RSA Security Analytics leverages big data to address security challenges

On 30th January, RSA unveiled RSA Security Analytics – a granular analytics platform designed to help organisations defend their digital assets against today’s most sophisticated internal and external threats.

It has been built upon technology from the acquisition of NetWitness, using its analysis and detection capabilities, plus leveraging the power of big data analytics to create a security platform that will hopefully be the corner stone of next generation security operation centers.

Richard Nichols, regional sales director for UK and Ireland at RSA has said that organisations are facing more attacks than ever before and by using a big data warehouse, these businesses can do advanced analysis in real-time.

RSA Security Analytics gives users one tool for visibility by taking the best of Netwitness and combining it with the RSA envision platform, making it all about log collection and compliance at faster speeds and reduced costs.

This new platform is comprised of a data capture infrastructure and a separate security analytics warehouse. This warehouse itself is Hadoop based and allows companies to store and stage petabytes worth of structured and unstructured data. Security administrators will be able to look at this data from multiple vantage points to uncover threats that would otherwise be very difficult to discover using existing security tools.

Please find the press release here

A number of UK publications have covered the news:

TechWeek Europe: http://www.techweekeurope.co.uk/news/rsa-ibm-lead-big-data-security-intelligence-106073

SC Magazine: http://www.scmagazineuk.com/rsa-combines-siem-with-incident-visibility-to-create-security-analytics/article/278162/

Computerworld UK: http://www.computerworlduk.com/news/security/3423691/rsa-brings-big-data-analytics-security-threat-management/

CIO: http://www.cio.co.uk/news/3423700/rsa-brings-big-data-analytics-security-threat-management/

St Helen and Knowsley – A Model for Digitising Records in the NHS

The recent announcement around digitising records in the NHS was certainly a story which is familiar to our customer St Helen and Knowsley NHS Trust. This time last year we announced that they were the first trust in the UK to go paperless, supported by EMC.

At the time, Phil Corrin, Deputy CIO at St. Helens & Knowsley Health Informatics states that: “We always look to implement best-of-breed technology throughout the hospital, a fact that has won us awards within the healthcare and IT industry. We felt that EMC wasn’t just offering us a short-term fix to our storage problems, but actually helping us develop a long-term storage strategy. Choosing VMAX wasn’t just about us being able to store more information, but about how we can more effectively manage that storage.”

“Patient care is at the centre of every technology decision we take and we need to ensure that medical staff have access to the information they need, whenever they need it. As the Trust becomes increasingly digitised, our storage requirements are only going to increase, but we know that EMC VMAX will help us to rise to the challenge,”

Last week, to coincide with the announcement from Jeremy Hunt, Neil Darvill, director of informatics at St Helen and Knowsley, caught up with The Guardian’s Debbie Andalo to discuss the latest developments at the Trust and highlight the project with EMC as a model for other trusts to follow. You can read all about it here.

 

Cyber Security at the World Economic Forum

Francis Maude, minister for cyber security at the Cabinet Office, is participating in a number of events at the World Economic Forum’s annual meeting in Davos, Switzerland, aimed at bringing industry and governments together to tackle the global issue of cyber resilience and security. During his speech he discussed the transformative National Cyber Security Programme which is being put in to place and the secure online site Cyber-security Information Sharing Partnership as part of the plans.

Commenting on the proposed plans Rashmi Knowles CISSP, the Chief Security Architect, for RSA EMEA discussed some of the points that need to be considered to ensure this is managed carefully:

The Government’s national security strategy is a big step in the right direction in the battle against cyber-crime, but this latest update to provide a platform to share details of attacks will need to be managed carefully.

Finding the resources to manage this is hard and it also difficult to share details of cyber-attacks due to the confidential nature of the information. Businesses may be deterred by fears that their reputation will be left in tatters and competitors will profit as a result. Likewise, government agencies are restricted by data classification requirements and concerns that national-security will be jeopardised. 

The challenge is designing a way to deliver cyber-attack indicators. Creating a system that enables the distribution of confidential data to the broadest amount of people in a short amount of time and in a form that they can be interpreted is no easy task. Another difficulty is that the lifespan of a typical attack signature is short and once the attackers detect that it has been shared, they immediately stop using it so sharing mechanisms will need to be in real-time.

Finally, since the vast majority of critical infrastructure is owned by private organisations, I would advise that there needs to be a broader base of participation, including in the financial services, energy and utilities for example and there needs to be an incentive.

Here are the key ingredients for a successful exchange entity:

  • Trust among participants
  • A formalised structure (including charter, board members, leadership, and professional staff)
  • Adequate funding through government and/or membership fees
  • Established protocol and clear rules for information sharing
  • A legal framework in which to share confidential information (NDA, government safe harbor)
  • Standardised and reliable procedures for anonymising the confidential information distributed
  • Streamlined mechanisms for submitting and distributing information (secure portal, encrypted email, and/or digitally signed machine readable data)
  • Genuine participation through committed representatives and actual data contribution

Rashmi Knowles CISSP, the Chief Security Architect, for RSA EMEA