Heathrow, 4th August 2011
RSA, the Security Division of EMC, Revolutionizes Situational Awareness, Providing Real-Time Visibility into The Most Complex Cyber Threats
RSA NetWitness Panorama™ Module Unifies Pervasive Network Monitoring and Log Data to Deliver Complete View of Potential Threats.
RSA enVision® 4.1 SIEM Platform Improves Speed and Simplicity for Real-Time Queries and Reporting, Enabling Faster, More Granular Investigations of Events and Log Data.
RSA, The Security Division of EMC (NYSE:EMC), today announced a revolutionary approach to situational awareness for information security with the launch of RSA NetWitness Panorama™ technology and enhancements to its RSA enVision® Security Information and Event Management (SIEM) platform. These improvements are designed to provide customers with the ability to better identify and combat today’s advanced threats.
RSA NetWitness Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with RSA NetWitness, enterprises can now have extraordinarily broad and robust high-speed visibility into the critical information needed to help detect today’s targeted, dynamic and stealthy attack techniques. RSA NetWitness Panorama may be deployed in three ways: as an extension to RSA NetWitness installations to combine the diverse information contained in log files with the deep content of full traffic capture, alongside RSA enVision for fast security analytics across the volumes of log data collected by RSA enVision, or as a standalone log analytics module with or without other 3rd party SIEM tools.
“Customers are wrestling with the need to use a variety of data sources both to demonstrate compliance and to combat advanced threats”
said Amit Yoran, Senior Vice President and General Manager, Security Management and Compliance Business, RSA, The Security Division of EMC.
“Log management and SIEM technologies are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and the agility to adapt to the ever-changing threat landscape. Our enhancements to RSA enVision make it a more powerful tool for compliance reporting and also for analysis of log data as part of the security process. And, by providing native, cross-environment visibility and threat-informed analytics across log data and full packet capture, RSA NetWitness Panorama technology offers security teams an unprecedented view of organizational activity across even more of their IT infrastructure.”
RSA NetWitness Panorama Module Delivers Situational Awareness
RSA NetWitness Panorama technology is designed to apply a host of NetWitness innovations to make log data an active part of security operations. Those innovations are engineered to include:
The RSA NetWitness Panorama module can either consume syslog data directly or gain richer data via direct feeds from the RSA enVision SIEM platform to provide even greater context for investigations and incident response.
“Enterprises continue to struggle to achieve adequate visibility into a variety of advanced, targeted and layered threats that evade detection by traditional approaches to incident management,”
said Lawrence Pingree, Research Director, Gartner.
“Combating these attacks requires security teams to think differently about how they can achieve situational awareness. The ability to understand complete security context is significantly enhanced through the fusion of disparate security events in conjunction with protocol level visualization, and is an essential component to the efficiency of today’s security operations and incident response triage procedures.”
RSA enVision Enhancements Improve Speed of Investigations.
Enhancements to the RSA enVision SIEM platform are designed to increase the speed and simplicity of ad-hoc queries against log data, while improving report management capabilities. Customers can now execute queries for investigation and incident response across large volumes of log data with up to 10X improvements in response time over the previous version. RSA enVision 4.1platform is also engineered to enable RSA enVision ES centralized deployments to be run as a fully virtual machine and offers virtual collectors for RSA enVision LS distributed deployments, making it simpler for customers to implement consistent security and compliance across physical and virtual infrastructures. The performance improvements of ad-hoc queries in the RSA enVision 4.1 platform help deliver the speed and flexibility critical for log-specific investigations and forensics.