RSA ENVISION PLATFORM

Simplify compliance and optimize incident management

AT A GLANCE
The RSA enVision solution helps organizations to simplify their compliance program with regulationspecific, out-of-the-box reports and alerts for a multitude of regulations including PCI, HIPAA , SOX, and many others. The RSA enVision platform reduces the time and effort needed to collect and collate data by automating these tasks. In fact providing proof of compliance to internal and external auditors can be converted to selfservice by giving them direct access to the reports they need, whenever they need them.

The RSA enVision platform provides a centralized log management service that enables organizations to simplify their compliance programs and optimize their security incident management. The RSA enVision solution facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Organizations can simplify compliance by using regulation-specific, out-of-the-box reports, alerts and correlations rules. Reports can be scheduled to be delivered at a specific time or run on an ad-hoc basis. Alerts can be delivered through the intuitive user interface, via SMS, or email. Administrators dont have to be glued to the interface at all times. Auditors can even be granted read-only access to the enVision platform so that they can access the reports whenever they need them.

Security incident management is optimized by using the purpose-built incident management tool within the enVision platform. Incidents can be identified, tagged with evidence, and passed along through the organizations ticketing system. The RSA enVision platform is also integrated with RSA Archer eGRC enabling business context to be applied to each incident. Business context means applying relating incidents to larger business objectives. For example, how a finance server being out of compliance and being required to be offline effects end of the quarter revenue recognition. Additionally, when the need arises, the enVision platform provides forensic tools enabling unparalleled visibility into log archives helping to find the security threat needle in the haystack. By simplifying and optimizing key processes, the enVision solution empowers organizations to refocus on business-critical initiatives.

HOW DOES IT WORK?

It all starts with collection of the logs and events being generated by the devices in an organizations infrastructure. The RSA enVision platform offers market-leading, out-of-thebox log collection support for over 300 devices. Everything from network devices, servers, routers, storage, and databases to firewalls, intrusion prevention devices, and anti-virus softwarethe enVision platform has them covered. Do you have proprietary applications or services? Not a problem; the enVision solution provides a wizard-based tool to automate the collection from custom application and services as well. The platform continuously records and stores every event log, ensuring that each event is verifiably complete and accurate. Once logs are collected, the enVision platform permanently archives the log data, processes the logs in real time and generates alerts when it observes suspicious or otherwise notable patterns of behavior. Organizations can interrogate the full volume of stored data at any time. Data Sheet

With the RSA enVision platform, we now have a multi-layered view of all activities, enabling us to really prioritize our activities and provide a birds eye view on all sensitive customer and company data.
Chuck Cinco Managing Officer for Information Security Premier Bankcard

THE RSA ENVISION SOLUTION FOR COMPLIANCE

The RSA enVision Solution has been purpose built for the collection, archiving, and reporting on massive volumes of logswhich makes it a perfect fit for organizations facing IT compliance challenges. Regulations across geographies and industries vary significantly so its important to make sure your organization can keep up with all of their reporting requirements. The enVision solution helps to automate the compliance processes with out-of-the-box reports designed specifically for the regulations organizations are facing today, massively simplifying compliance programs. To achieve and maintain compliance, the enVision platform helps organizations to: Efficiently collect, protect, and store log data in a secure, non-filtered, and nonnormalized fashion. Provide summary and detailed reports for the mandated periods of time. Establish baseline levels of activity for the entire IT operation to define normal activity, making unusual levels and types of activity easier to detect. Alert on deviations from baseline activities, and detect complex patterns of potentially malicious activity across multiple, disparate devices. Perform forensic analysis on massive archives of log data for security incident and regulatory investigations. Automate incident management processes for close monitoring and correction of issues to make sure they are recorded, escalated, and corrected in a timely and thorough manner.

ES SERIES Description

ES 560 Stand-alone appliance 500 EPS

ES 1060 Stand-alone appliance 1000 EPS

ES 1260 Stand-alone appliance 1200 EPS

ES 2560 Stand-alone appliance 2500 EPS

ES 3060 Stand-alone appliance 3000 EPS

ES 5060 Stand-alone appliance 5000 EPS

ES 7560 Stand-alone appliance 7500 EPS

sustaineD events
per seconD

MaxiMuM Devices per

appliance

100

200

600

400

1500

750

1250

Simultaneous RSA enVision users storage

10

11

12

14

300 GB internal

300 GB internal

300 GB internal

300 GB internal

External storage required Yes

External storage required Yes

External storage required Yes

Virtualized appliance

Yes

Yes

Yes

Yes

RSA Data Sheet

page 2

ls series Description

LS A60 Application server appliance N/A N/A 16 N/A

LS D60 Database server appliance 30000 EPS 6144 N/A

LS L605 Local collector appliance 5000 EPS 1500 N/A

LS L610 Local collector appliance 10000 EPS 2048 N/A N/A

LS R601 Remote collector appliance 1000 EPS 512 N/A N/A

LS R602 Remote collector appliance 2000 EPS 1024 N/A N/A

LS R600.5* Remote collector appliance 500 EPS 256 N/A N/A

LS R600.1* Remote collector appliance 100 EPS 50 N/A N/A

sustaineD events
per seconD

MaxiMuM Devices per

appliance

Simultaneous RSA enVision users storage

NAS storage N/A required (NAS 3500/ NAS 7000) No No

Virtualized appliance

No

No

Yes

Yes

Yes

Yes

* Note: These remote collector appliances are only available as virtualized appliances

Product Specifications Operating environment Security-hardened, embedded Microsoft Windows 2003 Server standard Hardware Redundancy ES: ECC protected RAM LS: 8 GB fully buffered RAM ES/LS: redundant/hot-swappable fans, power supplies, and RAID-1 protected disks Environmental monitoring & management Networking IPMI 2.0 out-of-band management. 100% headless remote appliance management. ES: (2) 10/100/1000TX Ethernet ports included, up to (6) via add-on network interfaces LS: (6) 10/100/1000TX Ethernet ports Storage options Direct-attach 2.75 TB usable (see the RSA enVision DAS 2000 data sheet) Network-attach 3.5 TB to 7 TB usable (see the RSA enVision NAS data sheets) Regulatory and agency approval ISO9002 certified, UL1950, CSA22.2 no 950, EN 60950, FCCPart15
Class A, ICES-003 EN55024:1998, EIN55022:1998, EN50082-1,

VCCI V-3/2000.4, AS/NZS3548 Application software The RSA enVision platform, featuring RSA enVision LogSmart IPDB; realtime, inline correlation with automatic threat scoring; universal device support; over 1,100 standard reports with full report wizard; Event Explorer advanced visualization and forensic analysis tool; ILM protection, retention policy management, tiered storage support Redundant, load-sharing 400-watt power supplies, 120/240 volt auto-switching 29.3 x 17.5 x 3.4 inches, 74.4 x 44.5 x 8.6 cm (DxWxH) Rack-mount slide rails included (requires 4-post rack) Weight: 59 lbs, 24.5 kg Warranty 90-day hardware warranty extendable to five years with active maintenance contract
EMC2, EMC, the EMC logo, RSA, enVision, Archer, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other products or services mentioned are trademarks of their respective companies. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. h9037-3in1-ds-0112

Power options Physical

www.rsa.com