RSA unveiled a new solution on Tuesday that is designed to help security teams detect and stop threats that could ultimately lead to an organizational data breach.
Called the RSA Advanced Security Operations Center (SOC) Solution, the offering is an integrated set of technologies and services that can provide SIEM, Network Forensics, and Endpoint threat protection.
“Combining security information and event management, (SIEM), full packet capture network forensics and endpoint threat detection capabilities, the RSA Advanced SOC Solution is designed to help security teams quickly spot attacks that often go unnoticed by stand-alone log-centric SIEM, and traditional perimeter-based security tools, including anti-virus, firewalls and intrusion prevention systems,” the security division of EMC explained in an announcement.
Integrating technologies from RSA Security Analytics, RSA ECAT and RSA Archer Security Operations Management, along with training and services from RSA, the new offering delivers compliance and security requirements in one platform.
The RSA Advanced SOC Solution is engineered to collect detailed network, system and endpoint data to help both enable timely incident detection and direct security analysts to pivot instantly from suspected compromises to deep incident forensics and understand the true nature and scope of the issue, RSA said.
According to the company, more than 400 network and log parsers perform capture time analysis of every log and network session to identify key threat indicators and extract metadata to help security analysts discover most important issues.
In terms of SIEM capabilities, RSA says the solution has the ability to collect and parse more than 250 event sources, leveraging more than 275 “out-of-the-box correlation rules” and comes with roughly 100 report templates.
For incident response, the solution provides aggregated alerts across data sources to pinpoint threats and help security teams quickly launch an invesigation.
“Providing visibility far beyond logs, the RSA Advanced SOC Solution also is engineered to correlate network packets, NetFlow, and endpoint data to provide visibility far beyond stand-alone SIEM, helping to eliminate blind spots and assisting in faster remediation of threats while meeting compliance requirements,” RSA said.
Designed to scale and adapt to customers’ current needs, RSA explained that the new solution was developed to investigate and analyze suspicious endpoint activity and determine how widely any malware detected has spread through the enterprise.
Without the use of signatures, RSA ECAT helps detect malware and other threats that may have gone undiscovered by other anti-virus technologies.
“Many organizations are struggling to balance security and business risk with new technology demands. As next-generation technologies like cloud and mobile evolve into the norm, security tools and defensive techniques must keep pace protecting from the expanded risks,” Jon Oltsik, Senior Principal Analyst, ESG, said in a statement.
“Solutions that provide a more detailed view into what is happening on the network and also help prioritize security events can give organizations a significant time advantage to remediate the most pressing issues quickly.” “SIEM technologies help meet compliance requirements and offer a basic detection levels – but only for logs. Next-generation firewalls and malware detection tools provide greater visibility, but often without the analytics and incident response needed to turn raw data into actionable intelligence,” Amit Yoran, Senior Vice President at RSA, said.
“The truth is most organizations today ARE under relentless attack and they lack the tools to fight back effectively,” Grant Geyer , Vice President, Security Analytics at RSA, wrote in a blog post. “Security teams desperately need a new plan of attack – one that tips the scale back in their favor. RSA ASOC Solution is a powerful weapon that does just that by helping to improve visibility, analytical firepower and ability to take action.”
The RSA Advanced Security Operations Center Solution is scheduled to be available in Q3 2014.