image
The RSA Distributor of The Year - EMEA - 2012 My employer, COMPUTERLNKS ME, The RSA Distributor in Middle East and Africa has been awarded as "The RSA Distributor of The Year" for the product I manage, RSA - The Security Division of EMC in Middle East and Africa. Read the Full Story
image
The Service Partner of The Year - Kaspersky Lab - 2011 My employer, ValueSYS, Kaspersky Distributor in North Africa has been awarded as "The Service Partner of The Year" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
image
All Content Under Creative Common License! All Content is under Creative Common License: Attribution - Noncommercial - No Derviative Works 3.0 Unported - to share under conditions Read the Full Story
image
The Most Innovative Partner Award - Kaspersky Lab - 2010 ValueSYS, my employer won the award of "The Most Innovative Partner of 2010" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
* * * *
image image image image

 RSA Security Analytics, the new big data security analytics product from RSA, commercial release planned Q1-2013 and focusing on providing more effective security monitoring.

RSA currently has enVision in their portfolio that provides SIEM capability and Netwitness that provides advanced network forensics and analysis, both products can be offered separately or combined together for an integrated view of both logs and packets in your environment, still the combined solution is not suitable for SMB markets due to the associated high pricing.

With Security Analytics, RSA is looking for providing more effective threat detection and faster security investigations specially in the big data arena, nothing official yet but the news that RSA will offer different packages that suits small, mid and enterprise markets through hybrid appliances that capable to capture packets, collect logs and provides analytics on same appliance for small markets.

First look on RSA SECAnalytics, it provides the following:

Integrated View

By combining security data collection, management and analysis with full network packets’ capture and log-based visibility and threat intelligence into ONE SINGLE VIEW. Surely this will help in gain more visibility, minimize the impact of the attack and reduce the attackers’ free time in the environment.

United Dashboard

RSA Security Analytics unifies the views of detection, collection “both logs and packets”, analysis, investigation, reporting and system administration into one single web HTML5 dashboard, unlike the current integration between enVision and Netwitness that integrates the backend information intelligence but in different interfaces.

Monitoring and Investigation

  • Single platform for capturing and analyzing large amounts of network packets, log and other data
  • Threat intelligence through RSA FirstWatch research team and RSA Live which provides security reports, OpenSource community intelligence, CC reports, blacklists, and more.
  • Recreate sessions from the collected terabytes of metadata and log data for powerful investigation in few clicks.
  • Reporting for compliance, regulations, and outstanding integration with GRC systems which I like the most.
  • Using Spectrum, provides malware investigation techniques including sandboxing, community, file content and NBA – network behavior analysis.

BIG Data Infrastructure

  • A near real-time reporting and investigation through a distributed collection infrastructure for full logs and packets’ captures, Metadata parsing and automated analytics.
  • Distributed warehouse for long-term archiving, analysis and reporting for collected raw data and meta data as well with an industry leading compression.
  • Inherited high availability and resiliency from Hadoop

Structure and Offering Flexibility

SECAnalytics offering and structure ranges from single appliances deployments to distributed architecture using as many as multiple dozens of physical appliances, this surely will meet different environments’ requirements.

From that initial look, RSA Security Analytics is going to be beyond the traditional security strategies that depend on signature-based or perimeter-based controls, it will be an early warning system for security threats inside your environment.

In upcoming articles and reviews, we will talk in more details about RSA Security Analytics architecture and how it works once more information is announced from RSA.

Trailer Video for RSA Security Analytics from RSA Secured Channel:

 

Category: Reviews
Share on Myspace