Story highlights
* Real-time behaviour analytics engine designed to use machine learning to more rapidly spot and understand unknown attacks, accelerating response.
* Expanded investigation through context enrichment helps analysts to understand the complete scope of a threat actor's intrusion to enable effective and rapid eradication of the threat.
* Improved detection of lateral movement by threat actors before they can expand their foothold within the enterprise, as they attempt to exploit vulnerabilities.
RSA, The Security Division of EMC (NYSE: EMC), today announced that RSA Security Analytics now offers a real-time behaviour analytics engine that is designed to expedite detection of advanced attack activities.
Using machine learning techniques, the engine is built to be able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watch-lists.
In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings - helping to enable the discovery of the full scope of a threat actor's activity within the enterprise.
RSA Security Analytics' new real-time behaviour analytics engine is designed to identify specific anomalous activities and behaviours, and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviours such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.
RSA Security Analytics is engineered to make it easier for organisations of any maturity to more rapidly differentiate normal behaviour patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows operating systems and insight into the ways Windows logins may be manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.
RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organisation can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.
Availability
The next version of RSA Security Analytics that include these features will be available in Q1 2016.
For more information, please visit the RSA Security Analytics site.
Executive quotes:
Grant Geyer, Senior Vice-President, Products, RSA
"The changing compute paradigm enables advanced attackers to infiltrate the enterprise without setting off alarms. While rule-based analytics are an important starting point, they aren't sufficient to spot stealthy attacks. By leveraging network packet-level visibility and data science techniques to spot anomalous behaviour, RSA Security Analytics and its new behavioural analytics engine is designed to enable security teams to detect sophisticated threats faster, connect the dots between network, endpoint, and log data, and fully understand the scope of compromise."
Analyst quote:
Jon Oltsik, Senior Principal Analyst
"Behaviour analytics is emerging as a critical threat detection capability for attacks that evade traditional monitoring technologies. Having a comprehensive view of user and entity behaviour, along with the knowledge of threat actor tools, tactics and procedures, security teams can more effectively identify potential attacks, in real-time, and avoid drowning in data and alerts."
Partner quote:
Lisa Roger, Vice-President, Commercial Cyber Security, Leidos
"Security teams need an easier, more effective way to detect anomalous network, endpoint, and user behaviour. This gives security teams the ability to pinpoint potential threats before they cause damage. Our goal is to provide a powerful behavioural analytics engine for our customers' threat detection and response needs. RSA's Security Analytics will help us do just that, enabling our customers, at all maturity levels, to expand their security analysts' skills to more rapidly and wisely focus their response to both known and unknown threats."
Additional resources:
*Download The Evolution of SIEM e-book for additional insight on why it is critical to move beyond logs to defend against attacks.
* Download RSA whitepaper: Now You See Them Now You Don't for the latest on hacker tactics, techniques and procedures.
* Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.
* Join our Speed Detection and Response with Real-Time Behavioural Analytics Webcast.
Share