RSA has introduced the RSA Advanced Security Operations Centre (SOC) Solution, an integrated set of technologies and services designed to help organisations identify threats before a breach can occur.
As IT innovations including cloud, social, Big Data and mobile computing are helping move organisations forward; they are also creating greater opportunities for cyber-attackers to bypass both legacy and contemporary security tools.
Combining security information and event management, (SIEM), full packet capture network forensics and endpoint threat detection capabilities, the RSA Advanced SOC Solution is designed to help security teams quickly spot attacks that often go unnoticed by stand-alone log-centric SIEM, and traditional perimeter-based security tools, including anti-virus, firewalls and intrusion prevention systems.
Integrating technologies from RSA Security Analytics, RSA ECAT and RSA Archer Security Operations Management as well as training and services from the RSA Advanced Cyber Defence Practice, the new RSA Advanced
The RSA Advanced SOC Solution is engineered to collect detailed network, system and endpoint data to help both enable timely incident detection and direct security analysts to pivot instantly from suspected compromises to deep incident forensics and understand the true nature and scope of the issue. More than 400 network and log parsers perform capture time analysis of every log and network session to identify key threat indicators and extract metadata to lead security analysts to the most important issues. Prioritised investigations and analyst workflows help maximises resources and empower security teams to quickly detect and remediate the highest risk threats.
The RSA Advanced SOC Solution is designed to set a new market standard for SIEM capabilities by collecting and parsing 250+ event sources, leveraging 275+ out-of-the-box correlation rules, and approximately 100 report templates to keep up to date with current mandates. Native incident response capabilities with aggregated alerts across data sources promote fast and granular investigations. Providing visibility far beyond logs, the RSA Advanced SOC Solution also is engineered to correlate network packets, NetFlow, and endpoint data to provide visibility far beyond stand-alone SIEM, helping to eliminate blind spots and assisting in faster remediation of threats while meeting compliance requirements.
The addition of RSA ECAT provides security teams with the ability to expose malware and other threats that have gone undiscovered by traditional anti-virus technologies. The new solution is engineered to quickly investigate and analyse suspicious endpoint activity and easily determines how widely any malware detected has spread through the enterprise. Detection happens automatically, in realtime and without the use of signatures.
The RSA Advanced SOC Solution is designed to allow scalable growth based on customers’ current needs and resources while also helping them create a platform to address future requirements. Whether implementing the full solution or looking to augment existing tools, the solution is engineered to help organisations immediately advance their current security practices to combat even the most advanced threats.
“The RSA Security Operations Solution offers a powerful combination of forensic analysis and endpoint malware detection that provides my team with strong visibility, deep-dive analysis and improved detection so we can quickly respond to external and insider threats before they can damage our business,” says Bob Cheong, CISO, Los Angeles World Airports.
“By having these tools in our arsenal we more thoroughly understand our security posture, which gives us the added confidence to implement new IT innovations to help the business better serve our customers.”
