Previously, I wrote about “Next Generation Security Operations: Telescopes for the Lookouts” discussing lookouts such as real-time monitoring that watched everything going on inside and outside an organization as well as better methods and analytics to identify areas of surveillance. Recently, RSA announced its new RSA Security Analytics solution that effectively provides these lookouts.
Let’s take it a step further and examine a Security Operations team that finds a threat that affects multiple assets/devices in an organization. How does the security team focus their efforts and prioritize what group of assets should be the first to patch and remediate the vulnerability?
What if the security team had the business context of all the assets and devices in the organization? Understanding the connection of the devices to business processes, and ultimately what data is flowing through those devices, provides business context and will empower security teams to focus and prioritize their investigation and remediation efforts.
If you watched the Security Analytics launch demonstration video, the Security Analyst uses a solution called Asset Criticality Intelligence (ACI) to get the business context of assets. I’ve posted the video below.
ACI is the brainchild of RSA’s Critical Incident Response Center (CIRC). The security analysts figured out a way to use the asset criticality information from RSA Archer when prioritizing their investigative efforts. They took it one step further by taking that information and pushing it through RSA Live, making it automatically available during investigations. ACI eliminates the manual effort of trying to identify the business context of an asset. Subsequently, the security team can rapidly detect advanced threats in their environment and reduce the attacker free time on the critical assets.
ACI is a solution that was architected by practicing security analysts and it gives me great pleasure that RSA is able to offer this solution to our Security Analytics customers.
Oh wait, it doesn’t end there! Once the business context information is available in Security Analytics, a security analyst could use this information to define rules for alerts on a specific security event affecting a critical asset. For example, Zip Files being sent from a critical asset to a suspicious IP address. Once triggered, this security event can be sent over to Archer and managed using the rich incident management capabilities of Archer and effectively tracking progress and engaging the key business stakeholders throughout the investigation.
At RSA Conference today, RSA Asset Criticality Intelligence (ACI) and RSA Advanced Incident Management for Security (AIMS) are being announced. ACI provides the business context to the Security Operations Center and AIMS automates the incident management process once a security event is identified.
Effectively, this benefits both security and business teams when a security incident pops up. It helps the security team gain understanding of the business context of assets so they can prioritize their investigation efforts. In turn the business teams have an excellent view of their organization’s security posture by being aware and kept apprised of security incidents that affect the assets and information in their organization.
By putting in place “Telescopes for Lookouts” and providing business context and automating incident management, RSA is helping to bridge the gap between security and business teams.
Check out more on ACI and AIMS at the following link:advanced threats, data security, log analysis, network forensics, network monitoring, security analytics, security operations, security threats, siem