rsa integrated 3-in-1 log management solution
TRANSCRIPT
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
1/12
RSA Solution Brief
The RSA enVision Platform
A Single, Integrated 3-in-1Log Management Solution
RSA Solution Brief
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
2/12
RSA Solution Brief1
The RSA enVision Platform at a GlanceThe RSA enVision platform gives organizations a single, integrated 3-in-1 log management
solution for simplifying compliance, enhancing security and risk mitigation, and optimizing
IT and network operations through the automated collection, analysis, alerting, auditing,
reporting and secure storage of all logs.
For more than 1,600 organizations
including some of the largest global Fortune 100
enterprises RSA enVision platform technology
is crucial to monitoring and enforcing complexand exhaustive security and compliance policies
and procedures.
Collection and Management
Records and stores everything that
happens on the network, as it happens
Is easy to set up, with no agents
to be installed on your network
Integrates with hundreds of different net-
worked devices, right out of the box
Analysis and Alerting
The platforms knowledge base learns, growsand adapts to reflect a constantly changing
compliance and security landscape
Applies actionable intelligence, forensics
and reporting to identify critical events and
trends for immediate action and resolution
Gives a clear and comprehensive overview
of overall network activity with real-time
monitoring, alerts and understanding of
unusual events, tracked against an
observed baseline
Auditing and Reporting
Scales to manage tens-of-thousands of net-
work, security, host, application/ databases
and storage devices across multiple geogra-
phies
Includes more than 1,100 easy to customize
built-in reports covering a vast range of
user-defined issues, internal security poli-
cies and compliance regulations
Storage
Stores your data more efficiently
and optimizes access whenever information
is needed
Provides complete, accurate and verifiable
storage to meet compliance standards
A Proven Solution
Provides a scalable, distributed architecture
to collect, store, manage, protect and ana-
lyze event log data without data loss or cor-
ruption, both locally and remotely
Is proven to take the cost and complexity
out of compliance and security for more
than 1,600 customers worldwide
From an analyst-recognized leader in securi-
ty and event management, with a heritage in
security and the breadth of management
and storage expertise as
part of EMC
Backed by RSAs expert professional servic-
es team to deliver an aggressive ROI and an
immediate payoff in improved business con-
tinuity and performance.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
3/12
RSA Solution Brief 2
Total Visibility. Total Control.
In any IP network, almost every device from firewalls
to servers generates logs of the traffic it carries, the
transactions it makes and the activities it conducts.
This data is vital to secure successful use of the
network. It helps to optimize security, business
continuity and network performance and provides anessential record of all network events and user
activity, helping comply with government, industry and
internal regulations.
But monitoring thousands of devices and then
handling and protecting the event log data each
device produces covering many thousands of events,
every second of every day can be a huge challenge.
The RSA enVision platform addresses this challenge
and makes it easy for your compliance, security and
network professionals to identify, explore and resolvecritical events and trends by building a clear and
comprehensive picture of network activity.
A 3-in-1 Log Management Solution
The RSA enVision platform gives organizations a
single, integrated 3-in-1 log management solution for
Simplifying compliance
Enhancing security and risk mitigation and
Optimizing IT and network operations.It provides automated collection, analysis, alerting,
auditing, reporting and secure storage of all logs. It is
a proven solution already deployed in more than
1,600 leading organizations worldwide.
The RSA enVision platform is a scalable, high-
availability solution for security information and event
management (SIEM). It is able to capture all the log
data on your network, all the time. It continuously
records and stores every event log generated by any
device on the network, ensuring that each event iscomplete, accurate and verifiable. It also offers
powerful analytical tools to help simplify compliance,
enhance security and risk mitigation, and optimize IT
and network operations. Quite simply, you gain three
solutions in the same box:
Purpose-built
database (IPDB)RSA enVision Log Management platform
Security devices Network devices Applications /
databases
Servers Storage
Reporting
Compliance reportsfor regulations and
internal policy
Real-time securityalerting and analysis
IT monitoring acrossthe infrastructure
Auditing Forensics Alert /correlation
Networkbaseline
Visibility
Simplifying Compliance Enhancing Security
Optimizing IT &
Network Operations
RSA enVision Information Management Platform
for Network, Compliance & Security Operations
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
4/12
RSA Solution Brief3
Compliance auditors have a complete set of
authentic and verifiable data to help them meet
reporting requirements.
Risk-management and security operations staffare
better able to protect their network, data and
assets empowered by real-time visibility and
understanding of suspicious network activity and
susceptible network vulnerabilities.
IT and network administrators have a record of
everything that has happened and is happening in
the network as well as insight into what mighthappen, helping to optimize network performance
and guide their activities and investments.
Log Management for Simplifying
Compliance
All the Evidence You Need to Demonstrate Corporate
Responsibility
The RSA enVision platform simplifies and streamlines
your compliance procedures by collecting all the data
that drives your business, storing it in a compliant,
protected manner and automatically generating non-
compliance alerts against an observed baseline.
Armed with this information, you can ensure and
prove compliance and give customers and trading
partners greater confidence in doing business with
you, helping to build your brand. Should the need
arise you can call up verifiable crucial evidence to
support or contest legal action in cases of wrongful
dismissal, breaches of information privacy laws or
intellectual property theft.
A Complete Record of Activity
Whatever the regulatory environment, organizations
must have systems in place to capture, collect and
protect all their event data. It must be captured across
the entire network, be readily accessible for
inspection and audit by government and regulatory
bodies and stored securely for many years to come, as
dictated by the individual regulatory requirements.
The RSA enVision platform provides a full account of
network activity and the means to meet all the
compliance demands of access and configuration
control, malware detection, policy enforcement, user
monitoring and management, and environment and
transmission security. It does this by:
Efficiently and securely collecting, protecting and
storing data exactly as network devices have
recorded it,
Establishing baselines of activity for the entire
network environment to define what constitutesnormal activity and detect any deviations from the
baseline,
Alerting affected parties to deviations from
baseline activities and detecting complex patterns
of malicious activity across multiple, network,
security and storage devices and across multiple
host applications,
Generating summary and detailed reports for
mandated periods of time, using real-time
and historic data,
Carrying out forensic analysis to correct policies
and settings on systems and provide a debug-level
view of all changes and the effect they have on the
environment, and
Establishing incident management tools to closely
monitor and correct violations and making sure
they are recorded, escalated and corrected in a
timely and thorough manner.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
5/12
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
6/12
RSA Solution Brief5
A Close Watch
Through real-time monitoring, the RSA enVision
platform gives you a single, complete view of the
relationships between events that occur throughout
your network. It automatically monitors and helps
enforce access controls so that you can see misuse
immediately and make users accountable for both
privileged and non-privileged access to all network,
computing and application components, thereby
minimizing the risk from insider threats. It also
detects any rogue network services that use open
paths through network defenses, allowing you to shutdown network access in time to protect your
organization from information leaks, privacy breaches
and illegal content. In addition it enables you to track
the source of potential breaches using watch lists that
monitor the network addresses and names of users
who target specific services and systems.
Early Warning
Alerts can be set to trigger whenever established
baseline thresholds are exceeded, known offenders
become active, unauthorized network access or rogue
services are detected, or when a specific custom rule
is broken relating to any geography, service or device.
The RSA enVision platform correlates this event data
against its extensive knowledge base of known
vulnerabilities and the assets in your networks.
Assisted by the on-board task-triage ticketing system,
this helps managers to distinguish serious events
from false positives and prioritize resources for events
that pose a genuine risk to network and business
assets.
Security Reporting
The 1,100-plus built-in reports provide extensive
tabular and graphical analysis of security-affecting
events, helping to enforce access controls for any
asset on the network. All reports can be modified,
exported and set to cover any time period extremely
quickly, enabling prompt action to be taken.
Event Explorer
The RSA enVision Event Explorer is an advanced
analytics module that helps you to dynamically view
network behavior across application, firewall, IDS andother types of data, assessing the source, cause and
effect of a breach for its risk level, range and severity.
Enabled by the ability to conduct real-time and
historical forensic investigations, you can drill down
into the data, explore it from a variety of perspectives
and investigate a range of issues simultaneously with
sophisticated querying, filtering, searching and
sorting tools. Correlated threat detection helps you to
examine and compare patterns of network behavior
enterprise-wide, automatically assessing it in terms of
vulnerability, risk and threat.
Finding a needle in a haystack the RSA
enVision dashboard, real-time alerts and
powerful forensic and analytical tools make it
quick and easy to dig for evidence and identify
and measure unusual activity.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
7/12
RSA Solution Brief 6
Log Management for Optimizing IT and
Network Operations
Cut through the complexity for a clearer view of user
activity and network performance.
The RSA enVision platform is unique in its ability to
collect all the IP activity logs generated on your
network, and then, using a revolutionary database
technology, powerful correlation capabilities and
advanced analytics, transform this mass of
unstructured, seemingly unrelated event data into
understandable information that details exactly what
is happening within the enterprise network and across
all the IT systems.
RSA enVision appliances can be deployed individually,
as a complete, self-contained solution for smaller
networks, or as part of a larger distributed architecture
that enables the rapid collection of event log data
from anywhere on a network, regardless of
geographical location or network size. Once collected,
this information is key to verifying compliance with
regulations and security policies, generating alerts for
possible security breaches, mitigating network risk,
and analyzing and reporting on network performance.
Remote Collector
Windows servers
Windowsservers
NetScreenfirewall
Windowsworkstation
Trend Microanti-virus
Netappfile server
Oraclefinancial
Netappfile server
Oraclefinancial
Customer A
Customer B
Data Center 1
View 1 View 2 View 3
Data collectors
Data server
Application server
Data Center 2
Data server
Data server
Application server
Application server
RSA enVision
Event Explorer
Data collectors
Data collectors
Security breaches leave a trail of forensicevidence. Event Explorer enables you to trace
it back to the source.
The RSA enVision platform can
capture, analyze and manage
events from the entire network
infrastructure out-of-the-box,
without requiring agents, using
event transport protocols,
including:
Syslog over UDP
Syslog over TCP
ODBC
Windows Agent-less
SNARE Agents
SNMP
Check Point LEA
Secure file transfer
(including mainframe)
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
8/12
7 RSA Solution Brief
Optimizing IT and Network Operations
IT organizations can leverage the platform to track and
manage activity logs for servers, networking
equipment and storage platforms, and monitor
network assets, availability and the status of people,
hardware and business applications. The RSA enVision
platform provides an intelligent forensic tool for
troubleshooting infrastructure problems and
protecting infrastructure resources, and it assists IT
managers in help-desk operations and provides
granular visibility into specific behaviors by end-users.
A Shortcut to Visibility into Your Network Infrastructure
Installation of RSA enVision appliances is simple.
Individual appliances need only be plugged into a
power source and attached to the network for you to
be up and running in an hour.
For businesses with larger networks, the RSA enVision
appliance-based solutions scale easily to cope with
the demands that come from collecting, storing and
analyzing data in real-time from thousands of network
devices which may be distributed across continentsas well as countries. The scalable solutions can easily
handle the storage demands of hundreds of gigabytes
of data, and have the proven ability to collect and
process hundreds of thousands of events per second.
These solutions are delivered on a standardized,
controlled combination of hardware, OS and software;
this means that performance levels are predictable,
reproducible and guaranteed.
Event log data is collected from all IP devices in the
network without having to deploy collecting agents on
each IP device meaning that theres no overhead on
the device performance and no additional software to
manage, maintain and update.
All the Data All the Time
The RSA enVision platform can collect all the event
data, all the time even in the busiest, most data-
intensive operations. Data collection devices can be
duplicated for high availability, providing immediate
fail-over if the primary collector fails. Real-time alerts,reports and statistical analysis are brought together
and presented graphically through a dashboard
facility, making it easy to watch and understand
events as and when they happen.
Real-time Analysis
The RSA enVision Internet Protocol Database allocates data
to different media depending on its value, archivalduration and demands for rapid access, while allowing
real-time data analysis.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
9/12
8RSA Solution Brief
Keeping Pace
The RSA enVision platform learns as it goes, gathering
information into its knowledge base in real time. In
this way it builds a clear and comprehensive view of
how your network and users operate. The solution
automatically sets and updates benchmarks
(baselines) for normal activity and uses them to detect
any unusual levels of activity and complex patterns of
suspicious activity across multiple, disparate devices.
Real-time alerts can be set to trigger the moment
activity deviates from the baseline.
Fast, Intelligent Data Storage
At the heart of the platform is the patented RSA
enVision LogSmart Internet Protocol Database (IPDB).
It enables more data to be captured, managed, stored
and analyzed faster than other technologies, while
reducing the relative cost of data storage. Data
archival and access is optimized using tiered storage
across a range of online, near-line and offline systems
and media to reflect how often each file needs to be
accessed and for how long it must be retained.
Integrity Assured
The RSA enVision platform stores event data exactly as
it is received; it doesnt normalize the data or modify
it in any way. During storage, the appliance renders
the data tamperproof using the latest write-once-read-
many storage technology. Data cannot be changed,
lost or damaged, and specific records can be rapidly
and instantly retrieved as users require for reporting,
forensic analysis or exploration.
Organizations choose RSA enVision
technology because its a single, 3-in-1
integrated solution for simplifying
compliance, enhancing security and riskmitigation, and optimizing IT and network
operations.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
10/12
9 RSA Solution Brief
Why Choose the RSA enVision Platform?
The RSA enVision platform is the market leading SIEM
technology platform, able to meet the demands of
networks of any size without losing any of the data
and ensuring that once data is collected it cannot be
edited or changed. Designed to make network
monitoring simple, the security-hardened RSA
enVision appliances integrate right out of the box with
hundreds of different event source types and start
gathering information from your infrastructure from the
moment you plug them in without the need to install
agents on network devices.
Once collected, stored and secured, this data is then
available to all authorized administrators, providing a
common platform for data analysis for all interested
parties. For the first time, compliance officers, security
officers and IT managers can implement a shared
infrastructure that meets their individual needs and
provides flexible, customizable reporting on data
extracted from a shared, global database.
The RSA enVision Family of Appliances
With best-in-class services products and partnerships,
RSA provides a comprehensive solution for
Information Risk Management, which is a holistic
strategy for mitigating the risks to which information is
exposed throughout its lifecycle. The RSA enVision
platforms wide range of appliances meets the SIEM
needs of many organizations and supports enterprise-
wide Information Risk Management initiatives. The ES
Series of self-contained standalone appliances
provides log management for up to 7,500 events per
second and up to 1,250 devices. Larger, more complexinfrastructures are best served by a distributed,
scalable infrastructure combining the LS Series of Data
Collectors, Data Servers and Application Servers for
greater performance and redundancy. Remote
Collectors can also be used to gather data from branch
offices or remote overseas locations.
Take Action Today
From the earliest planning stages through to final
deployment, RSA experts can work with you to identify
the specific business and compliance requirements
that apply in your industry and business, then
smoothly deploy the RSA enVision platform that fully
addresses your needs for simplifying compliance,
enhancing security and risk mitigation, and optimizing
IT and network operations. To find out more about how
your organization could benefit from the RSA enVsion
platform, please contact your local EMC or RSA Sales
representative, or visit: www.RSA.com
or www. EMC.com.
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
11/12
-
7/31/2019 RSA Integrated 3-in-1 Log management solution
12/12
RSA is your trusted partner
2008-2009 RSA Security Inc., all rights reserved. RSA, the RSA logo
and enVision are either registered trademarks or trademarks of RSA
Security Inc. in the United States and/or other countries. EMC is a
registered trademark of EMC Corporation. All other products and
services mentioned are trademarks of their respective companies.
3IN1 SB 0309
RSA, the Security Division of EMC, is the premier
provider of security solutions for business acceleration,
helping the worlds leading organizations succeed by
solving their most complex and sensitive security chal-
lenges. RSAs information-centric approach to security
guards the integrity and confidentiality of information
throughout its lifecycle no matter where it moves, whoaccesses it or how it is used.
RSA offers industry-leading solutions in identity
assurance & access control, data loss prevention &
encryption, compliance & security information manage-
ment and fraud protection. These solutions bring trust
to millions of user identities, the transactions that they
perform, and the data that is generated. For more
information, please visit www.RSA.com and
www.EMC.com.