rsa integrated 3-in-1 log management solution

7/31/2019 RSA Integrated 3-in-1 Log management solution

1/12

RSA Solution Brief

The RSA enVision Platform

A Single, Integrated 3-in-1Log Management Solution

RSA Solution Brief


2/12

RSA Solution Brief1

The RSA enVision Platform at a GlanceThe RSA enVision platform gives organizations a single, integrated 3-in-1 log management

solution for simplifying compliance, enhancing security and risk mitigation, and optimizing

IT and network operations through the automated collection, analysis, alerting, auditing,

reporting and secure storage of all logs.

For more than 1,600 organizations

including some of the largest global Fortune 100

enterprises RSA enVision platform technology

is crucial to monitoring and enforcing complexand exhaustive security and compliance policies

and procedures.

Collection and Management

Records and stores everything that

happens on the network, as it happens

Is easy to set up, with no agents

to be installed on your network

Integrates with hundreds of different net-

worked devices, right out of the box

Analysis and Alerting

The platforms knowledge base learns, growsand adapts to reflect a constantly changing

compliance and security landscape

Applies actionable intelligence, forensics

and reporting to identify critical events and

trends for immediate action and resolution

Gives a clear and comprehensive overview

of overall network activity with real-time

monitoring, alerts and understanding of

unusual events, tracked against an

observed baseline

Auditing and Reporting

Scales to manage tens-of-thousands of net-

work, security, host, application/ databases

and storage devices across multiple geogra-

phies

Includes more than 1,100 easy to customize

built-in reports covering a vast range of

user-defined issues, internal security poli-

cies and compliance regulations

Storage

Stores your data more efficiently

and optimizes access whenever information

is needed

Provides complete, accurate and verifiable

storage to meet compliance standards

A Proven Solution

Provides a scalable, distributed architecture

to collect, store, manage, protect and ana-

lyze event log data without data loss or cor-

ruption, both locally and remotely

Is proven to take the cost and complexity

out of compliance and security for more

than 1,600 customers worldwide

From an analyst-recognized leader in securi-

ty and event management, with a heritage in

security and the breadth of management

and storage expertise as

part of EMC

Backed by RSAs expert professional servic-

es team to deliver an aggressive ROI and an

immediate payoff in improved business con-

tinuity and performance.


3/12

RSA Solution Brief 2

Total Visibility. Total Control.

In any IP network, almost every device from firewalls

to servers generates logs of the traffic it carries, the

transactions it makes and the activities it conducts.

This data is vital to secure successful use of the

network. It helps to optimize security, business

continuity and network performance and provides anessential record of all network events and user

activity, helping comply with government, industry and

internal regulations.

But monitoring thousands of devices and then

handling and protecting the event log data each

device produces covering many thousands of events,

every second of every day can be a huge challenge.

The RSA enVision platform addresses this challenge

and makes it easy for your compliance, security and

network professionals to identify, explore and resolvecritical events and trends by building a clear and

comprehensive picture of network activity.

A 3-in-1 Log Management Solution

The RSA enVision platform gives organizations a

single, integrated 3-in-1 log management solution for

Simplifying compliance

Enhancing security and risk mitigation and

Optimizing IT and network operations.It provides automated collection, analysis, alerting,

auditing, reporting and secure storage of all logs. It is

a proven solution already deployed in more than

1,600 leading organizations worldwide.

The RSA enVision platform is a scalable, high-

availability solution for security information and event

management (SIEM). It is able to capture all the log

data on your network, all the time. It continuously

records and stores every event log generated by any

device on the network, ensuring that each event iscomplete, accurate and verifiable. It also offers

powerful analytical tools to help simplify compliance,

enhance security and risk mitigation, and optimize IT

and network operations. Quite simply, you gain three

solutions in the same box:

Purpose-built

database (IPDB)RSA enVision Log Management platform

Security devices Network devices Applications /

databases

Servers Storage

Reporting

Compliance reportsfor regulations and

internal policy

Real-time securityalerting and analysis

IT monitoring acrossthe infrastructure

Auditing Forensics Alert /correlation

Networkbaseline

Visibility

Simplifying Compliance Enhancing Security

Optimizing IT &

Network Operations

RSA enVision Information Management Platform

for Network, Compliance & Security Operations


4/12

RSA Solution Brief3

Compliance auditors have a complete set of

authentic and verifiable data to help them meet

reporting requirements.

Risk-management and security operations staffare

better able to protect their network, data and

assets empowered by real-time visibility and

understanding of suspicious network activity and

susceptible network vulnerabilities.

IT and network administrators have a record of

everything that has happened and is happening in

the network as well as insight into what mighthappen, helping to optimize network performance

and guide their activities and investments.

Log Management for Simplifying

Compliance

All the Evidence You Need to Demonstrate Corporate

Responsibility

The RSA enVision platform simplifies and streamlines

your compliance procedures by collecting all the data

that drives your business, storing it in a compliant,

protected manner and automatically generating non-

compliance alerts against an observed baseline.

Armed with this information, you can ensure and

prove compliance and give customers and trading

partners greater confidence in doing business with

you, helping to build your brand. Should the need

arise you can call up verifiable crucial evidence to

support or contest legal action in cases of wrongful

dismissal, breaches of information privacy laws or

intellectual property theft.

A Complete Record of Activity

Whatever the regulatory environment, organizations

must have systems in place to capture, collect and

protect all their event data. It must be captured across

the entire network, be readily accessible for

inspection and audit by government and regulatory

bodies and stored securely for many years to come, as

dictated by the individual regulatory requirements.

The RSA enVision platform provides a full account of

network activity and the means to meet all the

compliance demands of access and configuration

control, malware detection, policy enforcement, user

monitoring and management, and environment and

transmission security. It does this by:

Efficiently and securely collecting, protecting and

storing data exactly as network devices have

recorded it,

Establishing baselines of activity for the entire

network environment to define what constitutesnormal activity and detect any deviations from the

baseline,

Alerting affected parties to deviations from

baseline activities and detecting complex patterns

of malicious activity across multiple, network,

security and storage devices and across multiple

host applications,

Generating summary and detailed reports for

mandated periods of time, using real-time

and historic data,

Carrying out forensic analysis to correct policies

and settings on systems and provide a debug-level

view of all changes and the effect they have on the

environment, and

Establishing incident management tools to closely

monitor and correct violations and making sure

they are recorded, escalated and corrected in a

timely and thorough manner.


5/12


6/12

RSA Solution Brief5

A Close Watch

Through real-time monitoring, the RSA enVision

platform gives you a single, complete view of the

relationships between events that occur throughout

your network. It automatically monitors and helps

enforce access controls so that you can see misuse

immediately and make users accountable for both

privileged and non-privileged access to all network,

computing and application components, thereby

minimizing the risk from insider threats. It also

detects any rogue network services that use open

paths through network defenses, allowing you to shutdown network access in time to protect your

organization from information leaks, privacy breaches

and illegal content. In addition it enables you to track

the source of potential breaches using watch lists that

monitor the network addresses and names of users

who target specific services and systems.

Early Warning

Alerts can be set to trigger whenever established

baseline thresholds are exceeded, known offenders

become active, unauthorized network access or rogue

services are detected, or when a specific custom rule

is broken relating to any geography, service or device.

The RSA enVision platform correlates this event data

against its extensive knowledge base of known

vulnerabilities and the assets in your networks.

Assisted by the on-board task-triage ticketing system,

this helps managers to distinguish serious events

from false positives and prioritize resources for events

that pose a genuine risk to network and business

assets.

Security Reporting

The 1,100-plus built-in reports provide extensive

tabular and graphical analysis of security-affecting

events, helping to enforce access controls for any

asset on the network. All reports can be modified,

exported and set to cover any time period extremely

quickly, enabling prompt action to be taken.

Event Explorer

The RSA enVision Event Explorer is an advanced

analytics module that helps you to dynamically view

network behavior across application, firewall, IDS andother types of data, assessing the source, cause and

effect of a breach for its risk level, range and severity.

Enabled by the ability to conduct real-time and

historical forensic investigations, you can drill down

into the data, explore it from a variety of perspectives

and investigate a range of issues simultaneously with

sophisticated querying, filtering, searching and

sorting tools. Correlated threat detection helps you to

examine and compare patterns of network behavior

enterprise-wide, automatically assessing it in terms of

vulnerability, risk and threat.

Finding a needle in a haystack the RSA

enVision dashboard, real-time alerts and

powerful forensic and analytical tools make it

quick and easy to dig for evidence and identify

and measure unusual activity.


7/12

RSA Solution Brief 6

Log Management for Optimizing IT and

Network Operations

Cut through the complexity for a clearer view of user

activity and network performance.

The RSA enVision platform is unique in its ability to

collect all the IP activity logs generated on your

network, and then, using a revolutionary database

technology, powerful correlation capabilities and

advanced analytics, transform this mass of

unstructured, seemingly unrelated event data into

understandable information that details exactly what

is happening within the enterprise network and across

all the IT systems.

RSA enVision appliances can be deployed individually,

as a complete, self-contained solution for smaller

networks, or as part of a larger distributed architecture

that enables the rapid collection of event log data

from anywhere on a network, regardless of

geographical location or network size. Once collected,

this information is key to verifying compliance with

regulations and security policies, generating alerts for

possible security breaches, mitigating network risk,

and analyzing and reporting on network performance.

Remote Collector

Windows servers

Windowsservers

NetScreenfirewall

Windowsworkstation

Trend Microanti-virus

Netappfile server

Oraclefinancial

Netappfile server

Oraclefinancial

Customer A

Customer B

Data Center 1

View 1 View 2 View 3

Data collectors

Data server

Application server

Data Center 2

Data server

Data server

Application server

Application server

RSA enVision

Event Explorer

Data collectors

Data collectors

Security breaches leave a trail of forensicevidence. Event Explorer enables you to trace

it back to the source.

The RSA enVision platform can

capture, analyze and manage

events from the entire network

infrastructure out-of-the-box,

without requiring agents, using

event transport protocols,

including:

Syslog over UDP

Syslog over TCP

ODBC

Windows Agent-less

SNARE Agents

SNMP

Check Point LEA

Secure file transfer

(including mainframe)


8/12

7 RSA Solution Brief

Optimizing IT and Network Operations

IT organizations can leverage the platform to track and

manage activity logs for servers, networking

equipment and storage platforms, and monitor

network assets, availability and the status of people,

hardware and business applications. The RSA enVision

platform provides an intelligent forensic tool for

troubleshooting infrastructure problems and

protecting infrastructure resources, and it assists IT

managers in help-desk operations and provides

granular visibility into specific behaviors by end-users.

A Shortcut to Visibility into Your Network Infrastructure

Installation of RSA enVision appliances is simple.

Individual appliances need only be plugged into a

power source and attached to the network for you to

be up and running in an hour.

For businesses with larger networks, the RSA enVision

appliance-based solutions scale easily to cope with

the demands that come from collecting, storing and

analyzing data in real-time from thousands of network

devices which may be distributed across continentsas well as countries. The scalable solutions can easily

handle the storage demands of hundreds of gigabytes

of data, and have the proven ability to collect and

process hundreds of thousands of events per second.

These solutions are delivered on a standardized,

controlled combination of hardware, OS and software;

this means that performance levels are predictable,

reproducible and guaranteed.

Event log data is collected from all IP devices in the

network without having to deploy collecting agents on

each IP device meaning that theres no overhead on

the device performance and no additional software to

manage, maintain and update.

All the Data All the Time

The RSA enVision platform can collect all the event

data, all the time even in the busiest, most data-

intensive operations. Data collection devices can be

duplicated for high availability, providing immediate

fail-over if the primary collector fails. Real-time alerts,reports and statistical analysis are brought together

and presented graphically through a dashboard

facility, making it easy to watch and understand

events as and when they happen.

Real-time Analysis

The RSA enVision Internet Protocol Database allocates data

to different media depending on its value, archivalduration and demands for rapid access, while allowing

real-time data analysis.


9/12

8RSA Solution Brief

Keeping Pace

The RSA enVision platform learns as it goes, gathering

information into its knowledge base in real time. In

this way it builds a clear and comprehensive view of

how your network and users operate. The solution

automatically sets and updates benchmarks

(baselines) for normal activity and uses them to detect

any unusual levels of activity and complex patterns of

suspicious activity across multiple, disparate devices.

Real-time alerts can be set to trigger the moment

activity deviates from the baseline.

Fast, Intelligent Data Storage

At the heart of the platform is the patented RSA

enVision LogSmart Internet Protocol Database (IPDB).

It enables more data to be captured, managed, stored

and analyzed faster than other technologies, while

reducing the relative cost of data storage. Data

archival and access is optimized using tiered storage

across a range of online, near-line and offline systems

and media to reflect how often each file needs to be

accessed and for how long it must be retained.

Integrity Assured

The RSA enVision platform stores event data exactly as

it is received; it doesnt normalize the data or modify

it in any way. During storage, the appliance renders

the data tamperproof using the latest write-once-read-

many storage technology. Data cannot be changed,

lost or damaged, and specific records can be rapidly

and instantly retrieved as users require for reporting,

forensic analysis or exploration.

Organizations choose RSA enVision

technology because its a single, 3-in-1

integrated solution for simplifying

compliance, enhancing security and riskmitigation, and optimizing IT and network

operations.


10/12

9 RSA Solution Brief

Why Choose the RSA enVision Platform?

The RSA enVision platform is the market leading SIEM

technology platform, able to meet the demands of

networks of any size without losing any of the data

and ensuring that once data is collected it cannot be

edited or changed. Designed to make network

monitoring simple, the security-hardened RSA

enVision appliances integrate right out of the box with

hundreds of different event source types and start

gathering information from your infrastructure from the

moment you plug them in without the need to install

agents on network devices.

Once collected, stored and secured, this data is then

available to all authorized administrators, providing a

common platform for data analysis for all interested

parties. For the first time, compliance officers, security

officers and IT managers can implement a shared

infrastructure that meets their individual needs and

provides flexible, customizable reporting on data

extracted from a shared, global database.

The RSA enVision Family of Appliances

With best-in-class services products and partnerships,

RSA provides a comprehensive solution for

Information Risk Management, which is a holistic

strategy for mitigating the risks to which information is

exposed throughout its lifecycle. The RSA enVision

platforms wide range of appliances meets the SIEM

needs of many organizations and supports enterprise-

wide Information Risk Management initiatives. The ES

Series of self-contained standalone appliances

provides log management for up to 7,500 events per

second and up to 1,250 devices. Larger, more complexinfrastructures are best served by a distributed,

scalable infrastructure combining the LS Series of Data

Collectors, Data Servers and Application Servers for

greater performance and redundancy. Remote

Collectors can also be used to gather data from branch

offices or remote overseas locations.

Take Action Today

From the earliest planning stages through to final

deployment, RSA experts can work with you to identify

the specific business and compliance requirements

that apply in your industry and business, then

smoothly deploy the RSA enVision platform that fully

addresses your needs for simplifying compliance,

enhancing security and risk mitigation, and optimizing

IT and network operations. To find out more about how

your organization could benefit from the RSA enVsion

platform, please contact your local EMC or RSA Sales

representative, or visit: www.RSA.com

or www. EMC.com.


11/12


12/12

RSA is your trusted partner

2008-2009 RSA Security Inc., all rights reserved. RSA, the RSA logo

and enVision are either registered trademarks or trademarks of RSA

Security Inc. in the United States and/or other countries. EMC is a

registered trademark of EMC Corporation. All other products and

services mentioned are trademarks of their respective companies.

3IN1 SB 0309

RSA, the Security Division of EMC, is the premier

provider of security solutions for business acceleration,

helping the worlds leading organizations succeed by

solving their most complex and sensitive security chal-

lenges. RSAs information-centric approach to security

guards the integrity and confidentiality of information

throughout its lifecycle no matter where it moves, whoaccesses it or how it is used.

RSA offers industry-leading solutions in identity

assurance & access control, data loss prevention &

encryption, compliance & security information manage-

ment and fraud protection. These solutions bring trust

to millions of user identities, the transactions that they

perform, and the data that is generated. For more

information, please visit www.RSA.com and

www.EMC.com.

rsa integrated 3-in-1 log management solution

Documents