368

RSA Security Analytics - license

Mfg. Part: SA-SIEM-P-T1 | CDW Part: 3863107 | UNSPSC: 43232804
$48,000.00SAVE $5,496.53
$42,503.47Advertised Price
Lease Option ($1,149.72 /month) Lease Availability
Close

Have leasing questions? Let us know how can we help.

Note: Leasing is available to organizations only. Leasing is not available to individuals.
800.808.4239
Mon-Fri 7am-7:30pm CT
Availability:In Stock
Ships same day if ordered before 4 PM CT
  • License
  • 50 GB per day
  • volume
  • Tier 1
  • 50-250 GB
View More
Product Overview
Main Features
  • License
  • 50 GB per day
  • volume
  • Tier 1
  • 50-250 GB
RSA Security Analytics helps security analysts detect and investigate threats often missed by other security tools. Leveraging the proven technology of RSA NetWitness, Security Analytics provides converged network security monitoring and centralized security information and event management (SIEM).

Security Analytics combines big data security collection, management, and analytics; full network and log-based visibility; and automated threat intelligence - enabling security analysts to better detect, investigate, and understand threats they often could not easily see or understand before.

Technical Specifications
Specifications are provided by the manufacturer. Refer to the manufacturer for an explanation of the print speed and other ratings.
General
Category: Networking applications
Installation Type: Locally installed
Subcategory: Network - monitoring & performance management

Header
Brand: RSA
Compatibility: PC
Manufacturer: Rsa Security
Packaged Quantity: 1
Product Line: RSA Security Analytics

Licensing
Hardware Pricing: 50-250 GB , Tier 1
License Pricing: Volume

Software
License Category: License
License Qty: 50 GB per day
License Type: License

Product Reviews
RSA Security Analytics - license is rated 4.0 out of 5 by 2.
Rated 4 out of 5 by from We can investigate incidents based on logs and raw packets. Valuable Features:* Full packet capture: A must in an SOC* Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network* Built-in Incident Management module for small security/SOC teams* Advanced correlation engine based on metadata flow: Provides nearly real time correlation* Rich reporting optionsImprovements to My Organization:* We can monitor all traffic to/from our company.* It is possible to track end user behaviour.* With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for processes inside the operating system.* Thanks to this tool, we have a small SOC running in our company.Room for Improvement:* Integration with external tools should be built-in, such as an external sandbox for files.* We can import data using external feeds, using STIX or CVS files.* The REST API is poor* The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.* RSA should improve backup options and High Availability architecture.* Data is stored on separate components without redundancy. It’s possible to have backup for data, but you have to use an external backup solution.Use of Solution:I have used this product for two and a half years.Stability Issues:The system is stable if you provide enough CPU, RAM, and HDD (IOPS). Sizing should be done by RSA Professional Services or by an experienced partner for Virtual Machines. The hardware is sized well.Scalability Issues:There were no scalability issues, but you have to know what you are doing. Proper network deployment is important. Metadata flows are quite big between internal system components. Of course, it depends on how many network packets and logs are logged into the system.Technical Support:I would give technical support a rating of 8/10. Sometimes you have to wait for an initial response, especially if it’s not a critical problem. But when they start investigating, they do it quite well.Previous Solutions:For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets, logs, endpoints, incident management module, correlation, reporting, and investigation available for analysts.)Initial Setup:It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.Cost and Licensing Advice:* Prepare use cases, i.e., what to do and how.* Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing.* Hardware is too expensive in my opinion (Eastern Europe). It’s cheaper to run virtual machines in a VMware environment. (Keep in mind that CPU, RAM, and especially HDD requirements must be matched.)Other Solutions Considered:We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.Other Advice:* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use.* Use RSA Professional Services or a partner. Don’t deploy alone.* A basic administration course is a must for all administrators.* System architecture may be very easy or very complex. Do sizing well with external help.Disclaimer: My company has a business relationship with this vendor other than being a customer:RSA Partner.
Date published: 2017-05-18
Rated 4 out of 5 by from We can investigate incidents based on logs and raw packets. Valuable Features:* Full packet capture: A must in an SOC* Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network* Built-in Incident Management module for small security/SOC teams* Advanced correlation engine based on metadata flow: Provides nearly real time correlation* Rich reporting optionsImprovements to My Organization:* We can monitor all traffic to/from our company.* It is possible to track end user behaviour.* With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for processes inside the operating system.* Thanks to this tool, we have a small SOC running in our company.Room for Improvement:* Integration with external tools should be built-in, such as an external sandbox for files.* We can import data using external feeds, using STIX or CVS files.* The REST API is poor* The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.* RSA should improve backup options and High Availability architecture.* Data is stored on separate components without redundancy. It’s possible to have backup for data, but you have to use an external backup solution.Use of Solution:I have used this product for two and a half years.Stability Issues:The system is stable if you provide enough CPU, RAM, and HDD (IOPS). Sizing should be done by RSA Professional Services or by an experienced partner for Virtual Machines. The hardware is sized well.Scalability Issues:There were no scalability issues, but you have to know what you are doing. Proper network deployment is important. Metadata flows are quite big between internal system components. Of course, it depends on how many network packets and logs are logged into the system.Technical Support:I would give technical support a rating of 8/10. Sometimes you have to wait for an initial response, especially if it’s not a critical problem. But when they start investigating, they do it quite well.Previous Solutions:For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets, logs, endpoints, incident management module, correlation, reporting, and investigation available for analysts.)Initial Setup:It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.Cost and Licensing Advice:* Prepare use cases, i.e., what to do and how.* Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing.* Hardware is too expensive in my opinion (Eastern Europe). It’s cheaper to run virtual machines in a VMware environment. (Keep in mind that CPU, RAM, and especially HDD requirements must be matched.)Other Solutions Considered:We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.Other Advice:* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use.* Use RSA Professional Services or a partner. Don’t deploy alone.* A basic administration course is a must for all administrators.* System architecture may be very easy or very complex. Do sizing well with external help.Disclaimer: My company has a business relationship with this vendor other than being a customer:RSA Partner.
Date published: 2017-05-18
  • y_2017, m_6, d_26, h_17
  • bvseo_bulk, prod_bvrr, vn_bulk_1.0.0-hotfix-1
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_2
  • loc_en_US, sid_3863107, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdwg
 
Adding to Cart...
6/28/2017 9:21:30 PM
^ Back to Top

Maximum 300 characters
An account manager will email you within one business day to confirm your request.

Your Quote has been submitted

What Happens Next? A confirmation email is on its way. Within one business day, you will be contacted by an Account Manager to finalize your quote.

Error!

Something went wrong.

Please try again later.