It’s been a busy few weeks for EMC’s RSA security division, what with reporting financial results (revenue up 3% year over year), replacing its president, and buying a couple of companies, but somehow it’s found time to make some product news, just in time for Black Hat USA 2013. Based on technology acquired from Silicium Security last September, RSA ECAT (V3.5) is an innovative endpoint compromise assessment and monitoring tool that enables enterprises to detect and respond to advanced malware, said Meghan Risica, Senior Product Marketing Manager, RSA. To ship in August, it provides signature-less malware detection, using live memory analysis, network traffic statistical analysis and other techniques to find what AV and other signature-based products miss.
In May RSA unveiled ECAT V3.4, but that was focused on existing Silicium customers, said Risica. The release included support for YARA rules, enabling the creation of descriptions (rules) based on textual or binary patterns. If there’s a match between the file submitted and one or more of the YARA rules, then the suspect level of that file is raised, raising the overall suspect level of that scanned machine.
The addition of a signature capability for the signatureless ECAT enables it to more effectively mask good activity that doesn’t need to be investigated, or highlight suspicious activity and components. With YARA rules, if the threat shared some attributes with a previously investigated threat for which rules had been written, then this would raise the suspect level of the machine, prioritising it for the analyst, said RSA.
V3.5 is designed to deliver scalability and integration with RSA Security Analytics that, coupled with RSA Advanced Incident Management for Security (AIMS), provides end-to-end security visibility and incident management, said RSA. This combination can be scaled across thousands of endpoints, offering security teams the capability to provide fast analysis and quick response to threats attacking through endpoint devices, stated the company.
“We did a lot around integrating ECAT with RSA Analytics,” said Risica. This is a more substantial release than V3.4, and really represents the first actual ECAT announcement, making sure people know what we have, she added.
With ECAT, RSA addresses a number of issues. Organizations need a way to detect advanced threats on the end point a lot faster, said Risica. “Customers really need to have that endpoint visibility… it’s crucial to understanding threat… that’s where ECAT fits in.”
The other important aspect is how do you introduce something that not only solves the problem but doesn’t impact the user and can be managed well, she asked. “What makes ECAT unique is the way it detects on end point… signature-less… analyzing live memory… looking at everything running in memory. In memory is where malware will start to do bad things.”
ECAT’s initial success was with the military and defence contractors, but over the last year it has seen greater adoption in the Global 2000, said Risica, anybody attacked or concerned about being attacked. “It’s very important that organizations understand the full story. It’s not about network visibility or endpoint visibility, but the power of both together.”
Back To The Other RSA News:
While RSA President Tom Heiser will move to the parent company to focus on EMC’s cloud computing initiatives, RSA Executive Chairman Art Coviello will assume his responsibilities temporarily. EMC executive Mark Quigley is moving the other way to become the company’s COO.
Announced in early July, the Aveksa acquisition is intended to enable RSA to automate the user identity lifecycle from a business-driven, rather than IT-driven, perspective and let it compete better with larger identity and access management players such as IBM, CA, Oracle and Dell. A couple of weeks later RSA further boosted its IAM portfolio with the acquisition of PassBan for its mobile and cloud-based multifactor authentication technology.