RSA Archer SecOps 1.3 is Generally Available (GA) on November 9, 2015. With GA of SecOps 1.3, RSA is enhancing SecOps with the following new capabilities:
- Increased performance
- Increase in the number of security events processed into Archer records
- Easier to install and configure
- Combined middleware components into Unified Collector Framework (UCF)
- Automated certificate creation
- Simplified integration with 3rd party SIEM solutions
- Support Out-of-the-Box (OOTB) integration with IBM QRadar, McAfee Enterprise Security Manager and Splunk
- Enhanced Monitoring
- Monitor middleware (UCF) performance, detect issues and restart as needed
- Improved logging capabilities for UCF
Overview of RSA Archer Security Operations Management (SecOps)
Advanced Persistent Threats (APTs) are the one constant and enterprises are centralizing incident-response teams to detect and respond to them. The Security Operations Center (SOC) is the centralized incident-response team reporting through the CSO/CISO and consisting of people, process, and technology.As customers design and deploy a SOC, there are challenges. Today, SOCs are event-focused and reactive because there is no centralization of alerts and incident management. Additionally, the incident-response team lacks business context, process, and people collaboration.As customers implement SOCs, a framework is required to seamlessly orchestrate the multiple roles, processes, and technologies. This framework should transform the overall SOC to be a consistent and predictable business process.
SecOps enables enterprises to seamlessly orchestrate people, process, and technology to effectively respond to security incidents. Architected and designed by benchmarking world-class Security Operation Centers, the solution is SOC process and persona focused. SecOps enables organizations to manage the overall incident response, breach response, and SOC program that is aligned to business risk.From incident response to data-breach response, the SecOps solution enables organizations to manage the entire lifecycle with integrated business context and best-practices aligned with industry standards. The incident analyst, breach coordinator, and SOC manager have full visibility into the entire process lifecycle with focused workflows, dashboards, and reports.SOC Managers and the CISO can report on the overall effectiveness of the SOC program because they have full visibility to incidents and data breaches. Additionally, with intuitive dashboards, reports, and workflows, key stakeholders can be engaged throughout the incident-management process.The overall process from alert to incident investigation is automated, including workflows and integration with security-monitoring systems for alert aggregation. From a remediation perspective, any security incident requiring action from IT operations could be automated by integrating SecOps with ticket management systems.Using SecOps, an enterprise can manage the overall SOC program as a consistent and predictable business process.
Links to Previous Versions of SecOps
RSA is the Security Division of EMC and the premier provider of intelligence-driven security solutions. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges: managing organizational risk, safeguarding mobile access and collaboration, preventing online fraud, and defending against advanced threats. RSA delivers agile controls for identity assurance, fraud detection, data protection, robust Security Analytics and industry-leading GRC capabilities.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.