Business Context and Incident Management for the Security Operations Center (SOC)

Categories: Advanced Security,Trusted Identity

By Bali Kuchipudi, RSA Consultant Product Marketing Manager, Security Management and Compliance

Today’s IT environments are more fluid and complex than ever. Security teams are faced with a flood of alerts and indicators across thousands of devices and massive volumes and varieties of applications and information types. It is more important than ever that the efforts of the security teams are prioritized such that threats that pose the biggest risk to the organization are investigated and resolved first.

So, how are security teams dealing with this? Yes, it is a Big Data problem and security teams must have full visibility, intelligence and governance to rapidly detect advanced threats and have an incident management process to prioritize, investigate and resolve security incidents. It is about prioritizing the efforts of the security teams by finding the right needle in a stack of needles.



At RSA Conference in February, we announced RSA Asset Criticality Intelligence (ACI) and RSA Advanced Incident Management for Security (AIMS), now I am thrilled to say that both these solutions are generally available. RSA Security Analytics is a transformative security monitoring and investigative solution that captures and analyzes all security related data as network packets and logs and fuses this with threat intelligence to speed up the detection of potential threats. With RSA ACI and RSA AIMS, the threats that pose the biggest risk to the most critical assets of the organization are prioritized and followed through by the security teams. These solutions provide a single-user interface for security analysts to use when investigating a security event;  the security analyst can engage key business stakeholders,  follow standard response procedures and document the resolution. For example, in the case of data exfiltration from a critical asset – the incident is automatically created, the asset owner can be notified of the exfiltration, and the IT team can be notified to close ports and kick-off the remediation process to remove any malware on the asset or patch the vulnerabilities. Additionally, while the security incident is being investigated, the various stakeholders are kept apprised of the situation through advanced reporting and dashboards.

RSA ACI and RSA AIMS bridge the gap between security and business teams so both teams are aligned in protecting the most critical assets and information of an organization.

This Thursday, March 21st, RSA will hold a live webcast called “Business Context and Incident Management for the Security Operations Center (SOC)”. You can register for this webcast here: It will provide you with an overview of RSA ACI and RSA AIMS and will also provide a live demonstration of both these solutions.