Mabro1
3 Zinc

Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

YOU MAY ALSO BE INTERESTED ON THESE ATE EVENTS...

Ask the Expert - Heartbleed: What It Is & How to detect it using RSA Security Analytics

Ask the Expert: Upgrade your Mobile Support Experience - EMC MOBILE 3.2

https://community.emc.com/thread/225382

This Ask the Expert session will be covering the just announced the release of RSA Security Analytics 10.4 and RSA ECAT 4.0.  These releases mark significant milestones for both products and include many powerful new features that will go a long way to helping SOCs go from the hunted to the hunter.  Some highlights of the releases include:

  • Complete visibility and rapid investigations enabling you to focus on the most important security incidents.  Teams can now rapidly investigate incidents with network packet, endpoint, logs and NetFlow data to understand the true nature and scope of an incident

  • All the capabilities of a log-centric SIEM … and beyond.  By using both endpoint data and network data RSA Security Analytics & RSA ECAT can spot incidents that logs can’t while meeting all the requirements of a traditional SIEM tool.

  • Discover hidden endpoint malware in real time.  RSA ECAT can detect malware and other endpoint threats that go undiscovered by traditional AV and can quickly investigate and analyze suspicious endpoint activity. Once malware is discovered easily determine how for it has spread through the enterprise.

The highlights mentioned above are just the tip of the iceberg. There are too many new features to list them all! Fortunately Brian Dunphy, the head of RSA’s Advanced SOC product management group, is here to answer any questions you might have about RSA Security Analytics 10.4 and RSA ECAT 4.0.

Your Host:

Brian Dunphy is the Senior Director of Product Management for Security Analytics at RSA where he leverages his experience with security monitoring and analytics, incident response, crisis management and security operations.   Prior to his current role Brian spent a decade at Symantec in their MSS group, focusing on delivering security services to global Fortune 500 companies, and eventually becoming the Senior Director of MSS Product Management.

Brian graduated from Carnegie Mellon University with a Bachelors Degree in Computer Engineering followed by a four-year stint as an Incident Response Lead at DISA while serving in the United States Air Force.

This discussion takes place September 15 - 26. Get ready by following this page to receive updates in your activity stream or through email.


Share this event on Twitter:

>> Join the next Ask the Expert: What's New in #RSA Security Analytics http://bit.ly/1xIWEVo 9/15 - 9/26 #EMCATE <<

Tags (2)
23 Replies
Mabro1
3 Zinc

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

This discussion is now open for questions. We very much look forward to an interactive and informative discussion.

0 Kudos
cheilig
1 Nickel

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Has the ability to create dashboards from ESA Alerts been added into 10.4?

0 Kudos
SeffyGHops
2 Bronze

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Unfortunately we were unable to add that to 10.4, hopefully we will have it in a future release

0 Kudos
ksp3
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

What are the new features in RSA security analytics 10.4

0 Kudos
SeffyGHops
2 Bronze

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

There are quite a few new features and we're really proud of this release.  Some of the major categories of new features are:

·  Complete Visibility.  SA 10.4 expands our visibility story by expanding from logs and packets to endpoint and NetFlow visibility.   For endpoint visibility, RSA ECAT extends our insight into high risk processes and file visibility, while NetFlow provides visibility into internal traffic and lateral movement.

·  Rapid Investigations. We have added a seris of enhancements for analysts, to include improved performance and advanced abilities to query and search.  The SA 10.4 capabilities provide security analysts the ability to hone in on issues with precision and speed.

·  SIEM & Beyond Analytics. Unlike other SIEMs, Security Analytics can detect events not only using logs, but with meta from Packets and ECAT alerts.  In SA 10.4 we also enable the RSA Analytics Warehouse to deliver packaged data science based analytics to detect “under the radar” attacks.

·  Prioritized Incident Management. We now have the capability to prioritize alerts, enabling analysts to natively perform incident management in RSA Security Analytics and combine alerts across logs, endpoints, packets and malware data into incidents..  Security teams can drive actions such assigning incidents, triggering investigations, and comment in an analyst journal.  This new capability also integrates with SecOps for Archer for enhanced workflow, pre-defined incident response procedures, breach management and additional investigative context.

· Scalable and Modular Platform.  We offer SIEM, Network Forensics, and Endpoint Detection in modules to provide customers a platform that they can build on as their security program matures. Deploy the entire solution, or just the modules you need right now.

0 Kudos
gage_stalwart
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

I heard that in 10.4 we will be able to do static device typing (i.e. lock an IP address to a specific device type like Cisco Router). Where and how will this be accomplished?

0 Kudos
gage_stalwart
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

We've seen a lot of issues around reports not running when using a time frame of more then 30 minutes to an hour. They give us 500 internal server errors, will this be resolved in 10.4?

0 Kudos
gage_stalwart
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Does 10.4 have the ability to show in the UI the parser xml file so that we can determine what messages SA knows about without having to look at the file through an SSH or WinSCP sessions? Along with this, is there a place in the GUI that we can map the eventid that we find in the parser xml file to the event category name that is used within the UI for meta without having to use SSH or WinSCP to manually pull the ecat file and find it?

0 Kudos
gage_stalwart
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Does 10.4 have the ability to do device grouping? When writing an alert in ESA, if we want to only know if core switches have high alerts, we currently have to put all 20+ IP's manually into the ESA logic (and do this for each alert), being able to group devices easily by function/location would be a huge time-saver.

0 Kudos