RSA Archer Cyber Incident & Breach Response

Document created by Christopher Dodge Employee on Feb 21, 2018Last modified by RSA Link Admin on Sep 18, 2020
Version 5Show Document
  • View in full screen mode

Use case for IT & Security Risk Management



RSA Archer Cyber Incident & Breach Response enables you to centrally catalog organizational and IT assets, establishing business context to drive incident prioritization and implement processes designed to escalate, investigate, and resolve declared incidents effectively. The use case is designed for teams to work effectively through their defined incident response and triage procedures and prepare for data breaches.  


With RSA Archer Cyber Incident & Breach Response, declared cyber and security events get escalated quickly and consistently. Advanced workflow and insight to declared cyber and security incidents velocity allow more efficient utilization of security team resources resulting in faster response, analysis, and closure rates for critical security incidents. With improved processes and capabilities, the security team can more effectively leverage existing infrastructure such as SIEMs, log and packet capture tools and endpoint security technologies to focus on the most impactful incidents. These capabilities improve the preparedness of security teams in the case of serious incidents involving potential data breaches, increasing the return on infrastructure investments while lowering overall security risk.


Key Features

  • Centralized catalog of organizational and IT assets
  • Defined incident response lifecycle support with advanced workflow, escalation, and response procedures
  • Central repository and taxonomy to manage processes related to security alerts
  • Integration with SIEM / log / packet capture infrastructure
  • Investigation support including incident journals and forensic analysis tracking
  • Issues management for IT operations
  • Breach risk assessments


Key Benefits

  • Reduce effort to triage and remediate incidents
  • Improve accuracy of consolidated incident analysis and reporting
  • Reduce time and effort for SOC staff to escalate and respond to security alerts
  • Improve posture for breach response readiness
  • Lower security risk




  • RSA Archer Release 6.4 or later


For More Information

To learn more about RSA Archer Cyber Incident and Breach Response:


To learn more about how RSA products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller—or visit us at If you are an existing RSA Archer customer and have questions or require additional information about licensing, please contact RSA Archer at