RSA Security Analytics
COLLECT, MANAGE, AND ANALYZE ALL SECURITY ACTIVITY IN YOUR ENVIROMENT With today’s rapidly evolving threat environment, one of the keys to securing your organization is the ability to see and understand everything that is happening on your network. Real-time visibility and high-powered analytics along with long term data retention are required to fulfill detection, investigation, analysis, forensic, and compliance needs. The RSA Security Analytics solution makes this a reality via two primary infrastructure elements: the capture infrastructure and the analysis and retention infrastructure. The capture infrastructure is made up of three core components: Decoders (both for logs/NetFlow and packets), Concentrators and Brokers. Each component has a critical role in providing scalability and achieving an organization’s security monitoring goals. In order to enable application layer traffic analysis in real-time at high data rates, the capture infrastructure must scale out as well as scale up. The distributed and hierarchical nature of the Security Analytics infrastructure enables an organization to incrementally add data collection, analysis, and archiving as-needed. In higher throughput environments, the ability to separate primary read and write-to-disk functions allows Security Analytics to maintain both high capture rates as well as fast analytic response times.
EXPAND AND INTEGRATE SCALABILITY
RSA Security Analytics unique architecture allows organizations to collect and analyze large amounts of data and expand linearly. The federated infrastructure allows organizations to scale, while still maintaining the ability to analyze and query seamlessly across the system. In order to enable application layer traffic in real-time at high data rates, the capture infrastructure must scale out as well as scale up. The distributed and hierarchical nature of the Security Analytics infrastructure enables an organization to incrementally add data collection, analysis, and archiving as-needed. In higher throughput environments, the ability to separate primary read and write-to-disk functions allows Security Analytics to maintain both high capture rates as well as fast analytic response times. OPEN API To scale beyond RSA Security Analytics offerings users can create their own custom security solutions by using Security Analytics’ open REST API. This open API enables other tools to integrate with the Security Analytics platform and extends the value of their existing security investments.