San Francisco – MENA Herald: RSA, The Security Division of EMC (NYSE:EMC), today announced that RSA® Security Analytics now offers a real-time behavior analytics engine that is designed to expedite detection of advanced attack activities. Using machine learning techniques, the engine is built to able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watchlists. In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings – helping to enable the discovery of the full scope of a threat actors’ activity within the enterprise.
RSA Security Analytics’ new real-time behavior analytics engine is designed to identify specific anomalous activities and behaviors and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviors such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.
RSA Security Analytics is engineered to make it easier for organizations of any maturity to more rapidly differentiate normal behavior patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows® operating systems and insight into the ways Windows logins may be
manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.
RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organization can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.
The next version of RSA Security Analytics that include these features will be available in Q1 2016.
For more information, please visit the RSA Security Analytics site.
Grant Geyer, Senior Vice President, Products, RSA: “The changing compute paradigm enables advanced attackers to infiltrate the enterprise without setting off alarms. While rule-based analytics are an important starting point, they aren’t sufficient to spot stealthy attacks. By leveraging network packet-level visibility and data science techniques to spot anomalous behavior, RSA Security Analytics and its new behavioral analytics engine is designed to enable security teams to detect sophisticated threats faster, connect the dots between network, endpoint, and log data, and fully understand the scope of compromise.”
Jon Oltsik, Senior Principal Analyst : “Behavior Analytics is emerging as a critical threat detection capability for attacks that evade traditional monitoring technologies. Having a comprehensive view of user and entity behavior, along with the knowledge of threat actor tools, tactics and procedures, security teams can more effectively identify potential attacks, in real time, and avoid drowning in data and alerts.”