RSA, The Security Division of EMC, introduces the RSA® Advanced Security Operations Center (SOC) Solution, an integrated set of technologies and services designed to help organizations identify threats before a breach can occur.
As IT innovations including cloud, social, Big Data and mobile computing are helping move organizations forward; they are also creating greater opportunities for cyber attackers to bypass both legacy and contemporary security tools. Combining security information and event management, (SIEM), full packet capture network forensics and endpoint threat detection capabilities, the RSA Advanced SOC Solution is designed to help security teams quickly spot attacks that often go unnoticed by stand-alone log-centric SIEM, and traditional perimeter-based security tools, including anti-virus, firewalls and intrusion prevention systems.
Integrating technologies from RSA® Security Analytics, RSA® ECAT and RSA® Archer Security Operations Management as well as training and services from the RSA® Advanced Cyber Defense Practice, the new RSA Advanced SOC Solution delivers compliance and security requirements in one platform, empowering security teams to more effectively detect and respond to the most advanced attacks before they can impact the business.
Complete Visibility & Deep Investigation
The RSA Advanced SOC Solution is engineered to collect detailed network, system and endpoint data to help both enable timely incident detection and direct security analysts to pivot instantly from suspected compromises to deep incident forensics and understand the true nature and scope of the issue. More than 400 network and log parsers perform capture time analysis of every log and network session to identify key threat indicators and extract metadata to lead security analysts to the most important issues. Prioritized investigations and analyst workflows help maximizes resources and empower security teams to quickly detect and remediate the highest risk threats.
SIEM and Beyond
The RSA Advanced SOC Solution is designed to set a new market standard for SIEM capabilities by collecting and parsing 250+ event sources, leveraging 275+ out-of-the-box correlation rules, and approximately 100 report templates to keep up to date with current mandates. Native incident response capabilities with aggregated alerts across data sources promote fast and granular investigations. Providing visibility far beyond logs, the RSA Advanced SOC Solution also is engineered to correlate network packets, NetFlow, and endpoint data to provide visibility far beyond stand-alone SIEM, helping to eliminate blind spots and assisting in faster remediation of threats while meeting compliance requirements.
Real-time Endpoint Threat Detection
The addition of RSA® ECAT provides security teams with the ability to expose malware and other threats that have gone undiscovered by traditional anti-virus technologies. The new solution is engineered to quickly investigate and analyze suspicious endpoint activity and easily determines how widely any malware detected has spread through the enterprise. Detection happens automatically, in real-time and without the use of signatures.
Modular Architecture
The RSA Advanced SOC Solution is designed to allow scalable growth based on customers’ current needs and resources while also helping them create a platform to address future requirements. Whether implementing the full solution or looking to augment existing tools, the solution is engineered to help organizations immediately advance their current security practices to combat even the most advanced threats.