RSA, The Security Division of EMC, has announced that RSA Security Analytics now offers a real-time behaviour analytics engine that is designed to expedite detection of advanced attack activities.
Using machine learning techniques, the engine is built to able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watchlists.
In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings – helping to enable the discovery of the full scope of a threat actors’ activity within the enterprise.
RSA Security Analytics’ new real-time behavior analytics engine is designed to identify specific anomalous activities and behaviors and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviors such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.
RSA Security Analytics is engineered to make it easier for organizations of any maturity to more rapidly differentiate normal behavior patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows operating systems and insight into the ways Windows logins may be manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.
RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organization can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.