Skip navigation
All Places > Products > RSA Archer Suite > Blog > Author: Wesley Loeffler

RSA Archer Suite

2 Posts authored by: Wesley Loeffler Employee

Consolidated compliance and security monitoring

Managing the security and compliance of an IT infrastructure has become one of the most time-consuming and important tasks for IT security professionals. Firewalls, vulnerability scanners, intrusion detection systems, and compliance checks are powerful tools for safeguarding your critical IT assets. However, these tools are only as effective as your organization’s capacity to monitor, prioritize, and respond to crucial events. These tools often produce thousands of findings each day, leaving security teams to sort through alerts from various devices and identify which findings require action.

 

AWS solves this problem by consolidating compliance checks and security findings from Security Hub, GuardDuty, and other products into a centralized location. Findings flowing into Security Hub from GuardDuty, IAM Access Analyzer, Macie, and partner offerings are all standardized into the AWS Security Findings Format. This standardized format eliminates the need for manual data conversion and simplifies the process of transferring data into external environments. The AWS Security Hub integration with RSA Archer enables organizations to automatically import data directly into RSA Archer.

 

How it works

AWS Security Hub runs automated configuration and compliance checks based on industry standards such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. The checks provide real time compliance scores and identify devices and accounts requiring attention.

 

GuardDuty is a managed threat detection service that uses machine learning to safeguard critical AWS accounts and services from malicious activity and other security threats. GuardDuty monitors activities and logs issues within the AWS environment, provides recommended remediation actions, and assigns numeric severity values to these issues. Issues are then categorized into three severity levels based on the criticality and type of threat detected.

 

Leveraging cutting-edge technology

Prior to being routed into RSA Archer, Security Hub and Guard Duty findings flow into Simple Queue Services (SQS) Queues, which is a distributed message queuing service developed by Amazon. These queues offer a nearly unlimited number of API calls per second, and due to their distributed nature, they provide virtually unlimited throughput. Server-side encryption is available to protect the contents in SQS queues and can be configured using the AWS Key Management Service. These queues are extremely affordable and future proof the RSA Archer integration. Additional AWS Security Hub products and third-party offerings can be directly transferred from these queues into RSA Archer.

 

From AWS Security Hub to RSA Archer

The RSA Archer integration with AWS Security Hub provides users with the ability to leverage compliance checks and security findings in their RSA Archer environment. The Security Hub data feed ingests findings from Security Hub into the Configuration Check Results application. Check Results are then mapped to the technology baselines such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. GuardDuty security findings are routed into the new Potential Unauthorized Activity on-demand application.

 

Both Security Hub and GuardDuty findings can be grouped into tickets and formally remediated through the RSA Archer exception requests and remediation plans workflows. The integration also leverages RSA Archer’s new charting engine, which was introduced in version 6.7.  

 

Security Hub Dashboard

 

Interested in learning more about the AWS Security Hub Integration with RSA Archer?

Listen to a recording or check out the presentation of a Free Friday Tech Huddle that covered the AWS Security Hub integration with RSA Archer. Free Friday Tech Huddles are only available to RSA Archer customers. if you are not yet a customer but are interested in learning more, please contact your local representative or authorized reseller - or visit us at www.rsa.com.

With data breaches increasing at a record pace, an Information Security Management System (ISMS) has transformed from an IT buzzword into a necessity for most organizations. According to a report recently released by the Identify Theft Resource Center, there were nearly 1,600 data breaches reported in the United States in 2017. This represents an increase of 44% from figures reported in 2016.  More alarming is the average cost of a breach, estimated to be roughly $3.6 million per incident, according to a report conducted by Ponemon Institute. These numbers are only expected to increase in 2018, necessitating a proactive approach to cybersecurity.

 

To address the increasing occurrence of data breaches, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) published an updated version of ISO 27001 in 2013. Part of the ISO 27000 family of standards, ISO 27001 outlines the policies, processes, and procedures required to implement an ISMS. Regardless of organizational size or type, ISMS can be applied to secure information assets and manage information in all its forms. Organizations that meet these standards may pursue ISO 27001 certification following a successful audit. Not only is certification useful for protecting valuable data and information assets, but ISO 27001 covers many of the requirements necessary to adhere to the new General Data Protection Regulation (GDPR) that will be in effect May 25, 2018.

 

ISMS Dashboard

ISMS Dashboard

 

To account for updates to ISO 27001, we have released an enhancement to our Information Security Management System offering in version 6.4, released last week. Features new to the release include:

  • Automatic risk scoping that allows for the simultaneous generation of ISMS risk and control records.
  • ISMS Risks application that generates a snapshot of each risk facing ISMS assets at a point in time.
  • ISMS Controls application that catalogs all control procedures applied to risks.
  • ISMS Audit application that provides a taxonomy for reviewing risks and controls, generating findings, and applying exception requests.
  • ISO 27001 questionnaire that identifies key gaps in the organization’s risk posture.
  • Ability to apply ISO 27002 control procedures to mitigate inherent risks.
  • Personas and record permissions necessary to managing an ISMS and enforcing role-based access control.
  • Generation of a Statement of Applicability that can be provided to external auditors for ISO 27001 certification.

 General Information

ISMS General Information Section

 

There are three components crucial to managing an ISMS:   

  • Determining key organizational assets                               
  • Identifying potential risks
  • Applying mitigating controls                        

 

As an organizational ISMS continues to evolve, these components must be regularly evaluated and refined to ensure risks facing crucial assets are properly mitigated. The RSA Archer ISMS use case sits at the convergence of these components, allowing users to seamlessly scope assets and stakeholders, manage inherent risk, and apply mitigating controls from a library of ISO 27002 content.

 

With RSA Archer ISMS users can:

  • Protect the confidentiality, availability, and integrity of data
  • Reduce costs associated with information security
  • Provide a centrally managed framework for information security
  • Ensure that information in all forms are secured

 

Interested in learning more? Join us for our Free Friday Tech Huddle this Friday, April 27 to hear more about the offering and see a live demo. The Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.

Filter Blog

By date: By tag: