News

RSA Security Analytics Adds Real-Time Behavior Analytics

Enables Analysts to Detect Advanced Threats and Understand the Full Scope of the Compromise

RSA Security Analytics now offers a real-time behavior analytics engine that is designed to expedite detection of advanced attack activities. Using machine learning techniques, the engine is built to able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watchlists. In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings – helping to enable the discovery of the full scope of a threat actors’ activity within the enterprise.

RSA Security Analytics’ new real-time behavior analytics engine is designed to identify specific anomalous activities and behaviors and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviors such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.

RSA Security Analytics is engineered to make it easier for organizations of any maturity to more rapidly differentiate normal behavior patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows operating systems and insight into the ways Windows logins may be manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.

RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organization can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.

Said, Grant Geyer, Senior Vice President, Products, RSA, “The changing compute paradigm enables advanced attackers to infiltrate the enterprise without setting off alarms. While rule-based analytics are an important starting point, they aren’t sufficient to spot stealthy attacks. By leveraging network packet-level visibility and data science techniques to spot anomalous behavior, RSA Security Analytics and its new behavioral analytics engine is designed to enable security teams to detect sophisticated threats faster, connect the dots between network, endpoint, and log data, and fully understand the scope of compromise.”

Added, Jon Oltsik, Senior Principal Analyst , “Behavior Analytics is emerging as a critical threat detection capability for attacks that evade traditional monitoring technologies. Having a comprehensive view of user and entity behavior, along with the knowledge of threat actor tools, tactics and procedures, security teams can more effectively identify potential attacks, in real time, and avoid drowning in data and alerts.”

Lisa Roger, Vice President, Commercial Cyber Security, Leidos, adds, “Security teams need an easier, more effective way to detect anomalous network, endpoint, and user behavior. This gives security teams the ability to pinpoint potential threats before they cause damage. Our goal is to provide a powerful behavioral analytics engine for our customers’ threat detection and response needs. RSA’s Security Analytics will help us do just that, enabling our customers, at all maturity levels, to expand their security analysts skills to more rapidly and wisely focus their response to both known and unknown threats.”

Related posts

Team Computers and Apple Collaborate to Empower GCCs with Smarter Workplace Solutions

enterpriseitworld

Ajay Ajmera Joins Group CIO at Rockman Industries 

enterpriseitworld

Versa Envisions Securing Anywhere, Anytime Access with VersaONE Universal SASE

enterpriseitworld
x