Unsolved
This post is more than 5 years old
666 Posts
2
5377
Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0
|
|
Ask the Expert - Heartbleed: What It Is & How to detect it using RSA Security Analytics Ask the Expert: Upgrade your Mobile Support Experience - EMC MOBILE 3.2 |
This Ask the Expert session will be covering the just announced the release of RSA Security Analytics 10.4 and RSA ECAT 4.0. These releases mark significant milestones for both products and include many powerful new features that will go a long way to helping SOCs go from the hunted to the hunter. Some highlights of the releases include:
- Complete visibility and rapid investigations enabling you to focus on the most important security incidents. Teams can now rapidly investigate incidents with network packet, endpoint, logs and NetFlow data to understand the true nature and scope of an incident
- All the capabilities of a log-centric SIEM … and beyond. By using both endpoint data and network data RSA Security Analytics & RSA ECAT can spot incidents that logs can’t while meeting all the requirements of a traditional SIEM tool.
- Discover hidden endpoint malware in real time. RSA ECAT can detect malware and other endpoint threats that go undiscovered by traditional AV and can quickly investigate and analyze suspicious endpoint activity. Once malware is discovered easily determine how for it has spread through the enterprise.
The highlights mentioned above are just the tip of the iceberg. There are too many new features to list them all! Fortunately Brian Dunphy, the head of RSA’s Advanced SOC product management group, is here to answer any questions you might have about RSA Security Analytics 10.4 and RSA ECAT 4.0.
Your Host:
Brian Dunphy is the Senior Director of Product Management for Security Analytics at RSA where he leverages his experience with security monitoring and analytics, incident response, crisis management and security operations. Prior to his current role Brian spent a decade at Symantec in their MSS group, focusing on delivering security services to global Fortune 500 companies, and eventually becoming the Senior Director of MSS Product Management.
Brian graduated from Carnegie Mellon University with a Bachelors Degree in Computer Engineering followed by a four-year stint as an Incident Response Lead at DISA while serving in the United States Air Force.
This discussion takes place September 15 - 26. Get ready by following this page to receive updates in your activity stream or through email.
Share this event on Twitter:
gage_stalwart
9 Posts
0
September 25th, 2014 13:00
Will 10.4 have the ability to better customize charts used for dashlet's? for example we have two RSA DLP line charts, one shows network events high and critical, the other shows endpoint events high and critical. One issue is that the network chart uses blue for high and green for critical, the endpoint will use green for high and blue for critical (it seems it's based on which it parsed to first) - can we modify this and control so that value 1 is red and value 2 is blue so that when a user looks at a SoC dashboard the correlation on the two makes more sense?
NWPMM
5 Posts
0
September 25th, 2014 13:00
SA 10.4 introduces the ability to view the system health of SA components from a single pane of glass in the UI, by providing visual indicators that draw the Administrator's attention to problems quickly when looking at this view. The ability to proactively trigger alarms is planned for a future release of SA.
gage_stalwart
9 Posts
0
September 25th, 2014 13:00
Device grouping by IP is not a desired solution for large enterprise environments. A better solution would be to have device groups based on hostname where regex statements could be used to create dynamic groups. For example, a large enterprise that has 500 locations has a router at each site that is labeled site#-rtr. By being able to group routers by a regex looking for site#-rtr we can easily have them all grouped (and dynamically without having to manage a list or feed) as site 1 may use .1 for the router, site 2 .254, site 3 .40 - since there is not always a constant IP scheme to build off, manually adding hundreds of devices is not desirable and this is something envision can handle now. Is this slated for a future release?
NWPMM
5 Posts
0
September 25th, 2014 13:00
http://sadocs.emc.com/0_en-us/095_10.3_User_Guide/13_Device_and_Service_Configuration/30_Decoder_and_Log_Decoder_CG/Map_IP_Address_to_Device_Type – this was released as part of Service Pack 4 for SA 10.3
gage_stalwart
9 Posts
0
September 26th, 2014 06:00
Thanks for the information, I think in this case it doesn't fully help us. As an enterprise company we may have 100, 500, or even 1,000 devices that we want to type a specific way and it should only come in as that device type. We can export our current list from envision and modify it into the format that shows in that guide, but it would be nice to have batch or mult-select window that we could filter down on (if not regex on a reverse name lookup, then try to cobble together different meta-keys) and change all. Thanks.
NWPMM
5 Posts
0
September 26th, 2014 10:00
Support for Active Directory has been possible from the UI for some time. AD support received no significant updates from SA 10.3 SP4, however there was one enhancement, namely the ability to disable LDAP referrals in Active Directory Configurations. There were no changes made to reporting of login failures in 10.4.
willig8
21 Posts
0
September 26th, 2014 13:00
You can create a feed with the IPs and hostnames, or even more directly, IPs and groups that will add hostname or group information to the meta of your choice. A dynamic DNS lookup would be prohibitively expensive.
willig8
21 Posts
0
September 26th, 2014 13:00
In SA 10.4 there is a list of event sources under Administration->Health & Wellness->Event Source Monitoring. Unfortunately, you cannot add notes or attributes currently.