation bases of the IP addresses. The solution RSA Live is intended for ensuring protection against the infected networks, including protection against the domains C&C and domains posing a threat to the increased complexity. As expected, thanks to such data exchange and techniques customers will receive exclusive visualization of the attacks directed to their networks and will be able to block and prevent quicker and more effectively them. In addition to it, RSA and Juniper intend to develop the agreement announced in 2012 designed to implement in services of mobile security reliable authentication for the protected mobile access. It will allow to expand a coverage of model of security and to optimize opportunities for work of mobile users at access to corporate and cloud resources. At present the companies are engaged in testing of compatibility of technologies of mobile authentication of RSA with the solution Juniper Networks Junos® Pulse SSL Secure for ensuring the protected remote access from mobile devices to corporate resources. The companies are also going to develop cooperation for implementation in Junos Pulse SSL Secure of authentication of access through the built-in mobile applications in the long term to provide a point of the unified access for VPN-applications and mobile applications.

2013: Updating of RSA Security Analytic

On October 29, 2013 the RSA company announced release of the update of the solution RSA Security Analytics.

The new complex of products and services will help to bring processes of management of information security to new level and to accelerate response to incidents, at the same time meeting traditional requirements to information management about security and events (SIEM) within the expanded strategy of security.

Innovations

Executed using new modular architecture, the solution RSA Security Analytics provides observance of the main requirements to information management about security and events (SIEM), at the same time allows to reduce costs on long-term data storage. The combination of the SIEM functions to the stream analytics working in the mode close to real time accelerates detection of incidents and the notification about them, and the advanced interface includes visualization functions, improving identification of suspicious events.