As security threats increase, so do the costs to handle such events. In addition, organizations are faced with evolving regulatory pressure and compliance requirements. While intended to mitigate risk, these requirements add an additional layer of complexity to the management workload. Faced with constrained resources, organizations must streamline their security operations beyond point products to drive efficiency. By implementing an ASO function, organizations can better identify and respond to the evolving risk and regulatory landscape.
"The sophistication and prevalence of today's security threats, coupled with the costs of handling these threats, has required us to focus on building a more advanced security operations function," said Pierluigi Sartori, Head of Security Office, Informatica Trentina. "The need to think beyond the traditional view of security and acquire the processes and capabilities needed are paramount to us meeting our business objectives."
"Swift action is the goal of every security operations team -- even in a virtualized environment," said Vivian Tero, Program Director for GRC Infrastructure of IDC. "By providing a comprehensive approach to security operations, an advanced security operations function enables visibility and real-time intelligence to act quickly in the event of an incident as well as identify and understand vulnerabilities early enough to prevent incidents from happening in the first place."
RSA's Advanced Security Operations Solutions is Engineered to Allow Organizations to:
-- Minimize risks and associated costs by identifying information security vulnerabilities and threats -- Gain the greatest leverage from investments in other IT systems that are deployed broadly across the infrastructure -- Take advantage of emerging technologies, services and technology integrations that offer new security capabilities -- Address security controls in the context of IT compliance requirements -- Make efficient use of human resources by eliminating non-value-added manual tasks and leveraging technology that automates key processes -- Implement a comprehensive incident-handling program -- Create an effective framework for long-term security and information risk management
Core Technologies for Building an Advanced Security Operations Function
The RSA Archer eGRC Platform is designed to serve as the foundation of an ASO function by providing a repository of threat and incident data and a centralized, automated incident handling process. The Platform is engineered to pull risk and security-related information from third-party systems, such as the RSA enVision platform, the RSA Data Loss Prevention Suite and RSA FraudAction service, to create meaningful, real-time intelligence across the enterprise. The ability to integrate intelligence on security alerts and threats, to gather and present metrics about the effectiveness of security controls and security management processes, and to analyze contextual information about the security and business environment helps enable organizations to more successfully assess business impact.
The RSA enVision platform is engineered to provide an integrated security information and event management (SIEM) and log management solution that collects, correlates and retains complete log records from every system that generates logs. RSA enVision technology is designed to produce real-time alerts of high-risk events and offers visibility into the behavioral aspects of users to assist in remediation.
The RSA Data Loss Prevention (DLP) Suite is built to alert organizations of sensitive data activity that is suspicious or violates organizational policy. DLP also executes first-line remediation functions, such as blocking the transmission of sensitive data, or quarantining, deleting, moving or applying rights management to documents that contain private data.
RSA FraudAction service is engineered to provide a proven service geared toward stopping and preventing phishing, pharming and Trojan attacks that occur in the online channel. This service is designed to offer a comprehensive view of the current and emerging threat environment by identifying employees, machines or other internal resources that may be under attack or compromised. RSA FraudAction service helps enable organizations to minimize resource investment while deploying a solution quickly, including 24x7 monitoring and detection, real-time alerts and reporting, forensics and countermeasures, and site blocking and shutdown.
Services from EMC Consulting leverages the security expertise and industry leadership of RSA to accelerate and optimize security strategies and risk postures, while transforming security to a business enabler. These capabilities range from strategies and architectures appropriate to the client's Security Operations and Incident Response objectives, through the roadmap, business and operational procedures and workflows, deployment, and lifecycle optimization of an advanced security operations function.
Solutions and services for Advanced Security Operations are available immediately on a worldwide basis directly through RSA and EMC Consulting. More information can be found at http://www.rsa.com/node.aspx?id=3821.
About RSA, The Security Division of EMC
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
EMC, RSA, Archer, enVision, and FraudAction are either registered trademarks, trademarks or service marks of EMC Corporation in the United States and other countries. All other products and/or services mentioned may be trademarks of their respective owners.