Because for us
security is not just a product
It's a process.

Security Analytics

Detect & Investigate Threats.

To raise their game security teams need more effective threat detection and significantly faster investigations. Security teams need a system that can collect and manage a huge volume and wider scope of security data which will lead them to the most pressing security risks for their enterprise in the shortest amount of time. In the same vein, security teams need automated access to the best threat intelligence about the latest tools, techniques, and procedures in use by the attacker community and have this intelligence be immediately actionable through automated-enrichment on ingestion of telemetry. And they need this in one integrated security system, not multiple ones. When prevention fails all that is left is fast detection, investigation and remediation.


RSA Security Analytics is a security solution that helps security analysts detect and investigate threats that are often missed by other security tools. By combining big data security data collection, management, and analytics capabilities with full network and log-based visibility and automated threat intelligence, security analysts can better detect, investigate, and understand threats they could often not easily see or understand before. Ultimately this improved visibility and speed helps organizations reduce an attackers’ free time in their computing environment from weeks to hours, thus dramatically reducing the likely impact of an attack.

Unlike perimeter or signature based security solutions, which struggle to keep up with current risks, especially targeted attacks, RSA Security Analytics helps analysts discover “interesting” or “anomalous” behavior without being dependent on having foreknowledge of the attackers specific instances of malware or attack steps.

RSA’s security approach is akin to removing the “hay” (known good) until only “needles” (likely bad issues) remain, as opposed to traditional security approaches which attempt to search for needles in a giant haystack of data. Furthermore RSA Security Analytics helps analysts quickly understand alerts and unusual activity by correlating them with with network, log and event data as well as the most up-to-date threat intelligence.

The highly visual interface of RSA Security Analytics unifies security analysis, such as detection, investigation, alerting, reporting, and content and system administration into a single browser-based interface which puts enterprise-level visibility directly into the hands of the security analysts. This significantly increases the efficiency and effectiveness of the analysts as they don’t have to flip from security tool to security tool to do their jobs. In short RSA Security Analytics takes traditional log-centric SIEM and re-conceives it and brings it forward to address the realities of today's threat landscape.


RSA Security Analytics enables comprehensive security monitoring, incident investigation, long term archiving and analytics, malware analytics, and compliance reporting via a unified, browser-based interface. It enables security analysts, whether part of a Security Operations Center (SOC), incident response team or neither, to be more effective and efficient in their job of protecting the organization's digital assets and IT systems.


  • Provides a single platform for capturing and analyzing large amounts of network, log, event, and other data
  • Powerful streaming analytics for incident detection and alerting.
  • Integration with RSA ECAT to extend detection and investigations to endpoints.
  • Integration with RSA Security Operations Management for incident remediation.
  • Automatically generates alerts to suspicious behavior by applying analytics and by leveraging external threat intelligence (delivered via RSA Live) fused with internally collected security data.
  • RSA Live provides: security reports, open source community intelligence, command & control reports, exploit kit identification, blacklists, APT tagged domains, suspicious proxies, and others.
  • Applies business context to security investigations helping analysts better prioritize their work.