RSA® Security Analytics Adds Real-Time Behavior Analytics

Enables Analysts to Detect Advanced Threats and Understand the Full Scope of the Compromise


  • Real-time behavior analytics engine designed to use machine learning to more rapidly spot and understand unknown attacks, accelerating response
  • Expanded investigation through context enrichment helps analysts to understand the complete scope of a threat actor's intrusion to enable effective and rapid eradication of the threat
  • Improved detection of lateral movement by threat actors before they can expand their foothold within the enterprise as they attempt to exploit vulnerabilities


RSA, The Security Division of EMC (NYSE:EMC), today announced that RSA® Security Analytics now offers a real-time behavior analytics engine that is designed to expedite detection of advanced attack activities. Using machine learning techniques, the engine is built to able to rapidly spot key aspects of advanced threats without specific foreknowledge of the attack or reliance on signatures, rules, or intelligence watchlists. In addition, RSA Security Analytics has been engineered to be enhanced to fuse network, endpoint and log visibility with real-time insights into suspicious processes and analyst findings – helping to enable the discovery of the full scope of a threat actors' activity within the enterprise.

RSA Security Analytics' new real-time behavior analytics engine is designed to identify specific anomalous activities and behaviors and creates incidents for investigation, without the need for data scientists. Leveraging deep packet-level visibility and data science techniques to spot behaviors such as compromised systems and the use of covert channel communications, security teams can detect sophisticated threats faster.

RSA Security Analytics is engineered to make it easier for organizations of any maturity to more rapidly differentiate normal behavior patterns from beaconing domains, Command and Control (C2) activities, and other high-risk anomalies. For example, by combining the log data of Windows® operating systems and insight into the ways Windows logins may be manipulated to facilitate privilege escalation, the analytics engine in RSA Security Analytics is designed to be able to spot attempts at lateral movement and finds malicious actors.

RSA Security Analytics is engineered to enable rapid investigation and compromise scoping by fusing real-time incident and endpoint context into an investigative workflow. These capabilities make it difficult for threat actors to change their tactics and evade detection. By bringing together network, log and endpoint data enriched with real-time insights into suspicious processes and incident information, an organization can far more effectively understand the full scope of compromise and eradicate the threat actor completely from their enterprise.


The next version of RSA Security Analytics that include these features will be available in Q1 2016.

For more information, please visit RSA Security Analytics.

Executive Quotes:

Grant Geyer, Senior Vice President, Products, RSA

"The changing compute paradigm enables advanced attackers to infiltrate the enterprise without setting off alarms. While rule-based analytics are an important starting point, they aren't sufficient to spot stealthy attacks. By leveraging network packet-level visibility and data science techniques to spot anomalous behavior, RSA Security Analytics and its new behavioral analytics engine is designed to enable security teams to detect sophisticated threats faster, connect the dots between network, endpoint, and log data, and fully understand the scope of compromise."

Analyst Quote

Jon Oltsik, Senior Principal Analyst

"Behavior Analytics is emerging as a critical threat detection capability for attacks that evade traditional monitoring technologies. Having a comprehensive view of user and entity behavior, along with the knowledge of threat actor tools, tactics and procedures, security teams can more effectively identify potential attacks, in real time, and avoid drowning in data and alerts."

Partner Quote

Lisa Roger, Vice President, Commercial Cyber Security, Leidos

"Security teams need an easier, more effective way to detect anomalous network, endpoint, and user behavior. This gives security teams the ability to pinpoint potential threats before they cause damage. Our goal is to provide a powerful behavioral analytics engine for our customers' threat detection and response needs. RSA's Security Analytics will help us do just that, enabling our customers, at all maturity levels, to expand their security analysts skills to more rapidly and wisely focus their response to both known and unknown threats."



RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA's award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) risks associated with the proposed acquisition of EMC by Denali Holdings, Inc., the parent company of Dell, Inc., including, among others, assumptions related to the ability to close the acquisition, the expected closing date and its anticipated costs and benefits; (ii) adverse changes in general economic or market conditions; (iii) delays or reductions in information technology spending; (iv) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) component and product quality and availability; (vii) fluctuations in VMware, Inc.'s operating results and risks associated with trading of VMware stock; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (x) the ability to attract and retain highly qualified employees; (xi) insufficient, excess or obsolete inventory; (xii) fluctuating currency exchange rates; (xiii) threats and other disruptions to our secure data centers or networks; (xiv) our ability to protect our proprietary technology; (xv) war or acts of terrorism; and (xvi) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.