New Envision software from EMC/RSA is claimed to make alert logging and action easier for businesses that receive alerts from a hundred or more network infrastructure points. This is particularly useful for businesses subject to financial and other compliance regimes. They need to know quickly if some aspect of their IT is going AWOL and putting them at risk of fines or worse from regulators.
Envision customer American Modern Insurance Group (AMIG) writes physical damage insurance and monitors logs from over 300 devices across a variety of device types including firewalls, intrusion detection systems, and routers. It needs to collect and action security alerts from its infrastructure, as they relate to insurance products overseen by outside regulators and compliance agencies. The company is mandated by these authorities to manage, analyse and report on collected security log data.
EMC claimed that Envision simplified this process:
- Automatic real-time alerts, based on watchlists, flag policy violations as they occur, enabling real-time compliance.
- Watchlist alerting and reporting allowing watchlists to be created or imported to enhance security operational efficiency.
- Vulnerability and asset management integration adds vulnerability and asset intelligence and can reduce false positive alerts, enabling a better focus on real threats.
- Task triage and ticketing system integration provides an incident response system for more accuracy and quicker problem resolution. Any integration with a business' enterprise incident management system increases operational efficiency.
The product now helps eliminate the risk of interruption to log data collection through hot standby active/passive configurations. Envision can also be integrated with a range of networked storage products, like EMC's own, to provide easy-to-deploy, pre-configured storage package options. Customers can define log retention policies in the Envision platform that are automatically executed through EMC's storage product set, enabling collection-to-retirement management for security information.
Jon Oltsik, an Enterprise Strategy Group senior analyst, said: "The integration of the RSA Envision platform, with its new features and capabilities, and EMC's network storage offerings (facilitates the) convergence of security and storage technology (and) offers customers a cradle-to-grave approach for the management of security compliance log event data."
If you are a large company monitoring security-related alerts from many IT infrastructure devices and subject to compliance oversight, then EMC's Envision alert middleware could provide automated collection, filtering and action on logged events that makes compliance easier and more reliable.