The RSA Security Analytics platform is comprised of two elements: the Capture Infrastructure and the Security Analytics Warehouse.
RSA Security Analytics Decoder
Decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position Decoder(s) on the network egress, core, or segment.
- The Packet Decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.
- The Log Decoder leverages Packet Decoder architecture for more than 200 devices and common log formats.
RSA Security Analytics Concentrator
Concentrator aggregates metadata from Decoders to enable scalability and flexibility across network topologies and geographies. They can be deployed in tiers to provide high availability for multiple Decoder locations.
RSA Security Analytics Broker/Analytic Server
The Broker/Analytic Server facilitates queries across multiple Concentrators. Broker provides a single point of access to Security Analytics metadata and operates and scales independently of network latency, throughput, or data volume. Analytic Server hosts the web server required for investigation, reporting, and administration.
RSA SECURITY ANALYTICS WAREHOUSE
Warehouse provides long-term archiving, forensics, analysis, and reporting. Leveraging Hadoop, it scales with storage capacity on a standardized hardware platform.