RSA Ships New enVision Appliances

RSA enVision 4.0 platform aimed to simplify security information and event management (SIEM) for midsize businesses

March 10, 2009

7 Min Read


Bedford, MA " RSA, The Security Division of EMC (NYSE: EMC), today announced enhancements to RSA enVision', its market-leading single, integrated 3-in-1 log management solution for Security Information and Event Management (SIEM). The RSA enVision 4.0 platform is designed to simplify compliance, enhance the efficiency and effectiveness of security operations and risk mitigation, and optimize IT and network operations through the automated collection, analysis, alerting, auditing, reporting and storage of IT log data. Beyond analyzing and correlating alerts on log data from all event sources, the RSA enVision platform is designed to enable organizations to efficiently pinpoint where potential security problems are most likely to occur.

" The rapid evolution of security threats combined with tightening budgets for security professionals means that our customers rely more heavily on their SIEM systems for better threat identification and information risk management," said Christopher Young, Senior Vice President of Products at RSA. "The RSA enVision platform brings its users an even more powerful solution, in an already industry-leading product, through enhanced security and IT operations capabilities, from a trusted security partner. By offering new models priced and configured for mid-sized organizations, we can help these customers meet their increased security and compliance needs in today's tighter budget climates."

New Enhancements to RSA enVision The latest release of RSA enVision contains enhancements that allow customers to assign risk values to certain threats and enable IT organizations to fine-tune the effectiveness of security policies, processes and resources. These enhancements are designed to help customers reduce security incident response time and improve the efficiency and productivity of their security operations personnel. Additional new features include:

The ability to provide relevant, real-time information to security analysts by: Integrating with common configuration management and vulnerability assessment solutions and providing regular threat and vulnerability information, to ease the process of importing accurate and up-to-date asset and event data and mapping it to current threats. Enhancing alerting capabilities to notify analysts when high risk vulnerabilities are discovered, or when attackers try to exploit those vulnerabilities. Providing improved correlation rules that can be easily tailored to the customer's environment to help detect the highest priority threats, Streamlining incident handling processes by: Providing an interface expressly designed for investigating security issues, so that the analyst can easily evaluate events leading up to the incident and monitor a specific problem evolving in real-time. Making more asset and vulnerability information available to security analysts, to give analysts additional context as they investigate an incident. Providing closed-loop integration with trouble ticketing systems, to auto-escalate incidents to a trouble ticketing system and send the status back to the RSA enVision platform once closed. This allows security operations processes to be better aligned with wider enterprise operations functions, like service level management.

Increased visibility on the effectiveness of security measures by: Providing enhanced reporting around how incidents are created, escalated and responded to, such that security managers have the ability to identify bottlenecks in the incident handling process. Improving asset and vulnerability information available in reports to help security managers and analysts prioritize activity by evaluating which of their hosts are the most vulnerable or at the biggest risk to attack. Providing better access to threat and attack trend information for managers and architects to provide visibility into which of their security controls are working, and which areas need investment. Security assessment, enablement and integration services: Services to support your security operations with RSA enVision includes a security assessment and enablement services package. Additional services include integration with ticketing systems for incident handling, vulnerability and asset management, and customized reporting.

Depository Trust and Clearing Corporation Gets Better Visibility into Risk for High Priority Assets One organization that has successfully leveraged RSA enVision is Depository Trust and Clearing Corporation (DTCC). DTCC was seeking a solution to collect, analyze, correlate and alert log data from all event sources across their network and IT infrastructure while also combining real-time threat, vulnerability, IT asset and environmental data. RSA enVision 4.0 enables DTCC to respond quickly and thoroughly to high-risk security issues. Automating these processes has helped DTCC increase IT operational productivity while simultaneously increasing security and reducing overall cost. "RSA's enVision provides an effective way of automating the analysis of vast amounts of security event data," said Jim Routh, CISO of DTCC. "After implementing RSA enVision 4.0, our security team had better visibility into our entire enterprise and the vulnerability and risk of high-priority assets. The security team can now focus on high-risk issues and adapt and adjust policies, procedures and investments thereby better mitigating our overall security risk and improving productivity." Cyberklix Becomes More Efficient as a Managed Security Provider Cyberklix Inc. ( is one of North America's premier Managed Security Services Providers (MSSP). Cyberklix has demonstrated innovation and thought leadership in the area of SIEM for the last six years using the RSA enVision platform as the foundation of their managed services. Currently, Cyberklix is monitoring and managing over 15,000 devices using the RSA enVision product. "RSA enVision 4.0 has made the business of compliance and security operations so much more efficient and effective." said John Menezes, CEO of Cyberklix, "The ability to integrate Asset Management and Vulnerability Management information with the logs being collected allows us to be significantly more efficient as an MSSP. Our customers benefit by having a strong proactive security posture and reduced risk." Communication Valley Increases Automation and Efficiency on Event Filtering and Triage Communication Valley, a security service provider in Italy, provides clients complete Managed Security Services, including 24x7 real time monitoring, response and forensics, compliance and security assessment. Communication Valley chose the RSA enVision platform as its core SIEM solution because Communication Valley believes RSA enVision has the ability to collect data from more devices with the lowest TCO, and all from a proven security vendor. "In 2008, by using RSA enVision's advanced rules and correlation capabilities, we were able to collect 149 billion events, resulting in 106 million alerts and only about 2,400 actual open tickets. Now with RSA enVision 4.0's integration of assets and vulnerability data, we will be able to further automate and better triage these tickets," Massimo Selmi, COO of Communication Valley (Reply Group). New RSA enVision Appliances Help Mid-Sized Organizations Realize Same Benefits Mid-sized enterprises are adopting SIEM technologies in recognition that they have compliance and risk obligations just as larger enterprises do. Yet these customers often face constraints in security staff size and budget, making RSA enVision's capabilities even more attractive. To enhance its service of the SIEM market, RSA is introducing two new models to the family of RSA enVision appliances. The ES-1260 and ES-3060 are specifically designed to help mid-sized enterprise customers monitor large numbers of devices that produce low volumes of event traffic, for example, a retailer subject to PCI requirements. The ES-1260 currently supports up to 600 devices and event volumes of up to 1,200 events per second. The ES-3060 currently supports up to 1,200 devices and event volumes of up to 3,000 events per second. These two models offer customers the same powerful features as every other RSA enVision appliance.

About RSA RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle " no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights