WIXLIB

RSA Solution BriefRSA enVision Platform Compliance and SecurityInformation ManagementRSA Solution Brief

Actionable Compliance and Security IntelligenceRSA enVision technology is an information management platform for comprehensive andefficient transformation of event data into actionable compliance and security intelligence.RSA – The Security Division of EMC – pioneered security information and event management(SIEM), which has become a necessity for any company with operation-critical IT infrastructure and accountability to compliance standards. The most accurate analysis and verifiablecompliance requires thorough data gathering. The RSA enVision Platform has been proven toefficiently collect and protect All the Data from any IP device, in computing environments ofany size, without filtering and without the need to deploy agents.Based on the LogSmart Internet Protocol Database (IPDB), RSA enVision appliances captureand store up to hundreds of thousands of data events per second, providing an enterpriseview of activity from any number of sources, including perimeter and network devices, operating systems and even proprietary applications. That’s why over 800 customers – includingsome of the largest global Fortune 100 enterprises – have selected RSA enVision technologyas the optimal platform to acquire and leverage security and compliance intelligence.RSA enVision Platform:– View real-time events, correlateevents across device types– Alert against baseline anomalies– Alert on unusual privileged useractivity– Maintain digital chain of custodywith unaltered log data for dataretention and forensic requirements– Automate compliance reports– Provide inbound and outbound IPtraffic summaries1RSA Solution BriefA Platform for Enterprise Log Management,Compliance and SecurityThe RSA enVision platform eliminates redundantbusiness data silos that can be created in manyorganizations. By collecting and managing All theData , the platform helps inform virtually anyone inyour organization. Everyone from desktop operations,to the help desk, to applications and networkmanagement professionals can get the informationthey need from a single platform for enterprise logmanagement, compliance and security. Capturingevery event on the network ensures effective enterprise SIEM and eliminates uncertainty. Complianceauditors have a complete set of data to meet reportingrequirements. Risk management staff and securityoperations have complete picture to evaluate securityalerts in real time. Thanks to powerful RSA enVisioncollection, management and analysis tools,compliance and security objectives are easilyachieved.

Stakeholder ValueWhat is needed?The RSA enVision Platform AnswerNetworkAdministratorWhat systems are in place tomonitor access control, privilegeduser monitoring and configurationcontrols?By capturing All the Data , RSA enVision technology analyzes hundreds of disparate security events and provides alerts on changesand unauthorized use of systems in real-time, making managingsecurity more streamlined.SecurityAdministratorHow will your organizationcreate a compliance program in acost-effective manner?Prove compliance with packaged reporting templates formattedspecifically for Sarbanes-Oxley, GLBA, PCI, HIPAA, FISMA, NERC,Basel II, and NISPOM.ServerAdministratorHow can you keep up with real-timemonitoring, threat detection andmalicious code detection withoutbeing flooded by false positives?RSA enVision technology reduces false positives by correlatingdata against other network and security devices and helps you torank threats to your most critical assets and brings those threats toyour immediate attention.DatabaseAdministratorWhen a security threat is identified,how can I cross-reference that withthe rest of the network?With RSA enVision Event Explorer, you can look across applications, firewall, IDS and other types of data and zoom in on thedata from different perspectives.How do I add my proprietaryapplication to the mix?In addition to hundreds of supported devices, the RSA enVisionplatform’s open architecture provides all the tools required to addnew source devices at will.StakeholdersApplicationAdministratorA Platform for Information ManagementA Platform for SuccessMeeting compliance mandates and providing foraccurate forensic analysis means that ever-increasingamounts of log data must be retained. The ability tostore and manage this data over its lifecycle is nowimperative for successful SIEM deployment. Fromhigh-availability collection and protection to tieredstorage optimization, RSA enVision technologyprovides a platform for enterprises of all sizes tomanage growing volumes of information economically,according to its changing value to the business. TheRSA enVision Information Lifecycle Management (ILM)solution set ensures long-term SIEM success withinformation lifecycle management abilities rangingfrom flexible retention policies to integrations withleading storage vendors to available pre-configuredstorage options.Proven performance, collection and analysis of All theData, best-in-class scalability, and the most completeinformation lifecycle management means that RSAenVision technology continues to be a leading platformfor compliance and security operations success.Moreover, the open architecture of RSA enVision can fityour security and compliance strategy by supportinginteroperation with other SIEM components andanalysis tools, handling any device type, andintegrating with EMC and leading third party storagesolutions. It all adds up to better overall return oninvestment, which is why RSA enVision technologycontinues to be a leader in SIEM solutions.a leader in security information andevent management solutionsRSA Solution Brief2

BusinessOperationsCompliance tionsNetworkOperationsApplication erationsSecurityOperationsIncidentManagementLog ManagementRSA enVision InformationManagement Platform forCompliance & Security OperationsCollectionTo truly secure the information infrastructure,organizations need to know exactly what is happeningacross the entire network and IT infrastructure – all ofthe time. Complete collection of all event data,including employee activities, access to customer andfinancial information, and suspect or denied accessattempts from outside the network is key to fullsecurity and compliance regulation coverage. The RSAenVision platform allows organizations to capture datain real time from thousands of disparate devices andapplications across the enterprise. Whereas othersolutions reduce or pre-filter the data coming fromsource devices, RSA enVision appliances leverage theadvanced LogSmart IPDB architecture to capture Allthe Data from network, security, host, application andstorage layers across the enterprise. Data isimmediately and efficiently written and read back forswift analysis.3RSA Solution BriefAgent-free collection means faster deployment, noongoing management of agents spread throughoutthe network, no risk or impact to the network infrastructure and reduced total cost of ownership due tothe ease of configuration and deployment.Universal Device Support provides the ability to addmessage collection from devices and applications inan ad-hoc manner. The RSA enVision openarchitecture provides all the tools required to add newsource devices on-the-fly. Ideal for auditingapplications built in-house and for second-tierdevices, universal device support gives the user aneasy to use platform to collect, analyze and managelog data fornew devices and it offers:– A graphical user interface to add new messages.– Control over device and message classification.– Simple definition of message IDs and payload data.– Support for multiple applications running onthe same host.

– All reports can be modified to meet specific needs.Analysis– Reports can span any time period, from minutes tomonths of data.RSA enVision technology radically simplifies securityand compliance by consolidating and analyzing datafrom complex enterprise infrastructure. This powerfulcapability allows organizations to respond faster toexternal threats and discern internal ones by gainingunified and comprehensive visibility over theirnetworks.– Reports can run ad hoc or can be scheduled to runautomatically.– Multiple tabular and graph outputs are supported.– Multiple export formats supported, including .csv,.pdf and more.Forensics– Baselines are created automatically – with noconfiguration required.The RSA enVision platform provides a detailed view ofthe events that trigger security threats thanks toextensive drill-down capabilities. Securityadministrators can see exactly what patterns areforming on their networks and the specific IPaddresses, ports, hosts, users and protocols involvedin these patterns. Extensive querying and filteringcapabilities and robust user interface tools all helpusers to search for data by any user-defined attribute.– Baselines are available for any user-defined timeframe.Visually Analyze All the DataBaselinesThe RSA enVision platform is built on top of aknowledge base encompassing tens-of-thousands ofknown log messages and an open classificationtaxonomy that learns network patterns to establishbaselines.– Correlation rules can be built to detect baselineanomalies based on percentage change.– Dynamic baselines can be created to track specificgroups of devices and events.Correlated Alerts & Security ReportsWith its scalable data collection and vast view of alllogs, the RSA enVision reporting engine provides quickand easy access to compliance-sensitive data. Built-inreports are available for specific complianceregulations, and administrators cancreate reports based on theirorganization’s specific compliancepolicies. With over 700 built-in reports,RSA enVision technology providesinformation on a wide variety of userdefined issues.Event Explorer is an advanced analytics module for theRSA enVision platform. You can rely on the Platform tocapture All the Data and Event Explorer to dynamicallyview it. With the ability to zoom into selectedperspectives, Event Explorer widens the range ofissues that can be investigated simultaneously. EventExplorer provides a flexible window into compliance,security and business operations so you can analyzeAll the Data and benefit from 100 percent visibility intothe security and compliance infrastructure.Event ExplorerPowerful real-time event informationanalysis and visualizationRSA Solution Brief4

volumes of information according to its changingvalue to the business. The RSA enVision ILM solutionset encompasses processes, tools, and configurationsthat meet the critical need to optimize, protect, storeand intelligently manage large volumes of informationover the security and compliance informationlifecycle. RSA enVision ILM technology encompassesManagementFrom high availability collection and protection topolicy-based retention to tiered storage optimization,RSA enVision technology provides the most completeplatform for enterprises of all sizes to manage growingRSA enVision AppliancesEvery enterprise is unique. That’s why RSA offers a range of solutions that are scalableto any size. As you grow, your SIEM solution can easily grow with you. Pleasecontact RSA to find out about an appliance solution that will meet your exact needs.ES SeriesES 560ES 2560ES 5060ES plianceStandaloneSIEMapplianceSustained events PS500 EPS1,000 EPS2,500 EPS5,000 EPS7,500 EPSMaximum devicesper appliance1002004007501,250SimultaneousRSA enVision users68101214Simultaneous EventExplorer usersincluded/maximum1/52/53/54/55/5Storage300 GB internal300 GB internal300 GB internalExternal storage requiredExternal storage requiredLS R601LS R602LS D60LS A60LS Series5ES 1060LC L605LS pplianceSustained events PSNA30,000 EPS5,000 EPS10,000 EPS1,000 EPS2,000 EPSMaximum devices A enVision users16NANANANANASimultaneous EventExplorer usersincluded/maximum5/15NANANANANAStorageRSA enVision NAS3500RSA Solution Brief