Security Meets Big Data: RSA's New Security Analytics System


In addition, RSA has designed a new graphical interface that displays suspicious events to a threat analyst for further investigation, and the processing engine learns over time how to prioritize them. The system will identify combinations of vulnerability information and other data to identify high-profile events an analyst needs to look at, said Amit Yoran, senior vice president and general manager of the security management and compliance business unit at RSA. RSA engineers spent almost two years building out the architecture, Yoran said, adding that the Hadoop platform was used because it is optimized for capturing data and building tables for efficient processing.

"We can stream millions of events per second through its clustering event processing engine and it can keep up with thousands of rules running," Yoran said. "It allows us to have an elegant set of rules to start out of the box."

RSA executives said the system will likely start at about $75,000 and increase depending on the capabilities and size of the deployment. The Bedford, Mass., company will offer large-scale deployments for the defense sector, government and the financial industry but the analytics capabilities also can be scaled down for smaller businesses, providing basic log-only and packet-capturing-only capabilities for short-term analytics. Data warehousing can be added as the business grows.

Channel partners, particularly if they have a systems integration arm, may be able to take advantage of the security data analytics approach, according to Enterprise Management Associate's Crawford. Systems integrators should take a close look at the form factor that they plan to deploy these products in when it comes to warehousing. "These warehousing architectures may not be as daunting as channel people might assume," Crawford said. "If they see the form factor and deployment opportunity and it fits with their strategy, it would be worth their while to dig a little bit more into these technologies."

RSA will still continue to sell its point products, said Bill Taylor, senior director, Global Channels and Alliances at RSA. But partners need to pay attention to the big data trend because it will play a lot more into security products in the future, opening up new opportunities for the channel, Taylor said.

"I think EMC is correct on its big data strategy and we're just following suit with our product sets," said Taylor.

PUBLISHED JAN. 30, 2013