Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

12:00 AM
Dark Reading
Dark Reading
Products and Releases

RSA Security Analytics Now Extends Visibility from the Endpoint to the Cloud

New Flexible Packaging Helps Ensure Cost Effective, Enterprise-Wide Visibility for Customers


RSA, The Security Division of EMC (NYSE:EMC), today announced new capabilities have been added to RSA® Security Analytics that are designed to help organizations extend protection of their infrastructure into the cloud. RSA Security Analytics is engineered to give organizations the necessary context to help detect and respond to today’s advanced attack campaigns before they can damage the business. This release also is built to offer visibility into attacks that target critical customer-facing web and mobile applications, and introduces data privacy capabilities. In addition to extending the reach into the cloud, RSA Security Analytics is now being offered with new pricing and packaging options including throughput-based pricing that better aligns the investment to the scale of the customer deployment for better cost efficiency. In addition, customers will also be able to leverage their own storage investments.

While logs are a valuable piece of the puzzle, they’re limited by what the preventative controls they monitor can detect, and alone are not enough to identify advanced attacks. In fact, most successful attacks go undiscovered by logs alone. In addition, even when log-based Security Incident and Event Management (SIEM) systems are able to detect the faint signals of an attack, they are unable to piece them together to provide security analysts with the understanding to quickly respond to and disrupt the attack. Instead they overwhelm analysts with alerts that lack the context needed to take action.

Security teams need to take a multifaceted and integrated approach to security in order to fully comprehend an attack, speed up response time when an incident occurs, and facilitate a return to business as usual. RSA Security Analytics is designed to aggregate logs, along with data from network packets, endpoints, and now the cloud, and contextually analyzes the data to help allow organizations to quickly and fully understand what was targeted, the attacker’s strategy and actions within the organization, and the magnitude of the attack such that they can respond before a breach of confidential information can occur. This release also is engineered to introduce the ability for customers also leveraging RSA® Web Threat Detection to correlate enterprise attacks with web and mobile application exploitation, which is designed to help organizations defend against both security attacks and fraudulent user activity that targets their critical customer-facing web and mobile applications. The addition of cloud and application insight reiterates RSA’s commitment to offering the broadest visibility in the industry to help detect and respond to advanced cyber attacks.

Additionally, RSA Security Analytics is now more accessible to customers and channel partners through the addition of flexible pricing and packaging options. Organizations can now choose from deployment models that include throughput based pricing, subscription options and use case based packages. With this release customers can also leverage their own storage with RSA Security Analytics. Throughput based pricing lets customers tailor their purchase to fit their exact needs and, by leveraging existing storage, could potentially lower the total cost of ownership to deploy. Customers and partners also have the option to shift to an operational expense model by leveraging subscription based pricing.

Finally, RSA Security Analytics is now engineered to include new data privacy capabilities. This feature is designed to offer the ability to share valuable insight to security analysts without exposing them to their organization’s or employees’ most sensitive data, like PII. The ability to redact specific information will allow users to focus on safeguarding their organization without violating data privacy guidelines. These new capabilities for RSA Security Analytics are all available this quarter.


Grant Geyer, Senior Vice President, Products, RSA
“As the threat landscape grows in complexity and more advanced attacks emerge, organizations can no longer rely solely on a log-centric approach to security. RSA Security Analytics is what SIEM was meant to be by giving enterprises the ability to detect attacks missed by other tools and respond before attackers can do damage. By integrating a wide range of inputs from packets, to logs, to endpoints, RSA Security Analytics exposes attacks that would otherwise go unnoticed. ”

Jon Oltsik, Principal Analyst, Enterprise Strategy Group 
“It is clear that protection technologies alone are inadequate for blocking today’s advanced attacks. This is where the security industry needs to move beyond legacy approaches so that they can gain the needed visibility into suspicious behavior and the latest threats. Traditional log-centric SIEM is no longer enough; information security analytics must collect and analyze the right data for more rapid cyber-attack detection before these attacks can inflict damage and loss on an organization.”


  • Download The Evolution of SIEM e-book for additional insight on why it is critical to move beyond logs to defend against attacks


Intelligence Driven Security solutions help organizations reduce the risks of operating in a digital world.  Through visibility, analysis, and action, RSA solutions give customers the ability to detect, investigate and respond to advanced threats; confirm and manage identities; and ultimately, help prevent IP theft, fraud and cybercrime.  For more information on RSA, please visit www.rsa.com.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.



Lona Therrien
RSA, The Security Division of EMC
[email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...