What's New in SecOps 1.2?
With General Availability of SecOps 1.2, RSA is enhancing SecOps with the following new capabilities:
- Integration with Incident Management for Security Analytics (IM for SA) – SecOps seamlessly integrates with "IM for SA". Now incidents can be escalated from "IM for SA" to SecOps for Breach Response or Remediation Tasks. Alternatively, a Security Analytics customer can also bypass "IM for SA" and manage the entire analyst / incident investigation workflow in SecOps. The combination of "IM for SA" and SecOps addresses the capabilities required at different stages as the customer matures their overall incident response, breach response and SOC program management functionality.
Overview of RSA Archer Security Operations Management (SecOps)
Advanced Persistent Threats (APTs) are the one constant and enterprises are centralizing incident-response teams to detect and respond to them. The Security Operations Center (SOC) is the centralized incident-response team reporting through the CSO/CISO and consisting of people, process, and technology.As customers design and deploy a SOC, there are challenges. Today, SOCs are event-focused and reactive because there is no centralization of alerts and incident management. Additionally, the incident-response team lacks business context, process, and people collaboration.As customers implement SOCs, a framework is required to seamlessly orchestrate the multiple roles, processes, and technologies. This framework should transform the overall SOC to be a consistent and predictable business process.
RSA Archer Security Operations Management (SecOps) enables enterprises to seamlessly orchestrate people, process, and technology to effectively respond to security incidents. Architected and designed by benchmarking world-class Security Operation Centers, the solution is SOC process and persona focused. SecOps enables organizations to manage the overall incident response, breach response, and SOC program that is aligned to business risk.From incident response to data-breach response, the SecOps solution enables organizations to manage the entire lifecycle with integrated business context and best-practices aligned with industry standards. The incident analyst, breach coordinator, and SOC manager have full visibility into the entire process lifecycle with focused workflows, dashboards, and reports.SOC Managers and the CISO can report on the overall effectiveness of the SOC program because they have full visibility to incidents and data breaches. Additionally, with intuitive dashboards, reports, and workflows, key stakeholders can be engaged throughout the incident-management process.The overall process from alert to incident investigation is automated, including workflows and integration with security-monitoring systems for alert aggregation. From a remediation perspective, any security incident requiring action from IT operations could be automated by integrating SecOps with ticket management systems.Using SecOps, an enterprise can manage the overall SOC program as a consistent and predictable business process.
Links to Previous Versions of SecOps
SecOps Integration Links
- Link to Incident Response Procedure Content provided by RSA Advanced Cyber Defense (ACD) Team
- Link to 3rd Party SIEM Integration
- Link to Breach Response Content
RSA, the Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention (DLP), continuous network monitoring, and fraud protection with industry leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.