Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

RSA Unveils Security Operations Center Solution

RSA unveiled a new solution on Tuesday that is designed to help security teams detect and stop threats that could ultimately lead to an organizational data breach.

RSA unveiled a new solution on Tuesday that is designed to help security teams detect and stop threats that could ultimately lead to an organizational data breach.

Called the RSA Advanced Security Operations Center (SOC) Solution, the offering is an integrated set of technologies and services that can provide SIEM, Network Forensics, and Endpoint threat protection.

“Combining security information and event management, (SIEM), full packet capture network forensics and endpoint threat detection capabilities, the RSA Advanced SOC Solution is designed to help security teams quickly spot attacks that often go unnoticed by stand-alone log-centric SIEM, and traditional perimeter-based security tools, including anti-virus, firewalls and intrusion prevention systems,” the security division of EMC explained in an announcement.

Integrating technologies from RSA Security Analytics, RSA ECAT and RSA Archer Security Operations Management, along with training and services from RSA, the new offering delivers compliance and security requirements in one platform.

The RSA Advanced SOC Solution is engineered to collect detailed network, system and endpoint data to help both enable timely incident detection and direct security analysts to pivot instantly from suspected compromises to deep incident forensics and understand the true nature and scope of the issue, RSA said.

According to the company, more than 400 network and log parsers perform capture time analysis of every log and network session to identify key threat indicators and extract metadata to help security analysts discover most important issues.

In terms of SIEM capabilities, RSA says the solution has the ability to collect and parse more than 250 event sources, leveraging more than 275 “out-of-the-box correlation rules” and comes with roughly 100 report templates.

For incident response, the solution provides aggregated alerts across data sources to pinpoint threats and help security teams quickly launch an invesigation.

Advertisement. Scroll to continue reading.

“Providing visibility far beyond logs, the RSA Advanced SOC Solution also is engineered to correlate network packets, NetFlow, and endpoint data to provide visibility far beyond stand-alone SIEM, helping to eliminate blind spots and assisting in faster remediation of threats while meeting compliance requirements,” RSA said.

Designed to scale and adapt to customers’ current needs, RSA explained that the new solution was developed to investigate and analyze suspicious endpoint activity and determine how widely any malware detected has spread through the enterprise.

Without the use of signatures, RSA ECAT helps detect malware and other threats that may have gone undiscovered by other anti-virus technologies.

“Many organizations are struggling to balance security and business risk with new technology demands. As next-generation technologies like cloud and mobile evolve into the norm, security tools and defensive techniques must keep pace protecting from the expanded risks,” Jon Oltsik, Senior Principal Analyst, ESG, said in a statement.

“Solutions that provide a more detailed view into what is happening on the network and also help prioritize security events can give organizations a significant time advantage to remediate the most pressing issues quickly.” “SIEM technologies help meet compliance requirements and offer a basic detection levels – but only for logs. Next-generation firewalls and malware detection tools provide greater visibility, but often without the analytics and incident response needed to turn raw data into actionable intelligence,” Amit Yoran, Senior Vice President at RSA, said.

“The truth is most organizations today ARE under relentless attack and they lack the tools to fight back effectively,” Grant Geyer , Vice President, Security Analytics at RSA, wrote in a blog post. “Security teams desperately need a new plan of attack – one that tips the scale back in their favor. RSA ASOC Solution is a powerful weapon that does just that by helping to improve visibility, analytical firepower and ability to take action.”

The RSA Advanced Security Operations Center Solution is scheduled to be available in Q3 2014.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet