RSA Advanced Security Operations Center (SOC)

The RSA company, division of information security of EMC, presented in September, 2014 goad the solution RSA Advanced Security Operations Center (SOC). This solution integrates in itself the technologies and services allowing the organizations to detect threats still before a system is cracked.

IT-Innovations of the last years is clouds, social networks, Big Data and mobile technologies — not only help the organizations to move forward, but also stimulate cyber crime growth. Swindlers bypass both the outdated, and modern means of protecting. Thanks to the solution RSA Advanced SOC of service cybersecurity have an opportunity to combine information security systems and event managements (SIEM), to study traffic in network with complete interception of packets and also to detect threats on final PCs. It helps to detect quicker the attacks which often remain unnoticed separate analysis systems of the SIEM protocols and traditional means of protecting of perimeter, such as antiviruses, firewalls and intrusion prevention systems.

Due to integration of technologies RSA Security Analytics, RSA ECAT and RSA Security Operations Management and also training and services from RSA Advanced Cyber Defense Practice, the solution RSA Advanced SOC provides compliance to requirements of regulators and the high level of security on one platform. It gives to the cybersecurity groups an opportunity more effectively to detect threats to the increased complexity and to answer them before they negatively influence business.

Transparency and detailed investigation

The solution RSA Advanced SOC was developed to collect detailed information on networks, systems and final PCs, helping to detect timely problems and to directly analyze a situation. It allows to get rid of compromises in security issues which cause concerns and to carefully study problems for identification of true nature and scales of each of them. More than 400 monitors of networks and log-files constantly analyze each protocol and each network session. As a result service cybersecurity has an opportunity to identify key indicators of threats and to take metadata for work of analysts with the most important cases. The priority of investigations and the configured workflows of analytics allow to receive a return maximum from the available resources and also help the cybersecurity groups to detect and liquidate quickly threats with the highest levels of risk.

SIEM and other tools

The solution RSA Advanced SOC was created as the new market SIEM standard. A system constantly analyzes more than 250 sources, uses more than 275 already coordinated rules and has about 100 report templates for compliance to the existing rules. Already built-in opportunities of reaction to incidents obtain data from a set of sources for conducting fast and granular investigations. The analysis is kept not only in protocols: RSA Advanced SOC combines data on network packets, NetFlow and final PCs to provide to the user more detailed description of a situation, than when using the separate SIEM systems. The solution helps to eliminate blind spots in a security system and to get rid quickly of threats, at the same time providing compliance to requirements of regulators.

Detection of threats on endpoints in real time

Use of RSA ECAT helps services cybersecurity to detect the malware and other threats which passed by traditional anti-virus technologies. The new solution was developed for a research and the analysis of suspicious activity on final PCs and also fast determination of scales of distribution of any malware in corporate network. Detection is automatic also in real time, it does not require use of signatures.

Modular architecture

The solution RSA Advanced SOC it was created taking into account scaling options and growth of a system depending on requirements and the customer's resources. It helps to create the platform taking into account future requests. Both at implementation of the complete solution, and in case of addition of the available tools, this system allows to raise instantly the security level to cope with threats to the increased complexity.