RSA enVision: Transform your Security Operations
A Technical overview & demo of RSA enVision
The Information Log Management Platform for Security and Compliance Success Eoin Thornton
Senior Security Architect
Zinopy Security Ltd.
Changing Threats and More Demanding Regulations
External attacks
Malicious insiders taking financial info
Data Center
Careless users leaking IP
R&D
Costly audit requirements
DMZ
Executive
Ever‐changing business requirements
Financial
New Web 2.0 and P2P technologies
IT Staff Feels the Pressure
Security team lacks visibility into the IT environment.
Compliance is costly and resource‐intensive.
Overwhelming to process raw log and event volume.
Real‐time security posture is difficult to understand.
Issues and Needs
Security team cannot see into the IT environment.
Non‐intrusive log collection to access all event sources.
Overwhelming to process raw Complete information lifecycle log and event volume.
management process.
Real‐time security posture is difficult to understand.
Real‐time risk‐based prioritization of events. Compliance is time‐
consuming.
Compliance reports in minutes not weeks.
RSA enVision 3‐in‐1 SIEM Platform
Simplifying
Compliance
Enhancing
Security
Optimizing IT & Network Operations
Compliance reports for regulations and internal policy
Real‐time security alerting and analysis
IT monitoring across the infrastructure
Reporting
Forensics
Auditing
Purpose‐built database
(IPDB)
security devices
Alert / correlation
Network baseline
Visibility
RSA enVision Log Management platform
network devices
applications / databases
servers
storage
Simplifying Compliance
Robust Alerting & Reporting
1400 reports+ included out of the box
Easily customizable
Grouped according to standards, e.g. National Laws (SOX, Basel II, JSOX), Industry Regulations (PCI), Best Practices & Standards (ISO 27002, ITIL)
Enhancing Security
Support the 3 key aspects of Security Operations
Turn real time Turn real time events, e.g. threats, events, e.g. threats, into actionable data
into actionable data
Create a closed‐loop Create a closed‐loop incident handling incident handling process
process
Report on Report on the effectiveness the effectiveness of security of security management
management
SIEM technology provides real‐time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis.
Mark Nicolette, Gartner
Benefits
Turns raw log data into actionable information
Increases visibility into security, compliance and operational issues
Saves time through compliance reporting
Streamlines the security incident handling process
Lowers operational costs
Why enVision?
Any Data ‐ Any Scale
• Collection of any type of log data, real‐time correlation, and best‐in‐
breed scalability
Lowest TCO SIEM solution
• Appliance form factor, agentless architecture
• Flexible but simple customization
Most Complete Security Knowledge
• Comprehensive combination of event sources, correlation rules and reports
• Frequent updates to security knowledgebase
• Broad partner eco‐system of strategic technology partners plus front‐
line security and compliance expertise
Proven Solution with a large and active install base
• Unparalleled installed base of more than 1600 production customers
• Active online customer “Intelligence Community” for shared best practices and knowledge All from EMC/RSA
• Simplified IT operations, single point of contact, and global customer support
• Integration with RSA and EMC solutions (e.g. Access Manager, Authentication Manager, Voyence, Celerra, Symmetrix)
RSA enVision
Stand‐alone Appliances to Distributed Solutions
300,000
30000
LS Series
EPS
10000
7500
ES Series
5000
2500
1000
# DEVICES
500
100 200
400
750 1250 1500 2048 30,000
RSA enVision Deployment
Scales from a single appliance….
Baseline
Correlated
Alerts
Report
Realtime
Analysis
Interactive
Integrated Incident
Forensics Query
Mgmt.
Event
Explorer
Analyze
Manage
Collect
Collect
Collect
UDS
Windows
Server
Netscreen
Firewall
Cisco
IPS
Juniper
IDP
RSA enVision Supported Devices
Microsoft
ISS
Trend Micro
Antivirus
Device
Device
Legacy
RSA enVision Deployment
…to a distributed, enterprise‐wide architecture
D‐SRV
A‐SRV
LC
D‐SRV
NAS
NAS
LC
London
European
Headquarters
Chicago
WW Security
Operations
A‐SRV
D‐SRV
D‐SRV
Mumbai
Remote Office
NAS
LC
A‐SRV:
D‐SRV: LC: RC: LC
Analysis Server
Data Server
Local Collector
Remote Collector
New York
WW Compliance
Operations
Technical demo…
Thank You!
Any questions?
[email protected]