RSA Preps EnVision For SIEM Market Battle

security information and event management (SIEM)

Compliance pressures and the emergence of stealthy attacks mean that companies must collect and analyze millions of events a day generated by the devices on their networks. And because the event data is regulated, strong information management tools that can handle internal and external compliance requirements are needed, said John Worrall, vice president of the information and event management business unit at RSA.

The new EnVision platform, launched Monday, includes hooks that allow it to plug into EMC's storage and information management products, Worrall said.

EnVision has also been fortified with high availability to ensure that organizations don't suffer downtime during the data collection process and with real-time correlation to help administrators identify patterns quickly and more effectively, according to Worrall.

"Real-time correlation lets us look at set of behaviors, not just individual data points, and pull them together," Worrall said.

John Menezes, president and CEO of Cyberklix, a Mississauga, Ontario, solution provider and MSP that offers a managed SIEM service using the EnVision platform, said high availability and event correlation make it possible to process hundreds of millions of event records without affecting performance.

The new EnVision platform is based on Windows Server 2003, which offers a huge performance upgrade from the previous Windows 2000-based version, Menezes added.

In the future, compliance-friendly features like application-level event logging will make the EnVision platform even more effective, according to Menezes.

"Application-level logging is an area that has been ignored for a long time. But now, with compliance issues, there is a lot of input in the application because that's where all the data is," he said.

EnVision is a key offering for EMC, and some channel partners said last month that RSA's channel reps were strong-arming them into dropping competing SIEM solutions from their product portfolios. However, RSA denied that it was asking its partners for SIEM exclusivity.

RSA has made "major strides" in shaping EnVision into a channel-friendly offering by making the product available through distribution and building a stable of channel partners with the level of expertise needed to deploy SIEM, said Chris Clinton, director of worldwide channels.

"It's important for us to find channel partners that have strong services-based businesses, and we'll be making a major investment in partners that have stepped up and taken on EnVision," Clinton said.

Pricing for the EnVision platform wasn't disclosed, but a spokesperson said it depends on the application and the number of devices supported.