At RSA Conference 2016, RSA announced Security Analytics 10.6 (SA 10.6). SA 10.6 has the following new capabilities:
- Rapid and Expanded Detection Capabilities
New behavior analytics and machine learning techniques incorporated on the Event
Streaming Analytics (ESA) component to identify Suspicious Domains (Command and Control (C2) Activities).
Lateral Movement detection to identify suspicious Windows login activity to reveal
lateral movement attempts within an enterprise.
Enhancements for ESA rule execution including optimizations for event time ordering and
memory pooling and workflow enhancements for ESA Rule Builder.
- Comprehensive and Prioritized Investigations
On-Demand Enrichment capabilities provides context from RSA ECAT, white/blacklists and
previous identified incidents and alerts for prioritization and enrichment
within investigations. This feature allows an analyst to quickly tie in context
to help prioritize and gather context to help understand the full scope of the
- Improved Log Management Capabilities
Selective, granular log retention rules for reducing storage costs while still meeting
Enhanced workflows for event source monitoring and troubleshooting. Includes centralized
views for event source alarms and expanded alerting options.
- Improved Platform Operations
Improved Upgrade Experience including streamlined workflows with additional insight and
controls for the administrator.
Countless quality improvements and optimizations across the platform. See
release notes for a complete list.
For additional information, please see the following links:
- Press Release
- Link to RSA SA 10.6 Training
- Link to RSA SA 10.6 Documentation Space