RSA CONFERENCE 2016 – SAN FRANCISCO - March 01, 2016 -
RSA, The Security Division of EMC (NYSE:EMC), today announced that RSA® Security Analytics now offers a real-time behavior analytics engine that is designed to expedite detection of advanced attack activities. Using machine learning techniques, the engine is built to able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watchlists. In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings – helping to enable the discovery of the full scope of a threat actors’ activity within the enterprise.
RSA Security Analytics’ new real-time behavior analytics engine is designed to identify specific anomalous activities and behaviors and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviors such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.
RSA Security Analytics is engineered to make it easier for organizations of any maturity to more rapidly differentiate normal behavior patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows® operating systems and insight into the ways Windows logins may be manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.
RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organization can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.
The next version of RSA Security Analytics that include these features will be available in Q1 2016.
For more information, please visit the RSA Security Analytics site.
Grant Geyer, Senior Vice President, Products, RSA
“The changing compute paradigm enables advanced attackers to infiltrate the enterprise without setting off alarms. While rule-based analytics are an important starting point, they aren’t sufficient to spot stealthy attacks. By leveraging network packet-level visibility and data science techniques to spot anomalous behavior, RSA Security Analytics and its new behavioral analytics engine is designed to enable security teams to detect sophisticated threats faster, connect the dots between network, endpoint, and log data, and fully understand the scope of compromise.”
Jon Oltsik, Senior Principal Analyst
“Behavior Analytics is emerging as a critical threat detection capability for attacks that evade traditional monitoring technologies. Having a comprehensive view of user and entity behavior, along with the knowledge of threat actor tools, tactics and procedures, security teams can more effectively identify potential attacks, in real time, and avoid drowning in data and alerts.”
Lisa Roger, Vice President, Commercial Cyber Security, Leidos
“Security teams need an easier, more effective way to detect anomalous network, endpoint, and user behavior. This gives security teams the ability to pinpoint potential threats before they cause damage. Our goal is to provide a powerful behavioral analytics engine for our customers’ threat detection and response needs. RSA’s Security Analytics will help us do just that, enabling our customers, at all maturity levels, to expand their security analysts skills to more rapidly and wisely focus their response to both known and unknown threats.”
EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset – information – in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at www.EMC.com.
RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA’s award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to www.rsa.com.