According to the Verizon 2012 Data Breach Investigations Report, of the 855 breaches investigated in 2011, 85% took several weeks or more to be discovered and 92% of incidents were first discovered by a third-party. RSA Advanced Cyber Defense Services are designed to help businesses prepare for, discover and respond to these threats, with a methodical and repeatable approach that is designed to minimize risk and the business impact of incidents.
Built on RSA's experience as well as real-world situations, RSA Advanced Cyber Defense Services are designed to handle today's changing security landscape. Using a multi-tier threat-based approach, this portfolio of services focuses on the protection of crucial business assets by applying proven operational strategy to address the lifecycle of a breach from front line cyber breach preparedness to breach remediation and prevention.
Combining a flexible threat-based platform, increased visibility and agile controls, businesses can manage threats throughout the enterprise, leverage advanced monitoring and high-speed analytics to achieve a better understanding of their security posture, as well as adjust controls to meet changing threat environments.
Key components include:
Breach readiness – focuses on an organization's advanced threat preparedness, operational breach response and management capabilities supplemented with a maturity analysis and program design.
Incident response and discovery – built off threat-intelligence research from the RSA NetWitness platform and utilizing recently acquired endpoint monitoring technology from Silicium Security, RSA takes a holistic approach to incident response comprised of advanced threat discovery, response and remediation across the network and host, tailored to include tactical attack surface enumeration, high-value target identification and exploitation defense measures.
Cyber-threat intelligence – leverages threat intelligence and advanced analytics to create a proactive approach to identifying threat artifacts and anomalies that reside in large volumes of data to determine the root vector, targeting motive and severity of an attack.
Breach management – provides workflow automation and the processes and procedures used for a closed-loop incident handling process using the RSA Archer Threat Management and Incident Management solutions.
Identity Infrastructure Information (I3) – helps address secure privileged account management, secure communications, information rights/data classification and post-breach active directory remediation and security.
Next Generation Security Operations Center (SOC) design and implementation – utilizes proven tactical implementation methods and leverages RSA SOC practitioners to design, operate, train, and eventually transition operations to an organization.