Upload
truongminh
View
227
Download
0
Embed Size (px)
Citation preview
RSA enVision: Transform your Security OperationsA Technical overview & demo of RSA enVisionThe Information Log Management Platform for Security and Compliance Success
Eoin ThorntonSenior Security ArchitectZinopy Security Ltd.
FinancialFinancialExecutiveExecutive
R&DR&D
DMZDMZ
Data CenterData Center
Changing Threats and More Demanding Regulations
Careless users leaking IP
New Web 2.0 and P2P technologies
Costly audit requirements
External attacks
Ever‐changing business requirements
Malicious insiders taking financial info
IT Staff Feels the Pressure
Real‐time security posture is difficult to understand.
Overwhelming to process raw log and event volume.
Security team lacks visibility into the IT environment.
Compliance is costly and resource‐intensive.
Issues and Needs
Overwhelming to process raw log and event volume.
Real‐time security posture is difficult to understand.
Non‐intrusive log collection to access all event sources.Non‐intrusive log collection to access all event sources.
Complete information lifecycle management process.Complete information lifecycle management process.
Real‐time risk‐based prioritization of events. Real‐time risk‐based prioritization of events.
Compliance reports in minutes not weeks.Compliance reports in minutes not weeks.
Security team cannot see into the IT environment.
Compliance is time‐consuming.
RSA enVision 3‐in‐1 SIEM Platform
servers storageapplications / databases
security devices
network devices
SimplifyingCompliance
Compliance reports for regulations and internal policy
AuditingReporting
EnhancingSecurity
Real‐time security alerting and analysis
Forensics Alert / correlation
Optimizing IT & Network Operations
IT monitoring across the infrastructure
VisibilityNetwork baseline
Purpose‐built database(IPDB)
RSA enVision Log Management platform
Simplifying ComplianceRobust Alerting & Reporting
1400 reports+ included out of the box
Easily customizable
Grouped according to standards, e.g. National Laws (SOX, Basel II, JSOX), Industry Regulations (PCI), Best Practices & Standards (ISO 27002, ITIL)
Enhancing SecuritySupport the 3 key aspects of Security Operations
Turn real time events, e.g. threats, into actionable data
Turn real time events, e.g. threats, into actionable data
Create a closed‐loop incident handling process
Create a closed‐loop incident handling process
SIEM technology provides real‐time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis.
Mark Nicolette, Gartner
Report on the effectiveness of security management
Report on the effectiveness of security management
Benefits
Turns raw log data into actionable informationIncreases visibility into security, compliance and operational issuesSaves time through compliance reportingStreamlines the security incident handling processLowers operational costs
Why enVision?Any Data ‐ Any Scale
• Collection of any type of log data, real‐time correlation, and best‐in‐breed scalability
Lowest TCO SIEM solution• Appliance form factor, agentless architecture• Flexible but simple customization
Most Complete Security Knowledge• Comprehensive combination of event sources, correlation rules and
reports• Frequent updates to security knowledgebase• Broad partner eco‐system of strategic technology partners plus front‐
line security and compliance expertiseProven Solution with a large and active install base
• Unparalleled installed base of more than 1600 production customers• Active online customer “Intelligence Community” for shared best
practices and knowledge All from EMC/RSA
• Simplified IT operations, single point of contact, and global customer support
• Integration with RSA and EMC solutions (e.g. Access Manager, Authentication Manager, Voyence, Celerra, Symmetrix)
RSA enVisionStand‐alone Appliances to Distributed Solutions
EPS
500
1000
2500
5000
10000
30000
# DEVICES
7500
300,000
100 200 400 750 1250 1500 2048 30,000
ES Series
LS Series
Collect Collect Collect
RSA enVision DeploymentScales from a single appliance….
Baseline Report Forensics
Manage
DeviceDeviceTrend MicroAntivirus
MicrosoftISS
JuniperIDP
CiscoIPS
NetscreenFirewall
WindowsServer
CorrelatedAlerts
RealtimeAnalysis
LegacyRSA enVision Supported Devices
Integrated Incident Mgmt.
Analyze
EventExplorer
UDS
Interactive Query
RSA enVision Deployment…to a distributed, enterprise‐wide architecture
A‐SRV: Analysis ServerD‐SRV: Data ServerLC: Local CollectorRC: Remote Collector
MumbaiRemote Office
NAS
ChicagoWW SecurityOperations
LC
D‐SRV
A‐SRV
NAS
LondonEuropeanHeadquarters
D‐SRV
LC
NAS
New YorkWW ComplianceOperations
A‐SRV
D‐SRV D‐SRV
LC LC
Technical demo…