|
RSA
Ships New enVision Appliances Designed to Make Security Information
and Event Management more Affordable for Mid-Sized Organizations
RSA,
The Security Division of EMC (NYSE: EMC), today announced enhancements
to RSA enVisionR, its market-leading single, integrated 3-in-1 log
management solution for Security Information and Event Management
(SIEM). The RSA enVision 4.0 platform is designed to simplify compliance,
enhance the efficiency and effectiveness of security operations
and risk mitigation, and optimize IT and network operations through
the automated collection, analysis, alerting, auditing, reporting
and storage of IT log data.
Beyond
analyzing and correlating alerts on log data from all event sources,
the RSA enVision platform is designed to enable organizations to
efficiently pinpoint where potential security problems are most
likely to occur.
“The
rapid evolution of security threats combined with tightening budgets
for security professionals means that our customers rely more heavily
on their SIEM systems for better threat identification and information
risk management,” said Christopher Young, Senior Vice President
of Products at RSA. “RSA enVision platform brings its users an even
more powerful solution, in an already industry-leading product,
through enhanced security and IT operations capabilities, from a
trusted security partner. And by offering new models priced and
configured for mid-sized organizations, we can help these customers
meet their increased security and compliance needs in today’s tighter
budget climates.”
New Enhancements to RSA enVision
The
latest release of RSA enVision contains enhancements that allow
customers to assign risk values to certain threats and enable IT
organizations to fine-tune the effectiveness of security policies,
processes and resources. These enhancements are designed to help
customers reduce security incident response time and improve the
efficiency and productivity of their security operations personnel.
Additional new features include:
The
ability to provide relevant, real-time information to security analysts
by:
Integrating
with common configuration management and vulnerability assessment
solutions and providing regular threat and vulnerability information,to
ease the process of importing accurate and up-to-date asset and
event data and mapping it to current threats.
Enhancing alerting capabilities to notify analysts when high risk
vulnerabilities are discovered, or when attackers try to exploit
those vulnerabilities.
Providing improved correlation rules that can be easily tailored
to the customer’s environment, to help detect the highest priority
threats.
Streamlining
incident handling processes by:
Providing
an interface expressly designed for investigating security issues,
so that the analyst can easily evaluate events leading up to the
incident and monitor a specific problem evolving in real-time.
Making more asset and vulnerability information available to security
analysts, to give analysts additional context as they investigate
an incident.
Providing closed-loop integration with trouble ticketing systems,
to auto-escalate incidents to a trouble ticketing system and send
the status back to the RSA enVision platform once closed. This allows
security operations processes to be better aligned with wider enterprise
operations functions, like service level management.
Increased
visibility on the effectiveness of security measures by:
Providing
enhanced reporting around how incidents are created, escalated and
responded to, such that security managers have the ability to identify
bottlenecks in the incident handling process.
Improving asset and vulnerability information available in reports
to help security managers and analysts prioritize activity by evaluating
which of their hosts are the most vulnerable or at the biggest risk
to attack.
Providing better access to threat and attack trend information for
managers and architects to provide visibility into which of their
security controls are working, and which areas need investment.
Security
assessment, enablement and integration services:
Services
to support your security operations with RSA enVision includes a
security assessment and enablement services package. Additional
services include integration with ticketing systems for incident
handling, vulnerability and asset management, and customized reporting.
Depository
Trust and Clearing Corporation Gets Better Visibility into Risk
for High Priority Assets
One
organization that has successfully leveraged RSA enVision is Depository
Trust and Clearing Corporation (DTCC). DTCC was seeking a solution
to collect, analyze, correlate and alert log data from all event
sources across their network and IT infrastructure while also combining
real-time threat, vulnerability, IT asset and environmental data.
RSA enVision 4.0 enables DTCC to respond quickly and thoroughly
to high-risk security issues. Automating these processes has helped
increase IT operational productivity while simultaneously increasing
security and reducing overall cost.
“RSA’s
enVision provides an effective way of automating the analysis of
vast amounts of security event data,” said Jim Routh, CISO of DTCC.
“After implementing RSA enVision 4.0, our security team had better
visibility into our entire enterprise and the vulnerability and
risk of high-priority assets. The security team can now focus on
high-risk issues and adapt and adjust policies, procedures and investments
thereby better mitigating our overall security risk and improving
productivity.”
Cyberklix
Becomes More Efficient as a Managed Security Provider
Cyberklix
Inc. (www.cyberklix.com) is one of North America’s premier Managed
Security Services Providers (MSSP). Cyberklix has demonstrated innovation
and thought leadership in the area of SIEM for the last six years
using the RSA enVision platform as the foundation of their managed
services. Currently, Cyberklix is monitoring and managing over 15,000
devices using the RSA EnVision product.
“RSA
enVision 4.0 has made the business of compliance and security operations
so much more efficient and effective.” said John Menezes, CEO of
Cyberklix, “The ability to integrate Asset Management and Vulnerability
Management information with the logs being collected allows us to
be significantly more efficient as an MSSP. Our customers benefit
by having a strong proactive security posture and reduced risk.”
Communication
Valley Increases Automation and Efficiency on Event Filtering and
Triage
Communication
Valley, a security service provider in Italy, provides clients complete
Managed Security Services, including 24x7 real time monitoring,
response and forensics, compliance and security assessment. Communication
Valley chose the RSA enVision platform as its core SIEM solution
because Communication Valley believes RSA enVision has the ability
to collect data from more devices with the lowest TCO, and all from
a proven security vendor.
“In
2008, by using RSA enVision's advanced rules and correlation capabilities,
we were able to collect 149 billion events, resulting in 106 million
alerts and only about 2,400 actual open tickets. Now with RSA enVision
4.0's integration of assets and vulnerability data, we will be able
to further automate and better triage these tickets," Massimo
Selmi, COO of Communication Valley (Reply Group).
New
RSA enVision Appliances Help Mid-Sized Organizations Realize Same
Benefits
Mid-sized
enterprises are adopting SIEM technologies in recognition that they
have compliance and risk obligations just as larger enterprises
do. Yet these customers often face constraints in security staff
size and budget, making RSA enVision’s capabilities even more attractive.
To
enhance its service of the SIEM market, RSA is introducing two new
models to the family of RSA enVision appliances. The ES-1260 and
ES-3060 are specifically designed to help mid-sized enterprise customers
monitor large numbers of devices that produce low volumes of event
traffic, for example, a retailer subject to PCI requirements. The
ES-1260 currently supports up to 600 devices and event volumes of
up to 1,200 events per second. The ES-3060 currently supports up
to 1,200 devices and event volumes of up to 3,000 events per second.
These two models offer customers the same powerful features as every
other RSA enVision appliance.
RSA推出全新enVision應用 讓中型企業更易掌握資訊安全和事件管理
EMC旗下信息安全部RSA今天宣布其領先市場的RSA enVision ,資訊保安事件管理(Security Information
and Event Management, SIEM)解決方案推出升級版本,為企業提供三合一日誌管理方案。RSA enVision
4.0平台旨在簡化法規遵循的流程,提高保安措施操作和風險減緩的效率和效能,透過自動收集、分析、預警、評核、報告和儲存IT日誌數據,優化IT和網絡的運行。
除了對來自所有事件源頭的日誌數據預警進行分析,並解構當中的相關性,RSA enVision平台經過悉心設計,讓企業機構能有效地確定潛在保安問題最有可能在哪裡發生。
RSA品部高級副總裁Christopher Young表示:「保安專業人員面對迅速演變的保安威脅,加上進一步收緊的預算,意味著我們的用戶更加倚重SIEM系統,務求更有效地確定威脅和管理資訊風險。RSA
enVision平台在其業界領先的產品中加強保安和IT操作功能,藉由值得信賴的保安合作夥伴,為用戶帶來一個更加強大的解決方案。新型號提供為中型機構而設的定價和配置,讓我們可以協助這些客戶面對現時日趨緊拙的預算,滿足他們在保安和法規遵循方面更高的要求。」
RSA enVision的強化功能
最新版本的RSA enVision包含了一些強化功能,讓用戶將風險值分配給已特定的威脅,並能夠讓IT機構調整保安政策、流程和資源的有效性。這些強化功能旨在協助客戶縮短保安事故的回應時間,同時提高保安操作人員的工作效率和生產力。其他嶄新功能包括:
向保安分析員提供相關、實時資訊的能力:
- 整合了通用配置管理和保安漏洞評估解決方案,提供定期的威脅和保安漏洞資訊,並將匯入準確及最新資產和事件數據,以解構與當前威脅之相關性的流程簡化。
- 加強預警功能,以便在發現高風險保安漏洞,或在攻擊者試圖利用這些保安漏洞時,馬上通知分析員。
- 提供強化的相關性規則,輕易地配合客戶的環境,以協助檢測最高級別的威脅。
簡化事故處理流程:
- 提供專為調查保安問題而設的界面,讓分析員可以輕易地評估導致事故發生的事件,並實時監控特定問題的演變。
- 為保安分析員提供更多的資產和保安漏洞資訊,在分析員調查事件時提供額外的背景資料。
- 提供與故障記錄系統的閉環整合,自動將事故升級到故障記錄系統,並且在解決後將有關狀況傳送回RSA enVision平台。這使保安全操作流程更有效地配合企業更廣泛的營運功能,如服務級別管理。
提高保安措施有效性的監控:
- 針對事故如何形成、逐步升級和回應,提供更強大的報告,讓保安管理人員能夠確定事故處理流程中的瓶頸。
- 在報告中提供更豐富的資產和保安漏洞資訊,協助保安管理人員和分析員評估哪台主機存在著最嚴重的保安漏洞或最大的攻擊風險,從而對活動作出優先處理排序。
- 使管理人員和工程師可以更容易存取有關風險和攻擊趨勢的資訊,以確定哪些保安監控措施正有效地運作,哪些地方需要增加投資。
保安評估,授權和整合服務:
- 利用RSA enVision支援保安操作的服務,包括保安評估與授權服務套裝。額外的服務還包括與事故記錄系統的整合,以協助事故處理、保安漏洞和資產管理,以及定制報告。
Depository Trust and Clearing Corporation (DTCC) 對其優先級別資產存在的風險有更清晰的了解
DTCC是一家成功利用RSA enVision的機構。這家公司過去一直在尋求一個解決方案,能在其網絡和IT基建中收集、分析、關聯和預警所有事件源頭的日誌數據,並同時結合實時威脅、漏洞、IT資產和環境數據。RSA
enVision 4.0使DTCC能夠迅速並徹底地對高風險保安問題作出回應。這些流程的自動化,在協助DTCC提高IT營運效率的同時,還提高了其安全性,並降低了整體成本。
DTCC首席訊息保安總監Jim Routh表示:「RSA的enVision提供了一個自動分析大量保安事件數據的有效方法。我們採用RSA
enVision 4.0之後,DTCC保安團隊能夠更清楚地看到我們整個企業和優先級別資產存在的保安漏洞和風險。保安團隊現在可以將他們的精力集中在高風險的問題上,並對政策、流程和投資進行適當的調整,從而更有效地減輕我們的整體保安風險和提高生產力。」
Cyberklix 成為更加有效的安全管理供應商
Cyberklix公司(www.cyberklix.com/)是北美首屈一指的保全管理服務供應商(Managed Security
Services Provider, MSSP)。Cyberklix在過去六年一直利用RSA enVision平台作為其管理服務基礎,在SIEM方面已經表現出其創新和領導能力。目前,Cyberklix利用RSA
enVision產品監控並管理著多達1萬5千多台設備。
Cyberklix行政總裁John Menezes表示:「RSA enVision 4.0可讓企業的法規遵循和保安操作更具效率,事半功倍。資產管理和保安漏洞管理資訊與所收集日誌資訊的整合功能,使我們成為一家極具效率的保安管理服務供應商。我們的客戶不僅能夠受惠於強大積極的保安措施,而且還可以降低風險。」
Communication Valley提高了事件過濾與分流的自動化程度和效率
意大利安全服務供應商Communication Valley為客戶提供完整的保安管理服務,包括24x7的實時監控、回應和鑒定、法規遵循以及保安評估。Communication
Valley選擇了RSA enVision平台作為其核心SIEM解決方案,全因為他們深信RSA enVision 能夠以最低的總體擁有成本,從眾多設備當中收集數據,而所有的方案均由廣受認可的保安供應商提供。
Communication Valley (Reply Group) 營運總監Massimo Selmi表示:「在2008年,我們透過RSA
enVision先進的規則和關聯功能,共收集了1,490億個事件,從而發出了1.06億個預警,卻只有大約2,400宗實際的問題記錄。採用RSA
envision 4.0整合的資產和漏洞數據後,我們能夠進一步更有效地自動分流這些問題記錄。」
全新RSA enVision 設備協助中型企業獲得同樣的好處
中型企業採用SIEM技術進行識別,使他們也能像大型企業一樣,具有法規遵循和風險的責任。然而,這些客戶往往受到保安工作團隊規模和預算方面的限制,令RSA
enVision的功能更具吸引力。
為提高其SIEM市場的服務,RSA在其RSA enVision設備家族中推出了兩款新型號。ES - 1260和ES - 3060專為協助中型企業客戶對那些只產生較少流量的一眾設備進行監控,例如需遵守PCI要求的零售商。ES
- 1260目前最多支援600台設備,支援的最高事件量高達每秒1,200個。ES - 3060目前最多支援1,200台設備,支援的最高事件量商達每秒3,000個。這兩個新型號為客戶提供了與其他所有RSA
enVision設備同樣強大的功能。
|
