772
Back to Top

RSA Security Analytics - license

Mfg. Part: SA-SERVER-SW | CDW Part: 2983917 | UNSPSC: 43232804
$39,201.99Advertised Price
Lease Option ($1,060.41 /month) Lease Availability
Close

Have leasing questions? Let us know how can we help.

Note: Leasing is available to businesses only. Leasing is not available to individuals.
800.800.4239
Mon-Fri 7am-7:30pm CT
Availability:In Stock
Ships today if ordered within 15 hrs 19 mins
  • License
  • 10 users
View More
Product Overview
Main Features
  • License
  • 10 users
RSA Security Analytics helps security analysts detect and investigate threats often missed by other security tools. Leveraging the proven technology of RSA NetWitness, Security Analytics provides converged network security monitoring and centralized security information and event management (SIEM).

Security Analytics combines big data security collection, management, and analytics; full network and log-based visibility; and automated threat intelligence - enabling security analysts to better detect, investigate, and understand threats they often could not easily see or understand before.

Technical Specifications
Specifications are provided by the manufacturer. Refer to the manufacturer for an explanation of the print speed and other ratings.
General
Category: Networking applications
Subcategory: Network - monitoring & performance management

Header
Brand: RSA
Compatibility: PC
Manufacturer: Rsa Security
Packaged Quantity: 1
Product Line: RSA Security Analytics

Software
License Category: License
License Qty: 10 users
License Type: License

Product Reviews
RSA Security Analytics - license is rated 4.0 out of 5 by 3.
Rated 4 out of 5 by from The Alerting Module provides real-time event processing language on the logs/packets stream. Valuable Features:RSA NetWitness is a SIEM and real-time network traffic solution. It collects logs/packets and applies a set of alerting, reporting and analysis rules on them. Thus, it provides the enterprise with a full visibility of the networks and activities of the systems.Its main features/components are:* Investigation Module: It is the location where the SOC analysts can find all logs/packets captured in a time-frame, that are related/non-related and have drill-down/filtration capabilities all in one table, for investigation and analysis.* Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements.* Reporting Module: It provides advanced reporting capabilities.* Dashboard Module: It provides dashboards for specific activities on the systems and networks.* Command and Control Detection: In additional to identifying the C&C IPs through threat intelligence, NetWitness investigates the packets to determine any type of suspicious C&C communication, by using a feature called Automated Threat Detection.* Threat Hunting Package: By using this advanced technique, NetWitness automatically investigates all the service sessions, files/packets and then it identifies any IoCs, BoCs and EoCs.* Context Lookup: In order to give an overview during investigation, this feature highlights any value related to the previous alert, incident, RSA ECAT feed mentioned or even if it had any comment from the RSA community, that leads to detecting any recent attack (even if it is still not announced on threat intelligence).* Incident Module: It provides an automated incident handling utility to ensure that right actions have been taken to close the incident.* Malware Analysis Module: It provides a file analysis environment including sandboxing, community etc., so as to investigate more of the files captured through the environment traffic.Improvements to My Organization:As mentioned elsewhere, this product provides full visibility for the activities in the networks and systems. For example, it provides detection of the attacks in early stages (brute-force attacks), by which the attackers try to gain access to the systems, by trying to log in using different usernames and passwords (might be in a dictionary).Room for Improvement:* Out-of-the-box alerts and investigation rules* Health monitoring of the event sources and devices* Threat intelligence for data accuracyUse of Solution:I have used this solution for five years.Stability Issues:We encountered stability issues in the earlier versions, and much fewer in the newer versions.Scalability Issues:There were no scalability issues.Cost and Licensing Advice:The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs).Other Solutions Considered:I did not evaluate other solutions.Other Advice:The only thing I advise others is to spend enough time for fine-tuning and the initial rule development.You should also develop a plan for the ongoing development and fine-tuning, as found in all the other SIEM solutions.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are a sub-contractor.
Date published: 2017-10-23
Rated 4 out of 5 by from We can investigate incidents based on logs and raw packets. Valuable Features:* Full packet capture: A must in an SOC* Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network* Built-in Incident Management module for small security/SOC teams* Advanced correlation engine based on metadata flow: Provides nearly real time correlation* Rich reporting optionsImprovements to My Organization:* We can monitor all traffic to/from our company.* It is possible to track end user behaviour.* With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for processes inside the operating system.* Thanks to this tool, we have a small SOC running in our company.Room for Improvement:* Integration with external tools should be built-in, such as an external sandbox for files.* We can import data using external feeds, using STIX or CVS files.* The REST API is poor* The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.* RSA should improve backup options and High Availability architecture.* Data is stored on separate components without redundancy. It’s possible to have backup for data, but you have to use an external backup solution.Use of Solution:I have used this product for two and a half years.Stability Issues:The system is stable if you provide enough CPU, RAM, and HDD (IOPS). Sizing should be done by RSA Professional Services or by an experienced partner for Virtual Machines. The hardware is sized well.Scalability Issues:There were no scalability issues, but you have to know what you are doing. Proper network deployment is important. Metadata flows are quite big between internal system components. Of course, it depends on how many network packets and logs are logged into the system.Technical Support:I would give technical support a rating of 8/10. Sometimes you have to wait for an initial response, especially if it’s not a critical problem. But when they start investigating, they do it quite well.Previous Solutions:For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets, logs, endpoints, incident management module, correlation, reporting, and investigation available for analysts.)Initial Setup:It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.Cost and Licensing Advice:* Prepare use cases, i.e., what to do and how.* Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing.* Hardware is too expensive in my opinion (Eastern Europe). It’s cheaper to run virtual machines in a VMware environment. (Keep in mind that CPU, RAM, and especially HDD requirements must be matched.)Other Solutions Considered:We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.Other Advice:* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use.* Use RSA Professional Services or a partner. Don’t deploy alone.* A basic administration course is a must for all administrators.* System architecture may be very easy or very complex. Do sizing well with external help.Disclaimer: My company has a business relationship with this vendor other than being a customer:RSA Partner.
Date published: 2017-05-18
Rated 4 out of 5 by from We can investigate incidents based on logs and raw packets. Valuable Features:* Full packet capture: A must in an SOC* Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network* Built-in Incident Management module for small security/SOC teams* Advanced correlation engine based on metadata flow: Provides nearly real time correlation* Rich reporting optionsImprovements to My Organization:* We can monitor all traffic to/from our company.* It is possible to track end user behaviour.* With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for processes inside the operating system.* Thanks to this tool, we have a small SOC running in our company.Room for Improvement:* Integration with external tools should be built-in, such as an external sandbox for files.* We can import data using external feeds, using STIX or CVS files.* The REST API is poor* The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.* RSA should improve backup options and High Availability architecture.* Data is stored on separate components without redundancy. It’s possible to have backup for data, but you have to use an external backup solution.Use of Solution:I have used this product for two and a half years.Stability Issues:The system is stable if you provide enough CPU, RAM, and HDD (IOPS). Sizing should be done by RSA Professional Services or by an experienced partner for Virtual Machines. The hardware is sized well.Scalability Issues:There were no scalability issues, but you have to know what you are doing. Proper network deployment is important. Metadata flows are quite big between internal system components. Of course, it depends on how many network packets and logs are logged into the system.Technical Support:I would give technical support a rating of 8/10. Sometimes you have to wait for an initial response, especially if it’s not a critical problem. But when they start investigating, they do it quite well.Previous Solutions:For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets, logs, endpoints, incident management module, correlation, reporting, and investigation available for analysts.)Initial Setup:It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.Cost and Licensing Advice:* Prepare use cases, i.e., what to do and how.* Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing.* Hardware is too expensive in my opinion (Eastern Europe). It’s cheaper to run virtual machines in a VMware environment. (Keep in mind that CPU, RAM, and especially HDD requirements must be matched.)Other Solutions Considered:We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.Other Advice:* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use.* Use RSA Professional Services or a partner. Don’t deploy alone.* A basic administration course is a must for all administrators.* System architecture may be very easy or very complex. Do sizing well with external help.Disclaimer: My company has a business relationship with this vendor other than being a customer:RSA Partner.
Date published: 2017-05-18
  • y_2017, m_12, d_13, h_20
  • bvseo_bulk, prod_bvrr, vn_bulk_2.0.3
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_3
  • loc_en_US, sid_2983917, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdw
 
Adding to Cart...
12/14/2017 12:41:34 AM
^ Back to Top

Maximum 300 characters
An account manager will email you within one business day to confirm your request.

Your Quote has been submitted

What Happens Next? A confirmation email is on its way. Within one business day, you will be contacted by an Account Manager to finalize your quote.

Error!

Something went wrong.

Please try again later.