Bali Kuchipudi

What's New in RSA Security Analytics 10.6?

Blog Post created by Bali Kuchipudi Employee on May 23, 2016

At RSA Conference 2016, RSA announced Security Analytics 10.6 (SA 10.6).   SA 10.6 has the following new capabilities:

 

  • Rapid and Expanded Detection Capabilities
    • New behavior analytics and machine learning techniques incorporated on the Event

      Streaming Analytics (ESA) component to identify Suspicious Domains (Command and Control (C2) Activities).

    • Lateral Movement detection to identify suspicious Windows login activity to reveal

      lateral movement attempts within an enterprise.

    • Enhancements for ESA rule execution including optimizations for event time ordering and

      memory pooling and workflow enhancements for ESA Rule Builder.

 

  • Comprehensive and Prioritized Investigations
    • On-Demand Enrichment capabilities provides context from RSA ECAT, white/blacklists and

      previous identified incidents and alerts for prioritization and enrichment

      within investigations. This feature allows an analyst to quickly tie in context

      to help prioritize and gather context to help understand the full scope of the

      incident.

 

  • Improved Log Management Capabilities
    • Selective, granular log retention rules for reducing storage costs while still meeting

      retention requirements

    • Enhanced workflows for event source monitoring and troubleshooting. Includes centralized

      views for event source alarms and expanded alerting options.

 

  • Improved Platform Operations
    • Improved Upgrade Experience including streamlined workflows with additional insight and

      controls for the administrator.

    • Countless quality improvements and optimizations across the platform.   See

      release notes for a complete list.

 

For additional information, please see the following links:

Outcomes