Security Analytics 10.5 - Zift Solutions
Security Analytics 10.5 What’s New in SA 10.5 Customer Overview, GA June 2015
Security Analytics 10.5 – Key Messages Threat Detection & Investigation beyond just logs - This is what SIEM was meant to be
Spot more attacks with complete visibility - from the endpoint to the cloud
Choose the deployment that is right for you with flexible delivery models © Copyright 2014 EMC Corporation. All rights reserved.
2
First - What our Customers Are Saying… “10.4 is night and day above everything else we’ve had.” “RSA turned the corner with SA 10.4”
“We’ve really expanded the SOC and it has given us better visibility with management.” © Copyright 2015 EMC Corporation. All rights reserved.
“Speed is 100x better; functionality is good; feature set is a lot better, things are easier”
“Our experience is much improved with 10.4”
3
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
4
Expanded Visibility - Cloud • Visibility into the Cloud providers – Initial integration with AWS via CloudTrail – Future cloud vendors planned
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
5
Expanded Visibility – Critical Web Applications (via WTD)
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
6
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
7
Improved “Hunting” Combining Fragmented Sessions
© Copyright 2014 EMC Corporation. All rights reserved.
8
Improved “Hunting” Reconstruction Improvements 10.4
© Copyright 2014 EMC Corporation. All rights reserved.
• 10.5
9
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
10
Expanded SIEM Capabilities • Event Source Monitoring (ESM) • Alerted when logs are no longer being received – SIEM customers need this
© Copyright 2014 EMC Corporation. All rights reserved.
11
Expanded SIEM Capabilities • Investigate against archived log data • Adhoc Analyst Workbench for Archiver
• Enhancements for ESA rule creation, editing and trial-mode
© Copyright 2014 EMC Corporation. All rights reserved.
12
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
13
Data Privacy • Data Obfuscation – Allow Data Privacy Officer or Admin to identify and restrict access using roles & permissions to personally identifiable data (as deemed by the customer) – Can choose meta to designate as sensitive and obfuscate it
© Copyright 2014 EMC Corporation. All rights reserved.
14
Data Obfuscation – ESA Alert
© Copyright 2014 EMC Corporation. All rights reserved.
15
Data Obfuscation – Analyst Investigation
© Copyright 2014 EMC Corporation. All rights reserved.
16
Configurable SA Health Monitoring & Alerting Configurable Policy Groups
Multiple Rules per Policy Group
© Copyright 2014 EMC Corporation. All rights reserved.
17
Health Rule Builder
Choose a Stat
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
18
Alarm E-mail Notifications • Includes both initial failure alarm & recovery • Easy to read on both desktop and mobile email clients. • Visual queues for High severity Alarms. • Syslog & SNMP traps planned for 2H’2015
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
19
SA User Audit Logging • Audit logs include: – – – – –
User Login / Logoff UI Pages Accessed Queries performed Data Exported Change made
• Audit logs are syslog’d off of SA for integrity purposes. – Format configurable
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
20
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
21
New Packaging Models Use Case Driven Packaging Metered by Throughput or Endpoints (ECAT only)
Perpetual & Subscription Terms available
SA - Network Monitoring & Forensics
SA - Log Monitoring & SIEM
ECAT - Endpoint Analytics
Appliances
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
Storage
22
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.
Security Analytics 10.5 – Key Messages Threat Detection & Investigation beyond just logs - This is what SIEM was meant to be
Spot more attacks with complete visibility - from the endpoint to the cloud
Choose the deployment that is right for you with flexible delivery models © Copyright 2014 EMC Corporation. All rights reserved.
2
First - What our Customers Are Saying… “10.4 is night and day above everything else we’ve had.” “RSA turned the corner with SA 10.4”
“We’ve really expanded the SOC and it has given us better visibility with management.” © Copyright 2015 EMC Corporation. All rights reserved.
“Speed is 100x better; functionality is good; feature set is a lot better, things are easier”
“Our experience is much improved with 10.4”
3
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
4
Expanded Visibility - Cloud • Visibility into the Cloud providers – Initial integration with AWS via CloudTrail – Future cloud vendors planned
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
5
Expanded Visibility – Critical Web Applications (via WTD)
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
6
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
7
Improved “Hunting” Combining Fragmented Sessions
© Copyright 2014 EMC Corporation. All rights reserved.
8
Improved “Hunting” Reconstruction Improvements 10.4
© Copyright 2014 EMC Corporation. All rights reserved.
• 10.5
9
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
10
Expanded SIEM Capabilities • Event Source Monitoring (ESM) • Alerted when logs are no longer being received – SIEM customers need this
© Copyright 2014 EMC Corporation. All rights reserved.
11
Expanded SIEM Capabilities • Investigate against archived log data • Adhoc Analyst Workbench for Archiver
• Enhancements for ESA rule creation, editing and trial-mode
© Copyright 2014 EMC Corporation. All rights reserved.
12
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
13
Data Privacy • Data Obfuscation – Allow Data Privacy Officer or Admin to identify and restrict access using roles & permissions to personally identifiable data (as deemed by the customer) – Can choose meta to designate as sensitive and obfuscate it
© Copyright 2014 EMC Corporation. All rights reserved.
14
Data Obfuscation – ESA Alert
© Copyright 2014 EMC Corporation. All rights reserved.
15
Data Obfuscation – Analyst Investigation
© Copyright 2014 EMC Corporation. All rights reserved.
16
Configurable SA Health Monitoring & Alerting Configurable Policy Groups
Multiple Rules per Policy Group
© Copyright 2014 EMC Corporation. All rights reserved.
17
Health Rule Builder
Choose a Stat
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
18
Alarm E-mail Notifications • Includes both initial failure alarm & recovery • Easy to read on both desktop and mobile email clients. • Visual queues for High severity Alarms. • Syslog & SNMP traps planned for 2H’2015
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
19
SA User Audit Logging • Audit logs include: – – – – –
User Login / Logoff UI Pages Accessed Queries performed Data Exported Change made
• Audit logs are syslog’d off of SA for integrity purposes. – Format configurable
© Copyright 2015 EMC Corporation. All rights reserved.
This roadmap documents contains “forward looking statements” and are plans, not commitments
20
Security Analytics 10.5 –The Focus Areas
Expanded Visibility
Improvements in Investigation
Platform Enhancements
© Copyright 2014 EMC Corporation. All rights reserved.
Expanded SIEM capabilities
New Packaging and Pricing
21
New Packaging Models Use Case Driven Packaging Metered by Throughput or Endpoints (ECAT only)
Perpetual & Subscription Terms available
SA - Network Monitoring & Forensics
SA - Log Monitoring & SIEM
ECAT - Endpoint Analytics
Appliances
This roadmap documents contains “forward looking statements” and are plans, not commitments © Copyright 2014 EMC Corporation. All rights reserved.
Storage
22
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.
