IBM® Security Guardium Data Security and Protection
IBM Security Guardium Data Activity Monitor prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect data across the enterprise, without changes or performance impact to data sources or applications. Guardium Data Activity Monitor protects data wherever it resides, and centralizes risk controls and analytics with a scalable architecture that provides 100% visibility on data activity. It supports the broadest set of data source types, and it is the market leader for big data security solutions.
- Uncover risks to sensitive data
- Monitor and audit all data activity - for all data platforms and protocols.
- Enforce security policies in real time - for all data access, change control and user activities.
- Create a centralized normalized repository of audit data - for enterprise compliance, reporting and forensics.
- Support heterogeneous data environments - all leading databases, data warehouses, files applications and operating systems, including big data environments (Hadoop and NoSQL).
- Readily adapt to changes in your data environment
IBM® QRadar® Security Intelligence Platform
Detect and defend against network security threats with Sense Analytics
IBM QRadar Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management. It uses an advanced Sense Analytics Engine to detect advanced threats while providing greater ease of use and lower total cost of ownership.
- A single architecture for analyzing log events, netflows, network packets, vulnerabilities, user and asset data.
- Real-time correlation employing Sense Analytics to identify high-risk threats, attacks and security breaches.
- Prioritization of high-priority incidents among billions of daily data points received.
- Proactive analysis of existing risks due to device configurational issues and known vulnerabilities.
- Automated incident response.
- Automated regulatory compliance with data collection, correlation and reporting capabilities.
RSA Authentication Manager
Utilizing the widest range of RSA SecurID authenticators, RSA Authentication Manager provides two-factor user authentication to more virtual private networks (VPN's), wireless networks, web applications, business applications and operating environments than any other system available today.
- RSA SecurID® Hardware Tokens - Take advantage of the industry's highest-quality hardware tokens to protect high-value applications.
- RSA SecurID® Tokenless Authentication - Deliver seamless and invisible risk-based authentication to nontraditional end users.
- RSA SecurID® Software Tokens - Gain control of your mobile and bring your own device (BYOD) environment.
- RSA SecurID® Authentication Agents - Explore the largest two-factor authentication partner ecosystem worldwide.
RSA Authentication Manager 8 delivers the world class strength of RSA SecurID Authentication technology and now also offers a risk engine to meet the challenges and needs of today's organizations.
RSA SecurID® Access
Safe, frictionless access to today's SaaS (Software as a Service), mobile, on-premise and web apps
RSA SecurID® Access seamlessly verifies user identities with policy-based contextual assessments and strong authentication via smart mobile devices to deliver on demand, one-click SSO (Single Sign-On) access to standard and non-standard SaaS, Web, on-premise and mobile applications. A hybrid-cloud approach allows organizations to maintain control of the privacy and security of identities, combating one of the main hurdles to adopting a cloud solution.
RSA SecurID® Access allows you to open the door to a new generation of SaaS, mobile and web applications, armed with the same confidence and security with which you deliver on-premise applications.
RSA SecurID® Access delivers higher security without forcing users to struggle through inconvenient authentication and access hoops. It ensures easy access to the many RSA SecurID® Access-certified SaaS applications and to mobile, web and on-premise applications.
- Consistently enforcing access controls and strong authentication.
- Providing on-premise levels of access protection for your SaaS applications.
- Delivering a simple end user authentication experience from iOS and Android mobile devices.
- Accommodating a wide range of requirements for context-based access security.
- Automatically aligning authentication choices to the risk of the access request with suggested and customized identity assurance levels.
RSA Archer Governance, Risk, and Compliance
In today's competitive market, risks are changing dramatically and are increasingly more complex. RSA Archer empowers organizations to manage multiple dimensions of risk on one configurable, integrated platform.
- IT and Security Risk Management - To address the complex digital risks today, your organization must establish business context and policies for IT and security and manage IT risks, vulnerabilities and security incidents.
- Enterprise and Operational Risk Management - Bring risk information together from siloed risk repositories to identify, assess, evaluate, treat, and monitor risks in one central solution.
- Regulatory and Corporate Compliance - An integrated approach ensures controls are defined, implemented and measured to meet constantly changing compliance obligations.
- Audit Management - A consistent, risk-based approach drives greater efficiency in the execution of your audit program.
- Business Resiliency - An integrated approach to business resiliency will lessen the impact of disruptions and crisis events on your organization.
- Third Party Governance - Manage your third party relationships and engagements while reducing risks and monitoring performance.
- Public Sector Solutions - Leverage people, process, and technology to build an integrated approach to Assessment & Authorization, Continuous Monitoring and overall risk management.
- GRC Platform - Common taxonomies, processes, and data stores streamline risk and compliance functions in your business, ensuring risk is managed effectively and efficiently.
Advanced Threat Detection and Response with RSA NetWitness® Logs and Packets
Spotting Advanced Threats with Behavior Analytics and Data Science Modeling
To detect advanced attacks, multiple data types such as network packets, logs, endpoint, and cloud data need to be combined. These data sources provide the ability for RSA NetWitness® Logs and Packets to discover attacks missed by log-centric SIEM and signature-based tools with the only solution that can correlate all of the needed data sources and apply advanced behavioral techniques and data science models. Using these advanced techniques in combination can provide security teams with speedier detection and all the visibility required to respond to advanced, but common attack tools that employ convert channels with C2 threats.
- Provide complete visibility to identify and investigate attacks
- Eliminate blind spots with visibility across logs, networks, and endpoints
- Inspect every network, packet session and log event for threat indicators at time of collection with capture time data enrichment
- Augment visibility with additional compliance and business context
- Detect and analyze even the most advanced of attacks before they can impact the business
- Discover attacks missed by traditional SIEM and signature-based tools by correlating network packets, NetFlow, endpoints and logs
- Identify endpoint malware missed by conventional AV in real-time
- Start finding incidents immediately with out-of-the-box reporting, intelligence, and rule
- Identify high risk indicators of compromise by harnessing the power of big data and data science techniques
- Take targeted action on the most important incidents
- Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue
- Prioritize investigations and streamline multiple analyst workflows in one tool
- Maximize your team's potential by implementing RSA's best practice-based security operations management tools and training.
RSA ECAT for Endpoint Security
Expose Advanced Threats through Behavior-based detection
RSA ECAT is a continuous endpoint solution providing contextual visibility beyond a single alert to provide incident responders and security analysts a full attack investigation platform to detect and respond in real-time against advanced attacks, known and unknown as well as malware and non-malware threats.
- Monitor & alert in real-time. RSA ECAT continuously monitors endpoint activity, both on and off corporate network, and can alert on suspicious activity in real time, providing and early warning about potential compromises.
- RSA ECAT will automatically start a scan of the system whenever a new, unknown file loads on any endpoint.
- Baseline your environment and maintain a global repository of all files found. With RSA ECAT, security analysts have the flexibility to whitelist known-good (trusted) files and filter them from view during an investigation, and also blacklist known-bad files and IP's, so they will be automatically flagged if found on any endpoints.
- Determine the scope of compromise instantly. RSA ECAT identifies all other endpoints that were infected, enabling security teams to instantly know how far the malware spread.
- RSA ECAT quickly gathers critical data needed for a forensic investigation.
- Block with precision. RSA ECAT identifies the exact location of malicious files for precise remediation.